TOTP Token

class privacyidea.lib.tokens.totptoken.TotpTokenClass(*args, **kwds)[source]
check_otp(*args, **kwds)[source]

validate the token otp against a given otpvalue

  • anOtpVal (string) – the to be verified otpvalue
  • counter – the counter state, that should be verified. For TOTP

this is the unix system time (seconds) divided by 30/60 :type counter: int :param window: the counter +window (sec), which should be checked :type window: int :param options: the dict, which could contain token specific info :type options: dict :return: the counter or -1 :rtype: int

check_otp_exist(*args, **kwds)[source]

checks if the given OTP value is/are values of this very token at all. This is used to autoassign and to determine the serial number of a token. In fact it is a check_otp with an enhanced window.

  • otp (string) – the to be verified otp value
  • window (int) – the lookahead window for the counter in seconds!!!

counter or -1 if otp does not exist

Return type:


classmethod get_class_info(*args, **kwds)[source]

returns a subtree of the token definition

  • key (string) – subsection identifier
  • ret (user defined) – default return value, if nothing is found

subsection if key exists or user defined

Return type:

dict or scalar

classmethod get_class_prefix()[source]

Return the prefix, that is used as a prefix for the serial numbers. :return: TOTP

classmethod get_class_type()[source]

return the token type shortname

Return type:string
get_multi_otp(*args, **kwds)[source]

return a dictionary of multiple future OTP values of the HOTP/HMAC token

  • count (int) – how many otp values should be returned
  • epoch_start – not implemented
  • epoch_end – not implemented
  • curTime (datetime) – Simulate the servertime
  • timestamp (epoch time) – Simulate the servertime

tuple of status: boolean, error: text and the OTP dictionary

get_otp(current_time=None, do_truncation=True, time_seconds=None, challenge=None)[source]

get the next OTP value

Parameters:current_time – the current time, for which the OTP value

should be calculated for. :type current_time: datetime object :param time_seconds: the current time, for which the OTP value should be calculated for (date +%s) :type: time_seconds: int, unix system time seconds :return: next otp value, and PIN, if possible :rtype: tuple

resync(*args, **kwds)[source]

resync the token based on two otp values external method to do the resync of the token

  • otp1 (string) – the first otp value
  • otp2 (string) – the second otp value
  • options (dict or None) – optional token specific parameters

counter or -1 if otp does not exist

Return type:


resyncDiffLimit = 1
update(*args, **kwds)[source]

This is called during initialzaton of the token to add additional attributes to the token object.

Parameters:param (dict) – dict of initialization parameters