This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP JOTP Project"
(Created page with "=Main= <div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">link=</div> {| style="padding: 0;margin:0;margin-top:10px;t...") |
Rob Upcraft (talk | contribs) (→Description) |
||
| (19 intermediate revisions by 2 users not shown) | |||
| Line 6: | Line 6: | ||
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | ||
| − | ==OWASP | + | ==OWASP jOTP== |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | OWASP jOTP is a microservice implemented in Java that can be used to generate, validate, and automatically expire one-time use password tokens. | ||
==Description== | ==Description== | ||
| − | + | A common use case for jOTP is as follows: | |
| + | 1. Client applications displays a login page requesting the user enter his/her username and password. | ||
| + | 2. If the credentials check passes, the user's email is looked up and a message containing the token is sent. | ||
| + | 3. The application then requests that the OTP token that was sent be entered in a text box. Once entered, it is sent to jOTP. | ||
| + | 4. jOTP validates the token. If the token was valid, the application finishes authenticating the user. If the token was not valid, the user is redirected to the login page. | ||
| + | ==Licensing== | ||
| − | + | OWASP jOTP is available under the [http://opensource.org/licenses/BSD-2-Clause BSD 2-Clause License]. | |
| − | OWASP | ||
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | ||
| − | == What is | + | == What is jOTP? == |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | OWASP jOTP provides: | ||
| + | * OTP token generation, validation, and expiration. | ||
== Project Leader == | == Project Leader == | ||
| − | + | Rob Upcraft | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| Line 57: | Line 41: | ||
== Quick Download == | == Quick Download == | ||
| − | * | + | * [https://bintray.com/upcrob/generic/jOTP/_latestVersion Bintray Download] |
| + | * [https://github.com/upcrob/jOTP GitHub Repository] | ||
== Email List == | == Email List == | ||
| − | + | [https://lists.owasp.org/mailman/listinfo/owasp_jotp_project OWASP jOTP Mailing List] NOTE: Include "jOTP" in the subject heading of all emails to this list. | |
== News and Events == | == News and Events == | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| Line 80: | Line 60: | ||
|- | |- | ||
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]] | | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]] | ||
| − | |||
| − | |||
|- | |- | ||
| colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] | | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]] | ||
| Line 92: | Line 70: | ||
=FAQs= | =FAQs= | ||
| − | ; | + | ; Where can OWASP jOTP be downloaded? |
| − | : | + | : The source code, along with basic documentation, is located here: [https://github.com/upcrob/jOTP GitHub Repository] |
| − | ; | + | ; I can see the /sys/monitor endpoint, but when I try to test the other endpoints (eg. /otp/validate), I don't get anything in the response. |
| − | : | + | : The endpoints under /otp only respond to POST requests, and will return an empty response if they are requested via GET. |
= Acknowledgements = | = Acknowledgements = | ||
==Volunteers== | ==Volunteers== | ||
| − | + | OWASP jOTP is developed by a worldwide team of volunteers. The primary contributors to date have been: | |
| − | * | + | * Rob Upcraft |
| − | |||
| − | |||
| − | |||
| − | |||
= Road Map and Getting Involved = | = Road Map and Getting Involved = | ||
| − | As of | + | As of [https://www.owasp.org/index.php/Projects/OWASP_JOTP_Project/Roadmap April 2014], the priorities are: |
| − | |||
| − | |||
| − | |||
| − | Involvement in the development and promotion of | + | Development work for jOTP is largely complete as of now. Because it is intended to be lightweight and focused on this use case, the feature set is not planned to grow significantly, if at all. Most future work will include bug fixes, and additional customization options developed on an as-needed basis. |
| + | |||
| + | Involvement in the development and promotion of OWASP jOTP is actively encouraged! | ||
You do not have to be a security expert in order to contribute. | You do not have to be a security expert in order to contribute. | ||
| + | |||
Some of the ways you can help: | Some of the ways you can help: | ||
| − | * | + | * Submit issues to the GitHub repository. |
| − | * | + | * Submit pull requests for fixes to the GitHub repository. |
| − | + | ||
| − | |||
| − | |||
| − | |||
| − | |||
__NOTOC__ <headertabs /> | __NOTOC__ <headertabs /> | ||
| − | [[Category:OWASP Project | + | [[Category:OWASP Project]] |
Latest revision as of 22:36, 13 March 2016
OWASP jOTPOWASP jOTP is a microservice implemented in Java that can be used to generate, validate, and automatically expire one-time use password tokens. DescriptionA common use case for jOTP is as follows: 1. Client applications displays a login page requesting the user enter his/her username and password. 2. If the credentials check passes, the user's email is looked up and a message containing the token is sent. 3. The application then requests that the OTP token that was sent be entered in a text box. Once entered, it is sent to jOTP. 4. jOTP validates the token. If the token was valid, the application finishes authenticating the user. If the token was not valid, the user is redirected to the login page. LicensingOWASP jOTP is available under the BSD 2-Clause License.
|
What is jOTP?OWASP jOTP provides:
Project LeaderRob Upcraft
|
Quick DownloadEmail ListOWASP jOTP Mailing List NOTE: Include "jOTP" in the subject heading of all emails to this list. News and EventsClassifications
| |||||||
- Where can OWASP jOTP be downloaded?
- The source code, along with basic documentation, is located here: GitHub Repository
- I can see the /sys/monitor endpoint, but when I try to test the other endpoints (eg. /otp/validate), I don't get anything in the response.
- The endpoints under /otp only respond to POST requests, and will return an empty response if they are requested via GET.
Volunteers
OWASP jOTP is developed by a worldwide team of volunteers. The primary contributors to date have been:
- Rob Upcraft
As of April 2014, the priorities are:
Development work for jOTP is largely complete as of now. Because it is intended to be lightweight and focused on this use case, the feature set is not planned to grow significantly, if at all. Most future work will include bug fixes, and additional customization options developed on an as-needed basis.
Involvement in the development and promotion of OWASP jOTP is actively encouraged! You do not have to be a security expert in order to contribute.
Some of the ways you can help:
- Submit issues to the GitHub repository.
- Submit pull requests for fixes to the GitHub repository.
