This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP JOTP Project"

From OWASP

Jump to: navigation, search

Latest revision as of 22:36, 13 March 2016

OWASP jOTP

OWASP jOTP is a microservice implemented in Java that can be used to generate, validate, and automatically expire one-time use password tokens.

Description

A common use case for jOTP is as follows: 1. Client applications displays a login page requesting the user enter his/her username and password. 2. If the credentials check passes, the user's email is looked up and a message containing the token is sent. 3. The application then requests that the OTP token that was sent be entered in a text box. Once entered, it is sent to jOTP. 4. jOTP validates the token. If the token was valid, the application finishes authenticating the user. If the token was not valid, the user is redirected to the login page.

Licensing

OWASP jOTP is available under the BSD 2-Clause License.

What is jOTP?

OWASP jOTP provides:

OTP token generation, validation, and expiration.

Project Leader

Rob Upcraft

Quick Download

Email List

OWASP jOTP Mailing List NOTE: Include "jOTP" in the subject heading of all emails to this list.

News and Events

Classifications

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_JOTP_Project&oldid=211057"

Category:

OWASP Project

@@ Line 8: / Line 8: @@
 ==OWASP jOTP==
-OWASP jOTP is a microservice implemented in Java that can be used to generate, validate, and automatically expire one-time use password tokens.  This tool can be used in scenarios that require multi-factor authentication, but do not allow for more expensive / complex solutions that require physical tokens (magnetic id cards, RSA hard tokens, etc).  Tokens generated may be sent either via email or SMS text message to end users.
+OWASP jOTP is a microservice implemented in Java that can be used to generate, validate, and automatically expire one-time use password tokens.
 ==Description==
 A common use case for jOTP is as follows:
-. Client web application displays login page to user.
+. Client applications displays a login page requesting the user enter his/her username and password.
-. User enters username, password, and cell phone number.
+. If the credentials check passes, the user's email is looked up and a message containing the token is sent.
-. Client application makes a call to jOTP, which subsequently generates a token and sends it to the user's cell phone.
+. The application then requests that the OTP token that was sent be entered in a text box. Once entered, it is sent to jOTP.
-. The user receives the token, and enters it on the login page.
+. jOTP validates the token. If the token was valid, the application finishes authenticating the user. If the token was not valid, the user is redirected to the login page.
-. The client application contacts jOTP to validate the token.  If the token was valid, along with the username/password (validated separately), the user is logged in.
 ==Licensing==

Difference between revisions of "OWASP JOTP Project"

Latest revision as of 22:36, 13 March 2016

OWASP jOTP

Description

Licensing

What is jOTP?

Project Leader

Quick Download

Email List

News and Events

Classifications

Volunteers

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools