This project makes it easy to add support for one-time passwords (OTPs) to Django. It can be
integrated at various levels, depending on how much customization is required.
It integrates with
django.contrib.auth, although it is not a Django
authentication backend. The primary target is developers wishing to incorporate
OTPs into their Django projects as a form of two-factor authentication.
Several simple OTP plugins are included and more are available separately. This package also includes an implementation of OATH HOTP and TOTP for convenience, as these are standard OTP algorithms used by multiple plugins.
If you’re looking for a higher-level or more opinionated solution, you might be interested in django-two-factor-auth.
This project is stable and maintained, but is no longer actively used by the author and is not seeing much ongoing investment. Anyone interested in taking over aspects of the project should contact me.
Well-formed issues and pull requests are welcome, but please see the Contributing section of the README first.
- Overview and Key Concepts
- Authentication and Authorization
- Extending Django-OTP
- Change Log
- v1.1.1 - September 14, 2021 - Throttling message fix
- v1.1.0 - September 13, 2021 - Concurrent verification
- v1.0.6 - May 28, 2021 - Email customization
- v1.0.5 - May 08, 2021 - config_url fix
- v1.0.4 - April 28, 2021 - Dark mode fix
- v1.0.3 - April 03, 2021 - Email body template path setting
- v1.0.2 - October 23, 2020 - Email body template path setting
- v1.0.1 - October 06, 2020 - Add French translations
- v1.0.0 - August 13, 2020 - Update supported Django verisons.
- v0.9.4 - August 05, 2020 - Django 3.1 support
- v0.9.3 - June 23, 2020 - June 18, 2020 - Admin fix
- v0.9.1 - May 08, 2020 - Admin fix
- v0.9.0 - April 17, 2020 - Improved email device
- v0.8.1 - February 08, 2020 - Admin fix
- v0.8.0 - February 06, 2020 - Drop Python 2 support
- v0.7.5 - December 27, 2019 - Django 3.0 support
- v0.7.4 - November 21, 2019 - Cleanup
- v0.7.3 - October 22, 2019 - Minor improvements
- v0.7.2 - September 17, 2019 - LoginView fix
- v0.7.1 - September 12, 2019 - Preliminary Django 3.0 support
- v0.7.0 - August 26, 2019 - Housekeeping
- v0.6.0 - April 22, 2019 - Failure throttling
- v0.5.2 - February 11 - 2019 - Fix URL encoding
- v0.5.1 - October 24, 2018 - Customizable error messages
- v0.5.0 - August 14, 2018 - Django 2.1 support
- v0.4.3 - March 8, 2018 - Minor static token fix
- v0.4.2 - December 15, 2017 - addstatictoken fix
- v0.4.1 - August 29, 2017 - Misc fixes
- v0.4.0 - July 19, 2017 - Update support matrix
- v0.3.14 - May 30, 2017 - addstatictoken fix
- v0.3.13 - April 11, 2017 - Pickle compatibility
- v0.3.12 - April 2, 2017 - Forward compatibility
- v0.3.11 - March 8, 2017 - Built-in QR Code support
- v0.3.8 - November 27, 2016 - Forward compatbility for Django 2.0
- v0.3.7 - September 24, 2016 - Convenience API
- v0.3.6 - September 4, 2016 - Django 1.10
- v0.3.5 - April 13, 2016 - Fix default TOTP key
- v0.3.4 - January 10, 2016 - Python 3 cleanup
- v0.3.3 - October 15, 2015 - Django 1.9
- v0.3.2 - October 11, 2015 - Django 1.8
- v0.3.1 - April 3, 2015 - Django 1.8
- v0.3.0 - February 7, 2015 - Support Django migrations
- v0.2.7 - April 26, 2014 - Fix for Custom user models with South
- v0.2.6 - April 18, 2014 - Fix for Python 3.2 with South
- v0.2.4 - April 15, 2014 - TOTP plugin fix (migration warning)
- v0.2.3 - March 3, 2014 - Fix pickling
- v0.2.2 - December 31, 2013 - Require Django 1.4.2
- v0.2.1 - November 19, 2013 - Bug fix
- v0.2.0 - November 10, 2013 - Django 1.6
- v0.1.8 - August 20, 2013 - user_has_device API
- v0.1.7 - July 3, 2013 - Decorator improvement
- v0.1.6 - May 9, 2013 - Unit test improvements
- v0.1.5 - May 8, 2013 - OTPAdminSite improvement
- v0.1.3 - March 10, 2013 - Django 1.5 compatibility
- v0.1.2 - October 8, 2012 - Bug fix
- v0.1.0 - August 20, 2012 - Initial Release
Copyright (c) 2012, Peter Sagerson All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.