Derek Ditch dcode

💭

Hack the 🌎!

Threat researcher at @google and general purpose open sourcerer. 🧙

142 followers · 15 following

Google
Texas
@dcode

View GitHub Profile

Recently created

Least recently created

Recently updated

Least recently updated

jakariyaa / OktaVerify_TOTP_Key_Exteaction.md

Last active March 15, 2026 02:40

Okta Verify TOTP secret key can be extracted easily using curl and the code below.

Get the content of the QR for Okta Verify app setup. It looks like this: oktaverify://email@domain.com/?t=XXXXX&f=YYYYY&s=https://DOMAIN.okta.com&issuer=DOMAIN.okta.com&isIdxEnabled=true
Replace XXXXX, YYYYY and DOMAIN to your values in curl below:

curl --request POST \
  --url https://DOMAIN.okta.com/idp/authenticators \
  --header 'Accept: application/json; charset=UTF-8' \
  --header 'Accept-Encoding: gzip, deflate' \
  --header 'Authorization: OTDT XXXXX' \
  --header 'Content-Type: application/json; charset=UTF-8' \

OlderNewer