JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 21245
  • Score
    100M100P100Q144793F
  • License MIT

One-time passwords with HOTP and TOTP

Package Exports

  • @oslojs/otp
  • @oslojs/otp/dist/index.js

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@oslojs/otp) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

@oslojs/otp

Documentation: https://oauth2.oslojs.dev

A JavaScript library for generating and verifying OTPs by Oslo.

Supports HMAC-based one-time passwords (HOTP) and time-based one-time passwords (TOTP) as defined in RFC 4226 and RFC 6238.

  • Runtime-agnostic
  • No third-party dependencies
  • Fully typed
import { generateTOTP, verifyTOTP } from "@oslojs/oauth2";

const totp = generateTOTP(key, 30, 6);
const valid = verifyTOTP(totp, key, 30, 6);

Installation

npm i @oslojs/otp

Prerequisites

This package requires the Web Crypto API. This is available in most modern runtimes, including Node.js 20+, Deno, Bun, and Cloudflare Workers. The big exception is Node.js 16 and 18. Make sure to polyfill it using webcrypto.

import { webcrypto } from "node:crypto";

globalThis.crypto = webcrypto;

Alternatively, add the --experimental-global-webcrypto flag when executing files.

node --experimental-global-webcrypto index.js