WARNING about Google Authenticator (iOS / Android APP)
There are no account backups in any of the apps by design.
You can not export account information from Google Authenticator APP after you scaned QR code. You need to save the qrcode as backup by yourself.
Implement OTP in Python
Install pyotp and qrcode
# Required by qrcode
pip3 install --user pillow
pip3 install --user qrcode
pip3 install --user pyotp
Usage
import pyotp
import qrcode
email = "[email protected]"
issuer = "zodwicd"
# Generate a base32 Secret Key
secret = pyotp.random_base32()
# Create a Time-based OTP object
totp = pyotp.TOTP(secret)
# Generate a Google Authenticator Compatible secret which can be encoded into a QR code,
# So you can scan the QR code in Google Authenticator
otp_secret_url = pyotp.totp.TOTP(secret).provisioning_uri(email, issuer_name=issuer)
# Returns something like 'otpauth://totp/zodwicd:service%40zodwicd.com?secret=X7X3XX7X3KXCXPIT&issuer=zodwicd'
# Note: The secret is inside the otp_secret_url and hence inside the qrcode image.
# Generate QR code using 'qrcode'
qr = qrcode.QRCode(
version=1,
error_correction=qrcode.constants.ERROR_CORRECT_L,
box_size=10,
border=4,
)
qr.add_data(otp_secret_url)
# https://github.com/lincolnloop/python-qrcode/blob/92e3f59be274899fb3c0c09de3c8e0b2213eb181/qrcode/main.py#L83
qr.make(fit=True)
image = qr.make_image(fill_color="black", back_color="white")
image.save("qrcode.png")
# Get a OTP
otp = totp.now()
# Verify a OTP
totp.verify(otp) # => True
Reference
- Download Google Authenticator for Android
- Google Authenticator for iOS
- Google Authenticator in Github
- Key Uri Format
- PyOTP - The Python One-Time Password Library
- Pure python QR Code generator
- 谷歌验证 (Google Authenticator) 的实现原理是什么?
- HMAC-Based One-time Password (HOTP) algorithm
- Time-based One-time Password (TOTP) algorithm