Phauxth v0.8.1 Phauxth.Otp

Module to handle one-time passwords, usually for use in two factor authentication.

Phauxth.Otp checks the one-time password, and returns a phauxth_user message (the user model) if the one-time password is correct or a phauxth_error message if there is an error.

After this function has been called, you need to either add the user to the session, by running put_session(conn, :user_id, id), or send an API token to the user.

Options

There are the following options for the one-time passwords:

  • HMAC-based one-time passwords

    • token_length - the length of the one-time password

      • the default is 6
    • last - the count when the one-time password was last used

      • this count needs to be stored server-side
    • window - the number of future attempts allowed

      • the default is 3
  • Time-based one-time passwords

    • token_length - the length of the one-time password

      • the default is 6
    • interval_length - the length of each timed interval

      • the default is 30 (seconds)
    • window - the number of attempts, before and after the current one, allowed

      • the default is 1 (1 interval before and 1 interval after)

See the documentation for the Comeonin.Otp module for more details about generating and verifying one-time passwords.

Examples

Add the following line to your controller to call Otp with the default values:

plug Phauxth.Otp when action in [:login_twofa]

And to set the token length to 8 characters:

plug Phauxth.Otp, [token_length: 8] when action in [:login_twofa]