How to work with One Time Password (OTP)?

T

tiger_132020-06-23 12:25:07

Python

tiger_13, 2020-06-23 12:25:07

Hello everyone, I am writing a backend in python (fastapi) for mob. Appendix. In mob. the application must implement verification of the mobile phone specified by the user (a 4-digit password is sent to the specified phone, the user must enter it in the application).

There is a PyOTP library. The mechanism of its +- work is clear, but there are some questions:
1. A secret is needed to generate otp. Am I generating my own secret for each user, or do I specify it once for the entire server?
2. There are TOTP and HOTP, which is the best one to use?

Let's say OTP is generated and sent to the phone, the user entered the code, the code is sent to the server for verification, how can I check it if the secrets are different for each user? Store secrets/OTP in the database?

Please help me figure it out as a little mess in my head

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry, 2020-06-23
@tiger_13

The database needs to store the code sent to the user.