13.2.1.2.11. SMS Token

class privacyidea.lib.tokens.smstoken.SmsTokenClass(db_token)[source]

The SMS token sends an SMS containing an OTP via some kind of gateway. The gateways can be an SMTP or HTTP gateway or the special sipgate protocol. The Gateways are defined in the SMSProvider Modules.

The SMS token is a challenge response token. I.e. the first request needs to contain the correct OTP PIN. If the OTP PIN is correct, the sending of the SMS is triggered. The second authentication must either contain the OTP PIN and the OTP value or the transaction_id and the OTP value.

Example 1st Authentication Request:

POST /validate/check HTTP/1.1
Host: example.com
Accept: application/json

user=cornelius
pass=otppin

Example 1st response:

HTTP/1.1 200 OK
Content-Type: application/json

{
   "detail": {
     "transaction_id": "xyz"
   },
   "id": 1,
   "jsonrpc": "2.0",
   "result": {
     "status": true,
     "value": false
   },
   "version": "privacyIDEA unknown"
 }

After this, the SMS is triggered. When the SMS is received the second part of authentication looks like this:

Example 2nd Authentication Request:

POST /validate/check HTTP/1.1
Host: example.com
Accept: application/json

user=cornelius
transaction_id=xyz
pass=otppin

Example 1st response:

HTTP/1.1 200 OK
Content-Type: application/json

{
   "detail": {
   },
   "id": 1,
   "jsonrpc": "2.0",
   "result": {
     "status": true,
     "value": true
   },
   "version": "privacyIDEA unknown"
 }
check_otp(*args, **kwds)[source]

check the otpval of a token against a given counter and the window

Parameters:passw (string) – the to be verified passw/pin
Returns:counter if found, -1 if not found
Return type:int
create_challenge(*args, **kwds)[source]

create a challenge, which is submitted to the user

Parameters:
  • transactionid – the id of this challenge
  • options – the request context parameters / data
Returns:

tuple of (bool, message and data) bool, if submit was successful message is submitted to the user data is preserved in the challenge attributes - additional attributes, which are displayed in the

output
classmethod get_class_info(key=None, ret='all')[source]

returns all or a subtree of the token definition

Parameters:
  • key (string) – subsection identifier
  • ret (user defined) – default return value, if nothing is found
Returns:

subsection if key exists or user defined

:rtype : s.o.

classmethod get_class_prefix()[source]
classmethod get_class_type()[source]

return the generic token class identifier

is_challenge_request(*args, **kwds)[source]

check, if the request would start a challenge

We need to define the function again, to get rid of the is_challenge_request-decorator of the HOTP-Token

Parameters:
  • passw – password, which might be pin or pin+otp
  • options – dictionary of additional request parameters
Returns:

returns true or false
update(*args, **kwds)[source]

process initialization parameters

Parameters:param (dict) – dict of initialization parameters
Returns:nothing