Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Google Authenticator

Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Google Authenticator, etc.

The server contains the following end-points:

  • /authenticate to authenticate user and return a valid JWT token via HTTP POST request
  • /verify-otp performs OTP authentication with OTP provider (Google Authenticator) and return a valid OTP token
  • /protected provides authorized user access to protected data

You should install Google Authenticator or similar OTP authenticator on your smart phone.

To build and run server just do the following:

# build server code
go build

# run server, by default it runs on port 12345 and use static area
./2fa-server

# to customize your server create JSON configuration file
cat > server.json << EOF
{"port":12345, "static": "/my/path/static"}
EOF
# and now you can run it as following
./2fa-server -config server.json

The server stores user data into SQLite DB (basically user's name/secret pairs) and generate QR code image file(s) in user's static area.

The data flow can be represented as following:

# Step 1: install Google Authenticator on your phone

# Step 2: visit our server to get QR code for specific user=UserName
# here code should be imporved to provide user's registration, so far
# any user name is accepted, please change UserName to whatever you like
http://localhost:12345/qr?user=UserName

# Step 3: scan QR code and open URL. It will add new entry into Google Authenticator
# now we are ready to use it with our app

# Step 4: get token
curl -X POST "http://localhost:12345/authenticate?user=UserName"
# it returns server token in JSON format
{"token":"eyJhb..."}

# Step 5: now visit Google Authenticator to obtain new code

# Step 6: authenticate with our server using OTP (One-Time Password) code
# obtained from a previous step
curl -X POST -H "Authorization: Bearer $token" -H "Content-Type: application/json" "http://localhost:12345/verify-otp?user=UserName" -d '{"otp":"383878"}'
# it returns new token from otp secure code generated by Google Authenticator
"eyJhbG..."

# Step 7: call protected API using new OTP token
otpToken="eyJhbG..."
curl -H "Authorization: Bearer $otpToken" "http://localhost:12345/protected?user=UserName"
# if everything is fine you'll see the following data with proper password for the user
{"authorized":true,"password":"XXXYYYZZ","username":"UserName"}

References

Owner
Valentin Kuznetsov
Data Scientist Programmer Researcher
Valentin Kuznetsov
Similar Resources

2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.

2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.

zauth zauth is a 2FA (Two-Factor Authentication) application for terminal written in Go. Features Supports both TOTP and HOTP codes. Add new entries d

Nov 27, 2022

Add MFA/2FA support in your CLI

go-oauth-cli-client Add MFA/2FA support in your CLI for IDPs that support OAuth 2.0 Authorization Code Flow Features MFA/2FA with minimal user interac

Mar 23, 2022

HTTP-server-with-auth# HTTP Server With Authentication

HTTP-server-with-auth# HTTP Server With Authentication Introduction You are to use gin framework package and concurrency in golang and jwt-go to imple

Nov 9, 2022

Goauth - Basic username password cookie based authentication with Go Lang

goauth [WIP] Basic username password cookie based authentication with Go Lang Overview Use a Postgres DB to store Sign-in and Sign-up info Redis for c

Jan 4, 2022

Server bridging Google's OAuth and service using Radius for authentication

Fringe Fringe is an easy workaround for Google Workplace users who need a Radius server to perform authentication on behalf of other services (e.g. 80

Mar 7, 2022

simple-jwt-provider - Simple and lightweight provider which exhibits JWTs, supports login, password-reset (via mail) and user management.

Simple and lightweight JWT-Provider written in go (golang). It exhibits JWT for the in postgres persisted user, which can be managed via api. Also, a password-reset flow via mail verification is available. User specific custom-claims also available for jwt-generation and mail rendering.

Dec 18, 2022

Onetime-Password generator sample writte in Go.

Go OTP Sample Goのgithub.com/pquerna/otpを使用したワンタイムパスワード生成実験 実験方法 Google Authenticator Microsoft Authenticator 1password 以上、3つのワンタイムパスワード生成器を利用し、ハッシュアルゴ

Nov 27, 2021

Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support

Provides AWS STS credentials based on Google Apps SAML SSO auth with interactive GUI support

What's this This command-line tool allows you to acquire AWS temporary (STS) credentials using Google Apps as a federated (Single Sign-On, or SSO) pro

Sep 29, 2022

Basic and Digest HTTP Authentication for golang http

HTTP Authentication implementation in Go This is an implementation of HTTP Basic and HTTP Digest authentication in Go language. It is designed as a si

Dec 22, 2022
Comments
  • Invalid barcode on APP

    Invalid barcode on APP

    Hi, trying the 2fa-server I always get this error scanning the QR.

    Invalid barcode

    The barcode 'otpauth://totp/GPM:deferbot? secret=LJEU2MLVNU======&issuer=GPM' is not a valid authentication token barcode.

    Try again

Time-Based One-Time Password (TOTP) and HMAC-Based One-Time Password (HOTP) library for Go.

otpgo HMAC-Based and Time-Based One-Time Password (HOTP and TOTP) library for Go. Implements RFC 4226 and RFC 6238. Contents Supported Operations Read

Dec 19, 2022
Generate a generic library of 2FA tokens compatible with Google Authenticator

towfa Generate a generic library of 2FA tokens compatible with Google Authenticator go get -u github.com/golandscape/twofa $twofa "you secret" result:

Mar 23, 2022
Go implementation of OTP (One-time-password). SMS send async (goroutine)

Go-OTP Go realization to otp authentication Stack: Redis (Save OTP and token) Go SMS provider (Megafon as example) Schema: User send phonenumber (ex.7

Dec 14, 2021
Go library for one-time passwords, supports HOPT and TOPT (Google Authenticator compatible)

GoTP: One-time password library for Go GoTP library provides implementations of one-time password generators and validators. This implemantation suppo

Oct 5, 2022
Implementation of RFC-6238 (Time-Based One-Time Password Algorithm) in Go.

TOTP TOTP (RFC-6238) implementation in Go with no external dependencies. INSTALL You can do little copying the totp.go file or add this package as Go

Jan 18, 2022
Google Authenticator for Go

This is a Go implementation of the Google Authenticator library. Copyright (c) 2012 Damian Gryski [email protected] This code is licensed under the Ap

Dec 31, 2022
A tool to manage accounts and codes of Google Authenticator.

A tool to manage accounts and codes of Google Authenticator.

Sep 10, 2021
One time password for Go.

otp One time password for Go. Features Simple API. Dependency-free. Clean and tested code. HOTP RFC 4226. TOTP RFC 6238. See GUIDE.md for more details

May 16, 2022
Terraform utility provider for generating Time-Based One-Time Passwords (TOTPs)

Terraform TOTP Provider The TOTP provider is a utility provider, which allows for generating Time-Based One-Time Passwords (TOTP) following the RFC 62

Nov 19, 2022
a Framework for creating mesh networks using technologies and design patterns of Erlang/OTP in Golang
a Framework for creating mesh networks using technologies and design patterns of Erlang/OTP in Golang

Ergo Framework Implementation of Erlang/OTP in Golang. Up to x5 times faster than original Erlang/OTP. The easiest drop-in replacement for your hot no

Jan 5, 2023