Ever so slightly easier to read (IMO) if you inline arguments:

    def hotp(key: bytes, counter: int, digits: int = 6, digest: Literal["sha1", "sha256", "sha512"] = "sha1"):
        mac = hmac.digest(
            key=base64.b32decode(key.upper() + "=" * ((8 - len(key)) % 8)),
            msg=struct.pack(">Q", counter),
            digest=digest,
        )
        offset = mac[-1] & 0x0F
        binary: int = struct.unpack(">L", mac[offset : offset + 4])[0] & 0x7FFFFFFF
        return str(binary)[-digits:].zfill(digits)

And Pyright doesn’t yell at this version because no type-changing variables here: https://basedpyright.com/?typeCheckingMode=all&code=JYWwDg9g...

---

This is actually really helpful. I’m using Pass [1], which requires oathtool for OTP support [2]. I’m currently on a Mac without admin rights (so no Homebrew for me), and compiling oathtool is a PITA. I’ve wanted to put together a pure Python replacement for a while now, but with this it can be a single-file script: https://gist.github.com/notpushkin/7ac32ddf35a0c73bc6f181a1b...

[1]: https://www.passwordstore.org/

[2]: https://github.com/tadfisher/pass-otp#requirements