The CodeB TOTP SMS Android App goes beyond being a typical messaging app. It's an all-inclusive mobile tool that effortlessly switches between multiple roles, such as a Time-Based One-Time Password (TOTP) generator and a Document Signer, among others. This versatility doesn't compromise its security - the app adheres to stringent safety standards, making it stand out from regular SMS applications.
Moreover, the app is fully compatible with OpenID Connect. It deviates from the norm of depending on an authorization server for token generation and authorization processes. Instead, it utilizes Android's secure processor-backed keystores, and in heightened security situations, the resilient hardware-backed keystore known as "Strongbox". These elements are used for secure storage of the app's key materials and for creating OpenID Connect tokens. This process effectively makes a centralized third-party authorization server unnecessary.
Using the securely generated OpenID Connect token with most third-party services, like Wordpress, is a simple process. All you need to do is install the WordPress Plugin “OpenID Connect generic client using Authorization Code Flow” by daggerhart, and configure the plugin following the provided screenshot. This straightforward procedure enables truly passwordless authentication for your Wordpress sites.
It's worth noting that in this setup, the endpoint URLs are not addresses of any authorization server. Instead, they are transparent CodeB OpenID Proxy URLs that map the HTTP workflows to the mobile's OTT communication.