Package Exports
- otplib
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (otplib) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
otplib
Time-based (TOTP) and HMAC-based (HOTP) One-Time Password library
About
otplib is another node based One Time Password (OTP) Library.
It was initially created for me to understand how One Time Passwords work in implementation.
It implements:
This library is compatible with Google Authenticator, and includes additional methods to allow you to easily work with Google Authenticator.
Installation
Install the module with: npm install otplib
var otplib = require('otplib');Quick Start
Token Generation
var otplib = require('otplib');
// Basic
var secret = 'user secret' || otplib.core.secret(),
qrcode = otplib.core.qrcode('user', 'domain', secret);
// Generating OTP
var code = otplib.core.totp(secret);
console.log('OTP: ' + code);Token Validation
var otplib = require('otplib');
// From database etc.
var secret = 'user secret',
code = 'user provided OTP';
// True / False
var status = otplib.google.check(code, secret);
console.log('Is Token Valid: ' + status);Google Authenticator
Base32 Keys
Google Authenticator requires keys to be base32 encoded.
RFC3548
Google Authenticator requires an RFC 3548 compliant encoder.
OTP calculation will still work should you want to use other base32 encoding methods (like Crockford's Base 32) but it will NOT be compatible with Google Authenticator.
GAuth Sample
var otplib = require('otplib');
var secret = 'base 32 encoded user secret' || otplib.google.secret(),
qrcode = otplib.core.qrcode('user', 'domain', secret);
var code = otplib.google.generate(secret);
console.log('OTP: ' + code);Documentation
All examples assumes var otplib = require('otplib'); as base.
Core [otplib.core.METHOD]
hotp(secret, counter)
HMAC based OTP
secret(string) user secretcounter(integer)
totp(secret)
Time based OTP
secret(string) user secret
secret.generate(radix)
Generate a random secret
- radix (string) [optional]
helpers.stringToHex(value)
Converts String to Hex
value(string)
helpers.hexToInt(hex)
Converts Hex into an Integer
hex(string) hexadecimal string
helpers.intToHex(number)
Parse number into an Integer and convert to Hex
number(string/integer) parseInt(base 10) will be called on the number
helpers.pad(value, total)
Do a left padding of the value based on the total
value(string) string to padtotal(string) total number of characters in string
googleAuthenticator [otplib.google.METHOD]
debug(status)
Sets debug message printouts
status(boolean) true/false
secret()
Generate a secret
keyuri(user, host, secret)
Key-uri eg. outauth://totp/user:localhost?secet=NKEIBAOUFA
user(string) eg. joehost(string) eg. github.comsecret(string) user secret
qrcode(user, host, secret)
Generates a QR Code image using Google Charts
user(string) eg. joehost(string) eg. github.comsecret(string) user secret
generate(secret)
Generate One Time Pass
secret(string) user secret
check(token, secret)
Check for token validity
token(string) user provided one time passsecret(string) user secret
encode(secret)
Base32 encoding
secret(string) user secret
decode(secret)
Base32 decoding
secret(string) user secret
Release History
| Version | Notes |
|---|---|
| 0.0.3 | Version Bump for publish |
| 0.0.2 | API movement |
| 0.0.1 | First Release |
License
Copyright (c) 2014 Gerald Yeo. Licensed under the MIT license.