IOTPProvider

Add-in responsible for generating an OTP code and validate it afterwards, this addin is triggered whenever a user clicks on a signature field and chooses signature method OTP.

This addin is commonly used to integrate with existing OTP providers from third-parties.

Trigger Event(s): Sign
Table 1. IOTPProvider interface methods declaration and description
Method Description

generate

Generates OTP request

Parameter

Type

Description

context

ArtifactContext

Context of the artifact (artifact variables and properties) with read-only access

objectId

String

Artifact object over which the OTP was requested (ex: signature field id)

user

String

User requesting the OTP (if the session is authenticated). This field is deprecated, as information of the user in context can now be obtained with SecurityManager.getSession().

Returns

Type

Description

result

String

A unique identifier of the OTP session

-

-

-

validate

Validates a given password against a previously generated OTP request

Parameter

Type

Description

context

ArtifactContext

Context of the artifact (artifact variables and properties) with read-only access

session

String

Unique identifier of the OTP session (output of the generate call)

password

String

OTP to be validated (value inserted by the user)

Returns

Type

Description

result

Boolean

True if validation succeed; otherwise returns false

Configuration

First the add-in needs to be loaded as an extension,

"_comment" : "List all the extensions to be used",
"extensions" :
[
	...

	{
        "name": "my-otp-provider",
		"class": "<your.class.qualified.name>"
    },

	...
]

Optionally, set as the default add-in by establishing the class path for the type "artifact_access"

"_comment" : "List all the default addins to be used",
"addins" :
[
    ...

    {
        "type": "artifact_otp",
		"extension": "my-otp-provider"
    },

    ...
]