TOTP (Time-based One-Time Password) authentication for Django REST Framework
Project description
DRF-TOTP
TOTP (Time-based One-Time Password) authentication for Django REST Framework.
๐ Complete Workflow
User Registration Flow
โโโโโโโโโโโโโโโโโโโ
โ Sign Up โ
โโโโโโโโโโฌโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ
โ POST /generate/โโโโโโโถโ Scan QR Code โ
โโโโโโโโโโฌโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ
โ โ
โ โ
โผ โผ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโ
โ Enter 6-digit โ โ Open Authenticator โ
โ Token โ โ App (Google/ โ
โโโโโโโโโโฌโโโโโโโโโ โ Authy/etc) โ
โ โโโโโโโโโโโโโโโโโโโโโโโ
โผ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ POST /verify/ โโโโโโโถโ DB: is_confirmed = True โ
โโโโโโโโโโฌโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โ
2FA Enabled
Login Flow (with 2FA)
โโโโโโโโโโโโโโโโโโโ
โ Username & โ
โ Password โ
โโโโโโโโโโฌโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ
โ GET /status/ โโโโโโโถโ TOTP Enabled? โ
โโโโโโโโโโฌโโโโโโโโโ โโโโโโโโโโฌโโโโโโโโโโ
โ โ
โ Yes โ
โผ โผ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ
โ POST /validate/ โโโโโโโโ Enter 6-digit โ
โ {token:123456} โ โ TOTP Code โ
โโโโโโโโโโฌโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ
โ
โผ
โ
Grant Access
Disable 2FA Flow
โโโโโโโโโโโโโโโโโโโ
โ User Settings โ
โโโโโโโโโโฌโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ
โ POST /disable/ โโโโโโโโ Enter Current โ
โ {token:123456} โ โ TOTP Token โ
โโโโโโโโโโฌโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ DB: Delete TOTPDevice โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
โผ
โ 2FA Disabled
Features
- Generate TOTP secrets for users
- Verify TOTP tokens
- Enable/disable TOTP authentication
- Check TOTP status
- Validate TOTP tokens
Installation
pip install drf-totp
Quick Start
- Add "drf_totp" to your INSTALLED_APPS setting:
INSTALLED_APPS = [
...
'rest_framework',
'drf_totp',
]
- Include the TOTP URLconf in your project urls.py:
path('auth/', include('drf_totp.urls')),
- Run migrations:
python manage.py migrate
Settings
Add these to your Django settings:
# Optional: Set your TOTP issuer name (defaults to "drftotp")
TOTP_ISSUER_NAME = "Your App Name"
API Endpoints
POST /auth/otp/generate/: Generate new TOTP secretPOST /auth/otp/verify/: Verify and enable TOTPGET /auth/otp/status/: Get TOTP statusPOST /auth/otp/disable/: Disable TOTPPOST /auth/otp/validate/: Validate TOTP token
Usage Example
import axios from "axios";
// Generate TOTP
export async function generateTotp() {
try {
const response = await axios.post("/auth/otp/generate/");
const { secret, otpauth_url } = response.data;
return { secret, otpauth_url };
} catch (error) {
console.error("Error generating TOTP:", error);
throw error;
}
}
// Verify TOTP
export async function verifyTotp(token) {
try {
const response = await axios.post("/auth/otp/verify/", { token });
return response.data;
} catch (error) {
console.error("Error verifying TOTP:", error);
throw error;
}
}
// Check Status
export async function checkStatus() {
try {
const response = await axios.get("/auth/otp/status/");
return response.data;
} catch (error) {
console.error("Error checking status:", error);
throw error;
}
}
// Validate TOTP
export async function validateTotp(token) {
try {
const response = await axios.post("/auth/otp/validate/", { token });
return response.data;
} catch (error) {
console.error("Error validating TOTP:", error);
throw error;
}
}
License
MIT License - see LICENSE file for details.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
drf_totp-0.1.5.tar.gz
(6.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file drf_totp-0.1.5.tar.gz.
File metadata
- Download URL: drf_totp-0.1.5.tar.gz
- Upload date:
- Size: 6.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f1551f251de7e6929ed234c7b3806ecfeee02b7de129d0e783d294e870d3001b
|
|
| MD5 |
d70321b8e0cceae08e57596a81feb80f
|
|
| BLAKE2b-256 |
4adf1a4910cf40b0003ada6fdeacaac3a873158860736d9a3a990a1fa8056198
|
File details
Details for the file drf_totp-0.1.5-py3-none-any.whl.
File metadata
- Download URL: drf_totp-0.1.5-py3-none-any.whl
- Upload date:
- Size: 8.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
09a82fd08e55369628fb1140c345595a62e64b9a0010b42a6d0a62911200b4c7
|
|
| MD5 |
d91716b55d5ca52683835a4e6da9aab9
|
|
| BLAKE2b-256 |
74d4733fcfb55377574e15a4c877c58133e4456038bc48948c594645b3800fce
|
