Home / Projects / SecureTOTP

SecureTOTP

Java 21 Spring Boot 3.5.1 Spring Microservices MongoDB Spring Security OAuth2 JWT Spring Mail

A robust two-factor authentication system implementing Time-based One-Time Password (TOTP) for enhanced application security. Built with Spring Boot microservices architecture, it provides a seamless and secure authentication experience.

About the Project

SecureTOTP is a comprehensive security solution that implements Two-Factor Authentication (2FA) using Time-based One-Time Password (TOTP) algorithm. Built as a microservices application using Spring Boot, this project addresses the growing need for enhanced security measures beyond traditional username and password authentication.

The system generates secure, time-limited verification codes that users must enter alongside their regular credentials. It supports QR code generation for easy setup with authentication apps like Google Authenticator, Microsoft Authenticator, and Authy, creating a seamless yet highly secure user experience.

The project follows a microservices architecture with separate services for authentication, user management, and TOTP operations, ensuring scalability and maintainability for enterprise-level applications.

Key Features

TOTP Authentication

Implements RFC 6238 Time-based One-Time Password algorithm for secure authentication codes that change every 30 seconds.

Multi-Account Management

Supports managing multiple 2FA user accounts, enabling oversee secure access for different accounts within the system.

QR Code Integration

Generates scannable QR codes for easy setup with popular authenticator apps like Google Authenticator and Authy.

JWT Authentication

Secures API access with JSON Web Tokens and implements refresh token mechanisms for persistent sessions.

Email Verification

Integrated email service for account verification, password reset, and security notifications.

Microservices Architecture

Built with loosely coupled microservices for scalability, resilience, and independent deployment capabilities.

PIN Verification

Adds an extra layer of security by requiring users to enter a personal PIN during authentication or sensitive actions.

ELP Emergency Login Protocol

Allows users to regain access by uploading a secure .elp file generated during setup, providing a safe fallback authentication method.

Technical Implementation

The application follows a microservices architecture with the following key components:

Auth Service: Handles user registration, login, and token management with Spring Security and JWT
TOTP Service: Generates and validates time-based one-time passwords, Manages user PIN setup, storage, and verification for additional authentication layer

Security Implementations

The project implements several layers of security:

TOTP Generation: Using RFC 6238 compliant HMAC-SHA1 algorithm with 30-second validity
Secret Key Management: Secure storage of TOTP secret keys with AES-256 encryption
JWT Authentication: Stateless authentication with short-lived access tokens and refresh tokens
Password Security: BCrypt password encoding with adaptive work factor
Rate Limiting: Protection against brute force attacks with IP-based and account-based rate limiting

Project Information

Project Links

Source Code Live Demo

Tech Stack

Java

Spring Boot

MongoDB

Spring Security

oAuth2

JWT

Spring mail

HTML

CSS

Js

Docker

Timeline

Started: June 7, 2025

Completed: Ongoing...

Last Updated: June 17, 2025

Contributors

Manish Kumar

Other Projects You Might Like

URL Shortener

SHORTxURL is a Spring Boot web project that provides URL shortening functionality. It shortens your long URL with a custom name! Making sharing easier.

Spring Boot Thymeleaf MongoDB html css Docker

Basic ChatBot

Simple ChatBot Using Java Servlet JSP.

html css JSP Servlet

Blogging Website

A simple blog project enabling users to create, read, update, and delete (CRUD) blog posts from markdown, with authentication features to secure user accounts and manage access.