Package com.evolveum.midpoint.authentication.api

Interface OtpManager

public interface OtpManager

  • Method Details

    • isOtpAvailable

      <F extends FocusType> boolean isOtpAvailable(PrismObject<F> focus, Task task, OperationResult result)
      Check if OTP authentication module is available for the focus object. This method can be used to determine whether OTP credential can be created for the focus object and whether OTP authentication can be used for the focus object.
      Parameters:
      focus - the focus object for which the credential is being created. It is expected that the focus object is already persisted and has OID.
      task - task object for processing
      result - operation result for processing
      Returns:
      true if OTP authentication module is available for the focus object, false otherwise.

    • createOtpCredential

      <F extends FocusType> OtpCredentialType createOtpCredential(PrismObject<F> focus, Task task, OperationResult result)
      Create new OTP credential for the focus object. The credential is not persisted, it needs to be saved by the caller. The secret in the credential is not encrypted, it is caller's responsibility to encrypt it before saving.
      Parameters:
      focus - the focus object for which the credential is being created. It is expected that the focus object is already persisted and has OID.
      task - task object for processing
      result - operation result for processing
      Returns:
      new OTP credential with generated secret. The credential is not persisted, it needs to be saved by the caller.

    • createOtpAuthUrl

      <F extends FocusType> String createOtpAuthUrl(PrismObject<F> focus, OtpCredentialType credential, Task task, OperationResult result)
      Create OTP auth URL for the given credential. The URL can be used to generate QR code that can be scanned by authenticator app.
      Parameters:
      focus - the focus object for which auth url is being created. It is expected that the focus object is already persisted and has OID.
      credential - the OTP credential for which auth url is being created. It is expected that the credential has secret generated.
      task - task object for processing
      result - operation result for processing
      Returns:
      true if the code is correct, false otherwise.

    • verifyOtpCredential

      <F extends FocusType> boolean verifyOtpCredential(PrismObject<F> focus, OtpCredentialType credential, int code, Task task, OperationResult result)
      Verify the provided OTP code against the secret in the credential. If the code is correct, the credential is marked as verified.
      Parameters:
      focus - the focus object for which the code is being verified. It is expected that the focus object is already persisted and has OID.
      credential - the OTP credential against which the code is being verified.
      code - the OTP code to verify
      task - task object for processing
      result - operation result for processing
      Returns:
      true if the code is correct, false otherwise.