Difference between revisions of "OWASP JOTP Project"

OWASP jOTP

OWASP jOTP is a lightweight web application, implemented in Java as a small set of RESTful services, that can be used to generate, validate, and automatically expire one-time use password tokens. This tool could be useful in scenarios that require multi-factor authentication, but do not allow for more expensive / complex solutions that require physical tokens (magnetic id cards, RSA hard tokens, etc). Tokens generated may be sent either via email or SMS text message to end users.

Description

A common use case for jOTP is as follows: 1. Client web application displays login page to user. 2. User enters username, password, and cell phone number. 3. Client application makes a call to jOTP, which subsequently generates a token and sends it to the user's cell phone. 4. The user receives the token, and enters it on the login page. 5. The client application contacts jOTP to validate the token. If the token was valid, along with the username/password (validated separately), the user is logged in.

Licensing

OWASP jOTP is available under the BSD 2-clause license.

What is JOTP?

OWASP JOTP provides:

• OTP token generation, validation, and expiration.

Project Leader

Robert Upcraft

Quick Download

• GitHub Repository

Email List

OWASP JOTP Mailing List

News and Events

Classifications