Google Authenticator is a software token that implements two-step verification services using the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password Algorithm (HOTP), for authenticating users of mobile applications by Google. The service implements algorithms specified in RFC 6238 and RFC 4226, respectively.

1. Google Authentication
By Anubhav Goyal

2. Content
● About google authentication
● Two-Factor Authentication
● Plugin
● Time Based OTP
● How to Integrate
● Integrate with Spring Security
● Demo
● References

3. Google Authentication
Google Authenticator is a software token that implements two-step verification services using
the Time-based One-time Password Algorithm (TOTP) and HMAC-based One-time Password
Algorithm (HOTP), for authenticating users of mobile applications by Google. The service
implements algorithms specified in RFC 6238 and RFC 4226, respectively.
Authenticator provides a six- to eight-digit one-time password which users must provide in
addition to their username and password to log into Google services or other sites

4. Two Factor Authentication
Two-factor authentication (2FA) -- also known as two-step verification or multifactor
authentication -- is widely used to add a layer of security to your online accounts. The most
common form of two-factor authentication when logging into an account is the process of
entering your password and then receiving a code via text on your phone that you then need to
enter.
An extra layer of security that is known as "multi factor authentication"

5. The authentication factors of a multi-factor/two-factor authentication scheme may include:
1. some physical object in the possession of the user, such as a USB stick with a secret token,
a bank card, a key, etc.
2. some secret known to the user, such as a password, PIN, TAN, etc.
3. some physical characteristic of the user (biometrics), such as a fingerprint, eye iris, voice,
typing speed, pattern in key press intervals, etc

6. Plugin:
For Gradle :
compile 'com.warrenstrange:googleauth:1.1.2'
For Maven :
<dependency>
<groupId>com.warrenstrange</groupId>
<artifactId>googleauth</artifactId>
<version>1.1.2</version>
</dependency>
The required libraries will be automatically pulled into your project:
● Apache Commons Codec.
● Apache HTTP client.

7. Time Based OTP
A time-based one-time password (TOTP) is a temporary passcode, generated by an algorithm,
for use in authenticating access to computer systems.
The algorithm that generates each password uses the current time of day as one of its factors,
ensuring that each password is unique. Time-based one-time passwords are commonly used for
two-factor authentication and have seen growing adoption by cloud application providers.

8. Integration with Google Auth
The following code creates a new set of credentials for a user. No user name is provided to the
API and it is a responsibility of the caller to save it for later use during the authorisation phase.
GoogleAuthenticator gAuth = new GoogleAuthenticator();
final GoogleAuthenticatorKey key = gAuth.createCredentials();
The user should be given the value of the shared secret, returned by
key.getKey(), this will return secret key ,which can be used next time for TOTP varification.

9. The following code checks the validity of the specified password against the provided Base32-
encoded secretKey:
GoogleAuthenticator gAuth = new GoogleAuthenticator();
boolean isCodeValid = gAuth.authorize(secretKey, totp);

10. Integrate With Spring Security
Plugin:
compile ':spring-security-oauth-google:0.3.1'
grails install-plugin spring-security-oauth

11. Configure with spring security
oauth {
debug = true
providers {
google {
api = org.scribe.builder.api.GoogleApi
key = 'oauth_google_key'
secret = 'oauth_google_secret'
successUri = '/oauth/google/success'
failureUri = '/oauth/google/error'
callback = "${baseURL}/oauth/google/callback"
scope = 'https://www.googleapis.com/auth/userinfo.email'
}
}
}

12. How to create domain for OAuth:
To create OAuth Domain :
grails s2-init-oauth [domain-class-package] [oauthid-class-name]
that creates:
● The domain class
● The controller class [package path]SpringSecurityOAuthController
● The view springSecurityOAuth/askToLinkOrCreateAccount.gsp
Finally, add
static hasMany = [oAuthIDs: OAuthID]
to you user domain class.

13. Demo
You can find demo on :
https://github.com/NexThoughts/Google-Authenticator

14. References
● https://github.com/wstrange/GoogleAuth
● https://github.com/j256/two-factor-auth
● https://en.wikipedia.org/wiki/HMAC-based_One-time_Password_algorithm
● https://searchsecurity.techtarget.com/definition/Google-Authenticator
● https://en.wikipedia.org/wiki/Google_Authenticator
● https://stackoverflow.com/questions/27964389/grails-using-google-
authentication-with-the-spring-security-plugin?rq=1
● http://www.baeldung.com/spring-security-two-factor-authentication-with-soft-
token
● https://github.com/cazacugmihai/grails-spring-security-oauth

15. THANK YOU