Class Credential
Represents a single OATH credential.
public class Credential
- Inheritance
-
objectCredential
Remarks
The credential can be a TOTP (Time-based One-time Password) or a HOTP (HMAC-based One-time Password).
Constructors
Credential()
Constructs an instance of the Credential class.
public Credential()
Credential(string?, string, CredentialPeriod, CredentialType, HashAlgorithm)
Constructs an instance of the Credential class for List Command.
public Credential(string? issuer, string account, CredentialPeriod period, CredentialType type, HashAlgorithm algorithm)
Parameters
issuer
stringThe issuer is an optional string indicating the provider or service.
account
stringThe account name that usually is the user's email address.
period
CredentialPeriodThe credential period.
type
CredentialTypeThe credential type, TOTP or HOTP.
algorithm
HashAlgorithmThe types of hash algorithm.
Credential(string?, string, CredentialType, CredentialPeriod)
Constructs an instance of the Credential class for CalculateAllCommand.
public Credential(string? issuer, string account, CredentialType type, CredentialPeriod period)
Parameters
issuer
stringAn optional string indicating the provider or service.
account
stringThe account name that usually is the user's email address.
type
CredentialTypeThe credential type, TOTP or HOTP.
period
CredentialPeriodThe credential period.
Credential(string?, string, CredentialType, HashAlgorithm, string, CredentialPeriod, int, int?, bool)
Constructs an instance of the Credential class for PutCommand.
public Credential(string? issuer, string account, CredentialType type, HashAlgorithm algorithm, string secret, CredentialPeriod period, int digits, int? counter, bool requireTouch)
Parameters
issuer
stringThe issuer is an optional string indicating the provider or service.
account
stringThe account name that usually is the user's email address.
type
CredentialTypeThe credential type, TOTP or HOTP.
algorithm
HashAlgorithmThe type of hash algorithm.
secret
stringAn arbitrary value.
period
CredentialPeriodThe credential period.
digits
intThe number of digits in a one-time password.
counter
int?The counter is required when the credential type is HOTP. For TOTP it's 0.
requireTouch
boolThe credential requires the user to touch the key to generate a one-time password.
Properties
AccountName
The account name, which is typically the user's email address.
public string? AccountName { get; set; }
Property Value
- string
Exceptions
- InvalidOperationException
The value is null, empty, or consists only of white-space characters.
Algorithm
The hash algorithm used by the credential.
public HashAlgorithm? Algorithm { get; set; }
Property Value
Exceptions
- InvalidOperationException
The value is invalid.
Counter
Counter value for HOTP.
public int? Counter { get; set; }
Property Value
- int?
Remarks
The counter parameter is required when the type is HOTP. It will set the initial counter value. This property returns null if the credential type is TOTP. The server and user calculate the OTP by applying a hashing and truncating operation to Secret and Counter. The server compares the OTP it calculated against the one provided by the user. Both sides then increment the counters. The counters have to be kept in sync between the server and the user. If a user ends up not using calculated OTP, the counter on the user side will become out of sync with the server.
Digits
The number of digits in a one-time password. The value for this property can only be 6, 7 or 8.
public int? Digits { get; set; }
Property Value
- int?
Exceptions
- InvalidOperationException
The value is invalid.
IsValidNameLength
Checks the name length, which cannot be more than 64 bytes in UTF-8 encoding.
public bool IsValidNameLength { get; }
Property Value
- bool
Exceptions
- InvalidOperationException
A required parameter is missing. See Name for more information.
Issuer
The provider or the service the account is associated with.
public string? Issuer { get; set; }
Property Value
- string
Remarks
The Issuer property is recommended, but it can be absent (set to null
).
Name
Get-property witch serves as the unique identifier for the credential.
public string Name { get; }
Property Value
- string
Remarks
The Name prevents collisions between different accounts with different providers that might be identified using the same account name, e.g. the user's email address. The Name is created from Period, Issuer and Account Name with the following format: "period/issuer:account". If Period is a default value (30seconds), or the credential's type is HOTP, it'll be: "issuer:account". Also, if Issuer is not specified, the format will be: "period/account" or just "account" for TOTP with default period or HOTP credentials.
At a minimum, this member requires AccountName and Type to be set. The Type
cannot
be None. Also, if Type
is set to Totp, then
Period cannot be null
nor Undefined.
There is a maximum length allowed for the Name (64 bytes in UTF-8 encoding, see Yubico.YubiKey.Oath.Credential.MaximumNameLength). To avoid an exception from being thrown due to invalid length, IsValidNameLength can be called first. If the total length is too long, Issuer and/or AccountName should be shortened.
Exceptions
- InvalidOperationException
A required parameter is missing or the name exceeds the maximum length.
Period
The validity period in seconds for TOTP code. It can only be 15, 30 or 60 seconds. For HOTP should be set to zero.
public CredentialPeriod? Period { get; set; }
Property Value
Exceptions
- InvalidOperationException
The value is invalid.
RequiresTouch
The credential requires the user to touch the key to generate a one-time password.
public bool? RequiresTouch { get; set; }
Property Value
- bool?
Secret
The secret is an arbitrary value encoded in Base32 according to RFC 3548.
public string? Secret { get; set; }
Property Value
- string
Remarks
Usually, the shared secret is provided by the provider or service website to the user by means of a QR code. Both sides need to retain this secret key for one-time password generation. The YubiKey takes care of securely storing this secret on behalf of the user when the credential is added. An authenticator app does not need to store this secret anywhere else.
Exceptions
- InvalidOperationException
The value is invalid.
Type
The type of the credential. Indicates the type of the credential as either HOTP or TOTP.
public CredentialType? Type { get; set; }
Property Value
Exceptions
- InvalidOperationException
The value is invalid.
Methods
Equals(object)
public override bool Equals(object obj)
Parameters
obj
object
Returns
- bool
Equals(Credential?)
public bool Equals(Credential? credential)
Parameters
credential
Credential
Returns
- bool
GetHashCode()
public override int GetHashCode()
Returns
- int
ParseUri(Uri)
Parses an 'otpauth://' Uri that received from QR reader or manually from server.
public static Credential ParseUri(Uri uri)
Parameters
uri
Uri
Returns
- Credential
The credential with parameters.
Remarks
When you enable two-factor authentication on websites, they usually show you a QR code and ask you to scan and launch an authenticator app. QR codes are used in scanning secrets to generate one-time passwords. Secrets may be encoded in QR codes as a URI as specified by https://github.com/google/google-authenticator/wiki/Key-Uri-Format
Exceptions
- ArgumentNullException
The Uri is null.
- InvalidOperationException
The Uri path or schema is invalid, or the credential's algorithm or period is invalid.
Operators
operator ==(Credential, Credential)
public static bool operator ==(Credential lhs, Credential rhs)
Parameters
lhs
Credentialrhs
Credential
Returns
- bool
operator !=(Credential, Credential)
public static bool operator !=(Credential lhs, Credential rhs)
Parameters
lhs
Credentialrhs
Credential
Returns
- bool