Re: ANN: django-otp and friends: one-time passwords and trusted agents

I imagine that would work. Generally speaking, if you want to use a multi-page flow to atomically mutate some state (in this case auth status), you're pretty much into form wizard territory. For specific scenarios, there may be workarounds--potentially a bit sneaky and underhanded--that produce

Re: ANN: django-otp and friends: one-time passwords and trusted agents

I thought about that and I didn't like that it logged them in if they failed the OTP token. I'll probably use it for now. The only reason being I want them to do it in a single "attempt session". If they login half way and leave for a couples minutes I want them to supply the regular login

Re: ANN: django-otp and friends: one-time passwords and trusted agents

Hi Jason, The two-step verification flow should be a cinch. Try something like this: @login_required @otp_required(if_configured=True) def protected_view(request): ... I'm not sure I followed the question about the password field, although there is some deliberate behavior here (see

Re: ANN: django-otp and friends: one-time passwords and trusted agents

After being sidetracked with unrelated work I'm finally back to implementing the OTP stuff. Just to update you on how I decided to go about the 'self service' side of things - I'm basically using django-otp unchanged and I'm adding an AuthProfile model that users have some control of. This is

Re: ANN: django-otp and friends: one-time passwords and trusted agents

I took part of this conversation offline to spare the list from the gory details, but the upshot was that verifying an OTP is logically a mutating operation on the verifying device, and thus is not really valid on an unsaved model object. I posted an update to the documentation to clarify.

Re: ANN: django-otp and friends: one-time passwords and trusted agents

I think I found one more nicety to add. The following is the verify_token method for TOTPDevice: def verify_token(self, token): OTP_TOTP_SYNC = getattr(settings, 'OTP_TOTP_SYNC', True) try: token = int(token) except StandardError: verified =

Re: ANN: django-otp and friends: one-time passwords and trusted agents

I'm glad you saw my message - if nothing else just so you know this project is appreciated. I've got it working with Google's Authenticator. I had initially planned to use another project out there for my OTP needs (there's a small number of them that work 'out of the box') because yours took

Re: ANN: django-otp and friends: one-time passwords and trusted agents

Thanks, I'm glad you like it. I can look into some kind of demo, although Authenticator support is pretty simple. The documentation already links to Google's URI scheme[1], which has all of the details. All you have to do is create a TOTP or HOTP device (usually the former), encode the key with

Re: ANN: django-otp and friends: one-time passwords and trusted agents

I just stumbled on this and it looks absolutely amazing. I do have one request though: can we get a sample project up that uses Google's authenticator (or anything else). This looks like the best solution for two factor authentication for Django but I don't think many people will know where to

Re: ANN: django-otp and friends: one-time passwords and trusted agents

This seems to be a *very* promising project! : ) Le mercredi 12 septembre 2012 22:27:26 UTC+2, psagers a écrit : > > I recently released a suite of packages to support two-factor > authentication in Django by way of one-time passwords. > > The core package is django-otp

ANN: django-otp and friends: one-time passwords and trusted agents

I recently released a suite of packages to support two-factor authentication in Django by way of one-time passwords. The core package is django-otp , which defines the framework and provides all of the shared APIs. Integration is possible at several