How to generate otp key for token/init POST method?

Hi all,

I’m new on privacyIDEA and OTP Server. So, I’m trying to create a new token, but I got on error on that:
"error": {"message": "ERR905: Missing parameter: 'otpkey'", "code": 905}}

So, I’d like to know how could I generate an OTP Key to send in the POST method of /token/init

here is my Java Code:

WebClient tokenClient = WebClient.create("https://192.168.2.3");
// [...]
Base32 b32 = new Base32();
Hex h = new Hex();

byte[] secretBytes = b32.decode(<what should I put here??>);
String hexSecret = new String(h.encode(secretBytes));

JSONObject tokeninit = new JSONObject();
tokeninit.put("otpkey", hexSecret);
tokeninit.put("type", "HOTP");
tokeninit.put("pin", "1234");
tokeninit.put("user", "vagrant");
tokeninit.put("realm", "defrealm");

tokenClient.header("Authorization", token);
response = tokenClient.post(jsonObject.toString());
// [...]

Please help me to understand how to generate that and how otpkey works!

Best regards,

Celso Agra

Hello Celso,

starting with the API? Taking the steep curve?

Read this http://privacyidea.readthedocs.io/en/latest/modules/api.html, this http://privacyidea.readthedocs.io/en/latest/modules/api/auth.html and this http://privacyidea.readthedocs.io/en/latest/modules/api/token.html#post--token-init.

otpkey depends on the token type you are enrolling.
In certain cases it makes sense to use genkey.

Also do not foget the PI-Authorization header.

Kind regards
Cornelius

I do not speak java, but it looks like you are not passing your parameters to the POST call.

Thanks @cornelinux!

I’m testing some features about OTP Server… the idea is consume part of REST API, such as create user, authenticate, create a token, validate it, …

It seems I just need the otpkey, when I looked in the token-init method. but I think there is more to params to do a request.

I’m using junit (java) and considering pass a JSON like this:
{
“otpkey” : “hexSecret”,
“type” : “HOTP”,
“pin” : “1234”,
“user” : “vagrant",
“realm” : “defrealm”
}

Also, I’m passing the Authorization header (I got token using /auth method)

should I need more params for token/init?

Also, I could notice that when I try to enroll a token, the same error happena:

But, If I check “generate OTP Key on the Server”, everything works fine
I’m using the version 2.19.1

You are right - would you mind opening an issue at github https://github.com/privacyidea/privacyidea (if you have a github account)

I can not reproduce getting an error when providing these parameters:

However, I can reproduce an error from within the UI, since the error arises from when the request contains a parameter genkey=0 or genkey=false.

See Missing otpkey in /token/init when genkey is set to false · Issue #793 · privacyidea/privacyidea · GitHub

Thanks @cornelinux

Here is the issue on github

moreover, here is the whole java code:
public void testPrivacyIdea() {
WebClient client = WebClient.create(“https://192.168.2.3”);
client.path(“auth”);
client.type(“application/json”);
disabledCN(client);

    JSONObject jsonObject = new JSONObject();
    jsonObject.put("username", "admin");
    jsonObject.put("password", "admin");
    Response response = client.post(jsonObject.toString());

    String responseObject = response.readEntity(String.class);
    JSONObject object = new JSONObject(responseObject);
    JSONObject value = (JSONObject) ((JSONObject) object.get("result")).get("value");
    String token = value.get("token").toString();

    System.out.println(token);

    WebClient tokenClient = WebClient.create("https://192.168.2.3");
    tokenClient.path("token/init");
    tokenClient.type("application/json");
    tokenClient.accept("application/json");
    disabledCN(tokenClient); // avoid the ssl problems

    JSONObject tokeninit = new JSONObject();
    tokeninit.put("otpkey", "d6f66965821434f2027e0ea4f597890f7d5c8067");
    tokeninit.put("genkey", 0);
    tokeninit.put("serial", "NEW001");
    tokeninit.put("description", "unit test");
    tokeninit.put("type", "HOTP");
    tokeninit.put("otplen", 6);
    tokeninit.put("hashlib", "sha1");
    tokeninit.put("keysize", 20);
    tokeninit.put("pin", "1234");
    tokeninit.put("user", "vagrant");
    tokeninit.put("realm", "defrealm");

    tokenClient.header("Authorization", token);
    response = tokenClient.post(jsonObject.toString());

    responseObject = response.readEntity(String.class);
    System.out.println(responseObject);
} 

I’m using junit to do this tests, and my resul is:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImFkbWluIiwibm9uY2UiOiIxZWQ2MDQ5ZWUxY2M1MGM4YmQ1Y2VlZTQwND[...]
{“jsonrpc”: “2.0”, “signature”: “17888367902524921686356549237956269687957184806742938861125116236994889089378982028605413202969214134566646994158950292353311398338[…]22601218074269702982791095780649691151303871270510567656002953423982025186225313605147”, “detail”: null, “version”: “privacyIDEA 2.19.1”, “result”: {“status”: false, “error”: {“message”: “ERR905: Missing parameter: ‘otpkey’”, “code”: 905}}, “time”: 1506595308.442671, “id”: 1}

I reduce token and signature a litle bit!

So…
It will be fixed by issue #793

Thanks again @cornelinux