WeeChat DevCenter

Tag - authentication

Entries feed

Monday, January 14 2019

Support of TOTP

TOTP (Time-based One-Time Password) support has been added in WeeChat, which can now generate and check TOTP validity.

A TOTP is generated with:

  • the secret (encoded in base 32),
  • the time (by default 0, which is the current time),
  • the number of digits (4 to 10 digits are supported, 6 is the default and recommended value).

Relay plugin

The TOTP can be used as second authentication factor in the relay plugin, with two new options:

  • relay.network.totp_secret: the TOTP secret, encoded in base 32
  • relay.network.totp_window: the allowed window: number of TOTP allowed before and after the current time window.

For example to set the secret using secured data (just replace "xxxxx" by your secret in base 32):

/secure set relay_totp_secret xxxxx
/set relay.network.totp_secret "${sec.data.relay_totp_secret}"

Then your relay client must support and send the TOTP value, in addition to the password, in the "init" command:

init password=secretpassword,totp=123456

If the password is valid and that TOTP is valid for the current time, the authentication is successful.

Infos / eval

You can also generate or validate TOTP with two new infos in WeeChat:

  • totp_generate: generate a TOTP
  • totp_validate: validate a TOTP

For example to show the value of TOTP for the secret "secretbase32", current time, with 6 digits:

/eval -n ${info:totp_generate,secretbase32,0,6}

Documentation

You can read more about TOTP in the docs: