Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Steam TOTP #127

Closed
or29544 opened this issue Jan 22, 2022 · 11 comments
Closed

Support for Steam TOTP #127

or29544 opened this issue Jan 22, 2022 · 11 comments

Comments

@or29544
Copy link

or29544 commented Jan 22, 2022

Could we please have support for Steam's custom TOTP?
@kislyuk
Copy link
Member

kislyuk commented Jan 23, 2022

Thanks for your interest in PyOTP. Steam does not follow the TOTP RFC, so it is a non-standard implementation of TOTP. As such it is unlikely that we will develop support for it, however if someone wants to contribute an implementation with tests and documentation, we could include it in a pyotp.contrib.steam submodule.

Technically, Steam appears to use an OTP of length 5 with a 30 second tick and the same HOTP construction as standard HOTP, but with a custom alphabet for the OTP instead of digits. As such this can be a straightforward subclass of pyotp.TOTP overloading generate_otp() to change https://github.com/pyauth/pyotp/blob/develop/src/pyotp/otp.py#L33

@or29544
Copy link
Author

or29544 commented Jan 23, 2022

There is the Authenticator app that works with Steam TOTP. Unfortunately it's in Rust, not Python: otp.rs

@einfachIrgendwer0815
Copy link

I made an implementation of Steams TOTP for python based on the mentioned otp.rs.
https://gist.github.com/einfachIrgendwer0815/883a7d1f4e328b839fa3ddacca1b10d2

It's a subclass of pyotp.TOTP and overloads generate_otp().

@raduzaharia-medium
Copy link

So...could it be integrated in PyOTP? 😲

Merged
kislyuk added a commit that referenced this issue Sep 11, 2022
@einfachIrgendwer0815 @kislyuk
Steam TOTP (#142)
d8acd41 
A new class is added in a `pyotp.contrib.steam` submodule. It's a
subclass of `pyotp.TOTP` and overrides the `generate_otp` method. (all
as mentioned in the issue
[here](#127 (comment)))

Also added some tests and included the new class in the API
Documentation section.

Co-authored-by: Andrey Kislyuk <kislyuk@gmail.com>
VV-YY added a commit to VV-YY/pyotp that referenced this issue Feb 12, 2023
@VV-YY @kislyuk
Steam TOTP (#142)
9179e8a 
A new class is added in a `pyotp.contrib.steam` submodule. It's a
subclass of `pyotp.TOTP` and overrides the `generate_otp` method. (all
as mentioned in the issue
[here](pyauth/pyotp#127 (comment)))

Also added some tests and included the new class in the API
Documentation section.

Co-authored-by: Andrey Kislyuk <kislyuk@gmail.com>
@JamiKettunen
Copy link

JamiKettunen commented Apr 20, 2023
edited

From what I can tell there's nothing to do anymore and this can be closed since v2.7.0 includes support and the following works for me as tested with v2.8.0:

import pyotp.contrib.steam
print(pyotp.contrib.Steam("SECRETKEY").now())

@kislyuk
Copy link
Member

kislyuk commented Apr 23, 2023

Correct, Steam TOTP is now supported thanks to work by @einfachIrgendwer0815 in #142. The remaining work was to add docs for it, which I just did.

@kislyuk kislyuk closed this as completed Apr 23, 2023
@JamiKettunen
Copy link

Hm actually there seems to be an issue, consumers of this library can't use pyotp.parse_uri() with the otpauth://totp/Steam:USERNAME?secret=WHATEVER&period=30&digits=5&issuer=Steam&encoder=steam URIs and returns:

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.11/site-packages/pyotp/__init__.py", line 80, in parse_uri
    raise ValueError("Digits may only be 6, 7, or 8")
ValueError: Digits may only be 6, 7, or 8

Would it be acceptable to add support for this, or should the consumers deal with this only pyotp.contrib module?

@JamiKettunen
Copy link

Ping @kislyuk ^

@kislyuk
Copy link
Member

kislyuk commented Jun 18, 2023

@JamiKettunen I'm happy to take PRs to adapt parse_uri to accommodate Steam. Would need a unit/regression test in place.

@einfachIrgendwer0815
Copy link

@JamiKettunen Are you working on this? Otherwise I would like to do that.

@JamiKettunen
Copy link

@einfachIrgendwer0815 Feel free to take over, I tried something locally but wasn't successful

Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kislyuk @or29544 @JamiKettunen @einfachIrgendwer0815 @raduzaharia-medium