BoxLang 🚀 A New JVM Dynamic Language Learn More...
YubiKey Web Services API Client
Implements the YubiCo OTP Validation Protocol as outlined at https://developers.yubico.com/yubikey-val/Validation_Protocol_V2.0.html
Sends a One Time Password (OTP) via HTTP get to the YubiCo API server and returns a struct based on the response. For OTP see https://developers.yubico.com/OTP/OTPs_Explained.html
A Coldbox module or stand alone cfc of a client orginially written by Robert Dudley. See as well http://yubikey.riaforge.org/
For an introduction check the presenation Rob held on CFCamp 2018 https://www.slideshare.net/robcwdudley/secure-all-teh-things-add-2-factor-authentication-to-your-own-projects
This ColdBox Module can be installed using CommandBox:
box install cbYubikey
To do a quick test call from your browser: http://yourServer/cbYubikey/views/home/index.cfm
yubicoObj = createObject("Component","cbYubiKey.models.yubicoAuthClient").init();
// verify the OTP = One Time Password generated by YubiKey
// returns a response object
yr = yubicoObj.verify(form.yubiKeyOTP);
if( yr.isValid() ) {
// match with public id attached to your user
var matchWith = yr.getPublicId();
// do something
} else {
writeDump( yr.getStatusMessage() );
}
To do a quick test call from your browser: http://yourServer/cbYubikey
/**
* A normal ColdBox Event Handler
*/
component{
property name="yubiclient" inject="yubicoAuthClient@cbYubikey";
function index(event,rc,prc){
// verify the OTP = One Time Password generated by YubiKey
// returns a response object
var yr = yubiclient.verify(rc.yubiKeyOTP);
if( yr.isValid() ) {
// match with public id attached to your user
var matchWith = yr.getPublicId();
// do something
} else {
writeDump( yr.getStatusMessage() );
}
}
}
$
box install cbYubikey