Merge pull request #9 from mrobinsn/master

Added method to get the secret out for clients which do not support QR code scanning
sec51 · Dec 13, 2017 · d22311d · d22311d
2 parents 7018945 + 92de2f4
commit d22311d
Showing 1 changed file with 13 additions and 4 deletions.
diff --git a/totp.go b/totp.go
@@ -12,16 +12,17 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
-	"github.com/sec51/convert"
-	"github.com/sec51/convert/bigendian"
-	"github.com/sec51/cryptoengine"
-	qr "github.com/sec51/qrcode"
 	"hash"
 	"io"
 	"math"
 	"net/url"
 	"strconv"
 	"time"
+
+	"github.com/sec51/convert"
+	"github.com/sec51/convert/bigendian"
+	"github.com/sec51/cryptoengine"
+	qr "github.com/sec51/qrcode"
 )
 
 const (
@@ -270,6 +271,14 @@ func calculateToken(counter []byte, digits int, h hash.Hash) string {
 	return fmt.Sprintf(fmtStr, mod)
 }
 
+// Secret returns the underlying base32 encoded secret.
+// This should only be displayed the first time a user enables 2FA,
+// and should be transmitted over a secure connection.
+// Useful for supporting TOTP clients that don't support QR scanning.
+func (otp *Totp) Secret() string {
+	return base32.StdEncoding.EncodeToString(otp.key)
+}
+
 // URL returns a suitable URL, such as for the Google Authenticator app
 // example: otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example
 func (otp *Totp) url() (string, error) {