Announcing Authentication Kit

If your project has the burden of storing user passwords, my new Authentication Kit project will make it easy.

Authentication Kit provides an easy to use Security Through Obesity and TOTP two factor authentication implementation. It can be integrated into existing classes/databases if you’ve already implemented Security Through Obesity manually.

TOTP two factor authentication allows users to pair a code generator such as Google Authenticator or 1Password with your login database. This works especially well with a QR code generator, such as the BarcodeGeneratorMBS class. TOTP is the same implementation companies like Microsoft and Dropbox use for their two factor authentication.

Authentication Kit is released under the MIT license.

Thanks for posting this.

I’ve implemented passwords before using your website post as a reference. Its a good example and very interesting read.


Since I made that post, finding a good way to generalize it into something reusable was something that has been in the back of my mind. I finally got inspired enough to make it happen. I have some more features I’d like to add, but baby steps. And with GitHub, I don’t have to wait for my work on my website to complete.

[quote=195564:@Stephen Thomas]Thanks for posting this.

I’ve implemented passwords before using your website post as a reference. Its a good example and very interesting read.

Same here and it works wonders!
Thanks for sharing Thom. Will tale a look at it! Didn’t know about mkdocs either…looking at that too :wink:

When running the test app on Windows 7 and Windows 10 with Xojo 2015 r2.4 we are getting an error “Unable to validate user password” at the method Tester.ValidatePassword. This error does not occur on Mac. Not having any luck figuring out the issue. Has anyone used this on Windows successfully?

I’ll take a look this evening. It sounds a LOT like a bug I fixed a while ago though, so until I get back to you, just make sure you’re using the latest code from GitHub.

Just downloaded from GitHub today.

Well, bad news. It turns out that Xojo.Crypto.PBKDF2 is completely busted on Windows and always returns a different hash for the same inputs. I’ve got a demo project and will be filing a Feedback case in the morning.

I’m trying to stick to the new framework for this, but I may check in a version later in the day which uses the old framework as a workaround on Windows.

Edit: Sample project on Dropbox for now:

And here is the case <>

I should have mentioned that I did put out an update to work around the issue.

Hi, I’m completely new to web development, and have some experience in desktop development.
but I’m trying to use Authenticationkit for a local intranet app, for users to require to login, but what I can’t figure out is how do I link my controls (USERID and PASSWORD field with the SUMMIT Button) to this Authenticationkit?

if I could see an example app would help out a lot.


Look in App.Run in the example project, the comments explain each step.

The short answer is you need to obtain an object implementing the AuthenticationKit.User interface from your validator implementation. That validator is entirely up to you, though the project contains a SQLiteUserStorage class.

So it’s basically

Dim User As AuthenticationKit.User = Validator.LookupUser(Username) If User <> Nil Then Dim Generator As AuthenticationKit.TwoFactorProfile If Validator.ValidatePassword(User, Password, Iterations, Algorithm, Generator) Then If Generator <> Nil Then // Prompt for 2 factor authentication code If Generator.Verify(TwoFactorCode) Then // Successful login Else // Correct password, but failed 2FA End If Else // 2FA not enabled for this user // Successful login End If Else // Incorrect password End If Else // Incorrect username End If

There’s a lot going on and a lot to be hooked up. Unfortunately, the nature of the topic means this can’t be a simple “drop in and go” kind of project.

1 Like

Thanks for the example, I will study through the comments.