TOTP VALIDATION (WITHOUT CREATING CREDENTIAL)

For TOTP VALIDATION, this workflow verifies the validity of a 6-digit TOTP code against a provided secret key, enhancing security in authentication systems. It allows manual triggering and integrates seamlessly with Sticky Note for easy setup and testing. Users can quickly assess code accuracy, ensuring secure access control without the need for credential creation.

7/8/2025
5 nodes
Complex
manualcomplexsticky notelogicconditional
Categories:
Complex WorkflowManual Triggered
Integrations:
Sticky Note

Target Audience

Target Audience


- Developers: Those who are building applications that require two-factor authentication (2FA).
- Security Engineers: Professionals focused on enhancing the security of applications.
- System Administrators: Individuals managing user authentication systems.
- Businesses: Organizations looking to implement secure login processes for their users.

Problem Solved

Problem Solved


This workflow addresses the challenge of validating Time-based One-Time Passwords (TOTP) without needing to create or store user credentials. It ensures that the provided 6-digit TOTP code matches the expected value generated from a given secret, enhancing security in authentication processes.

Workflow Steps

Workflow Steps


1. Manual Trigger: The workflow starts when the user clicks the ‘Test workflow’ button.
2. Set Example Fields: Two example fields are defined, including a sample TOTP secret (CNSUKUMZLQJEZJ3) and a TOTP code to verify (516620).
3. TOTP Validation: The TOTP validation process is executed using a Python function that:
- Decodes the base32 secret.
- Generates a TOTP code based on the current time and the secret.
- Compares the generated code with the provided code to verify its validity.
4. Conditional Check: An IF node checks the result of the TOTP validation:
- If the code is valid, it moves to the true branch.
- If the code is invalid, it moves to the false branch.
5. Outcome: The workflow provides a status indicating whether the TOTP code was valid (1 for valid, 0 for invalid).

Customization Guide

Customization Guide


- Modify Example Fields: Update the values in the ‘EXAMPLE FIELDS’ node to reflect the actual TOTP secret and code you wish to validate.
- Integrate with Your System: Replace the manual trigger with an appropriate trigger that suits your application's authentication flow.
- Adjust TOTP Parameters: If necessary, modify the TOTP generation parameters (like interval and digits) in the ‘TOTP VALIDATION’ node to fit your security requirements.
- Expand Workflow Logic: Add additional nodes after the IF node to handle valid and invalid scenarios, such as sending notifications or logging attempts.