I'm glad you saw my message - if nothing else just so you know this project is appreciated.
I've got it working with Google's Authenticator. I had initially planned to use another project out there for my OTP needs (there's a small number of them that work 'out of the box') because yours took a little extra effort to hook up. I ended up going back and using yours though because it's truly in another class. I have the basics working right now. I have a couple of questions - I'm trying to make a self service system for allowing users to enable two factor authentication. If I loop django_otp.devices_for_user to allow them to manage their existing devices, It's hard to link to a details page for each device. It might help to have a get_absolute_url() defined on the model (which can be overridden is settings). Right now I'm piping it to a template filter using ContentTypes. TBH, I'm pretty new to dealing with this pattern so I might be thinking about it wrong. Lastly, what I'll probably end up doing is building a decorator that basically says "require two factor auth if they have it turned on". I guess if I had a wishlist it would be to see a baseline for allowing uses to manage their own OTP devices as well as that decorator built in. I understand it's probably out of the scope of what you have right now. I'd still like like to see something that ties it up nicely. That's basically what I'm building right now except I don't trust my build to work in anyone else's setup - although if I have time I'll see if I can go back and refactor it. Anyways, thanks again for the work you've done - it's outstanding. On Monday, July 1, 2013 9:26:06 PM UTC-7, Peter Sagerson wrote: > > Thanks, I'm glad you like it. I can look into some kind of demo, although > Authenticator support is pretty simple. The documentation already links to > Google's URI scheme[1], which has all of the details. All you have to do is > create a TOTP or HOTP device (usually the former), encode the key with > base32, build a URI as documented, and render a QR code for the user to > scan. Alternatively, the user can also type the base32-encoded key in > manually. > > > [1] http://code.google.com/p/google-authenticator/wiki/KeyUriFormat > [2] https://pypi.python.org/pypi/qrcode > > > On Jun 28, 2013, at 10:23 AM, Jason Arnst-Goodrich > <good...@gmail.com<javascript:>> > wrote: > > > I just stumbled on this and it looks absolutely amazing. I do have one > request though: can we get a sample project up that uses Google's > authenticator (or anything else). > > > > This looks like the best solution for two factor authentication for > Django but I don't think many people will know where to start when it comes > to using it (myself included). > > > > On Wednesday, September 12, 2012 1:27:26 PM UTC-7, Peter Sagerson wrote: > > I recently released a suite of packages to support two-factor > authentication in Django by way of one-time passwords. > > > > The core package is django-otp, which defines the framework and provides > all of the shared APIs. Integration is possible at several levels, from > low-level APIs (devices_for_user(), match_token(), etc.); to an > AuthenticationForm subclass; to a replacement for Django's login view and > an OTP-enabled admin site. Other niceties include the otp_required > decorator, an analog to login_required. This is not an authentication > backend: although it depends on django.contrib.auth for modeling purposes, > it operates independently of the normal authentication machinery. > > > > A given user may have zero or more OTP devices against which we can > verify a one-time password. The core project includes Django apps that > implement common devices such as HOTP and TOTP (compatible with Google > Authenticator, among others) and static passwords (typically used as backup > codes). The former include standard features such as tolerance and drift. > Separately, django-otp-yubikey provides support for YubiKey devices > (locally or remotely verified). django-otp-twilio provides support for > Twilio's SMS service for delivering codes by SMS. Implementing support for > additional mechanisms is as simple as subclassing an abstract model class > and implementing a verification method (and optionally a challenge method). > Raw implementations of HOTP and TOTP are provided for convenience along > with a few other generally useful utility functions. > > > > As a companion to these, I've also released django-agent-trust, which > uses Django 1.4's signed key APIs to tag user-agents that the user has > identified as trustworthy. In other words, this implements the "This is a > private/shared computer" option one often sees on sensitive sites. Features > include revocation and expiration (both absolute and by inactivity; > globally, per-user, and per-agent). django-otp-agents is a project that > glues together django-otp and django-agent-trust to assign trust to > user-agents by way of two-factor authentication (one of the most common > scenarios, it seems). > > > > Documentation: django-otp, django-otp-yubikey, django-otp-twilio, > django-agent-trust, django-otp-agents > > Bitbucket: django-otp, django-agent-trust > > > > As always, the as-is clause in the BSD license isn't kidding. It's early > days for these yet and while everything has been carefully documented and > unit-tested, not all of the code has had contact with the real world. > Feedback is always welcome. The Google group > https://groups.google.com/forum/#!forum/django-otp is available for > discussion and questions. > > > > Thanks, > > Peter > > > > -- > > You received this message because you are subscribed to a topic in the > Google Groups "Django users" group. > > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/django-users/b47ONAEWFos/unsubscribe. > > To unsubscribe from this group and all its topics, send an email to > django-users...@googlegroups.com <javascript:>. > > To post to this group, send email to > > django...@googlegroups.com<javascript:>. > > > Visit this group at http://groups.google.com/group/django-users. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. For more options, visit https://groups.google.com/groups/opt_out.
