3.86.1. AuthSelect Previous topic Parent topic Child topic Next topic

AuthSelect is an SQL query that fetches TOTP data from the SQL database. It is passed the user name in %0. It is expected to return (secret, active, userId, counter, staticpassword). Field 0 (secret) is the HEX encoded secret key for the token. It must be present for the authentication to succeed (Mandatory).
  • If field 1 (active) is defined is must be 1 else the authentication is rejected.
  • Field 2 (pin) is the user's static PIN It will be checked if the user specifies a static password or if Require2Factor is set.
  • Field 3 (digits) is the number of digits in the user's TOTP code. If NULL the value of DefaultDigits will be used.
  • Field 4 (bad_logins) counts the number of consecutive authentication failures. If defined it will be used to detect brute force attacks and must be updated by UpdateQuery.
  • Field 5 (last_time_accessed) is the unix timestamp of the last authentication attempt. It is used to detect brute force attacks.
  • Field 6 is the last TOTP timestep validated, which should be updated automatically by UpdateQuery.
  • Optional field 7 (algorithm) is the SHA algorithm which defaults to SHA1 if the value is NULL or empty.
  • Optional field 8 (timestep) is the user's time step which defaults to the TimeStep configuration parameter if the value is 0 or NULL.
  • Optional field 9 (timestep_ origin) is the Unix epoch time of the first time step which defaults to TimeStepOrigin configuration parameter if the value is NULL.
The default works with the sample database schema provided in goodies/totp.sql. The default is:
select secret, active, pin, digits, bad_logins, unix_timestamp(
accessed), last_timestep from totpkeys where username=%0