Phauxth v0.11.0 Phauxth.Otp

Module to handle one-time passwords, usually for use in two factor authentication.

Database options

There are two options:

  • repo - the repo to be used

    • the default is MyApp.Repo
  • user_schema - the user schema to be used

    • the default is MyApp.Accounts.User

One-time password options

There are the following options for the one-time passwords:

  • HMAC-based one-time passwords

    • token_length - the length of the one-time password

      • the default is 6
    • last - the count when the one-time password was last used

      • this count needs to be stored server-side
    • window - the number of future attempts allowed

      • the default is 3
  • Time-based one-time passwords

    • token_length - the length of the one-time password

      • the default is 6
    • interval_length - the length of each timed interval

      • the default is 30 (seconds)
    • window - the number of attempts, before and after the current one, allowed

      • the default is 1 (1 interval before and 1 interval after)

See the documentation for the Comeonin.Otp module for more details about generating and verifying one-time passwords.

Summary

Functions

Check the one-time password, and return {:ok, user} if the one-time password is correct or {:error, message} if there is an error

Functions

verify(params, opts \\ [])

Check the one-time password, and return {:ok, user} if the one-time password is correct or {:error, message} if there is an error.

After this function has been called, you need to either add the user to the session, by running put_session(conn, :user_id, id), or send an API token to the user.

See the One-time password options in this module’s documentation for available options to be used as the second argument to this function.

Examples

In the example below, Phauxth.Otp.verify is called within the create function in the controller.

def create(conn, %{"otp_session" => params}) do
  case Phauxth.Otp.verify(params) do
    {:ok, user} -> handle_successful_otp_login
    {:error, message} -> handle_error
  end
end