JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 728197
  • Score
    100M100P100Q180884F
  • License MIT

HMAC-based (HOTP) and Time-based (TOTP) One-Time Password library

Package Exports

  • otplib
  • otplib/lib/authenticator
  • otplib/lib/hotp

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (otplib) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

otplib

Time-based (TOTP) and HMAC-based (HOTP) One-Time Password library

npm Build Status

About

otplib is a JavaScript One Time Password (OTP) Library.

It was initially created for me to understand how One Time Passwords work in implementation.

It implements:

This library is compatible with Google Authenticator, and includes additional methods to allow you to easily work with Google Authenticator.

Changes in API for v3.x.x

As the library is rewritten and refactored into ES6 classes, v3.0.0 includes BREAKING CHANGES to the API. A compatibility library has been added, but it's highly recommended to migrate instead.

Please check Upgrade Notes for more information.

Installation

Install the module via npm

 $ npm install otplib

Usage

While this package is primarily a node.js module, you can also use it within the browser.

node.js

There are serveral variants:

All (object)

var lib = require('otplib');
// lib == {authenticator, hotp, totp}

Authenticator

var authenticator = require('otplib/authenticator');

// OR
var lib = require('otplib');
var authenticator = lib.authenticator;

HOTP

var hotp = require('otplib/hotp');

// OR
var lib = require('otplib');
var hotp = lib.hotp;

TOTP

var totp = require('otplib/totp');

// OR
var lib = require('otplib');
var totp = lib.totp;

Browser

<script src="browser/otplib.js"></script>

<script type="text/javascript">
   var otp = window.otplib;
</script>

Quick Start

Token Generation

var otp = require('otplib/totp');

// user secret key
var secret = otp.utils.generateSecret();

// OTP code
var code = otp.generate(secret);

Token Validation

var otp = require('otplib/totp');

// from database etc.
var secret = 'user secret';
var code = 'user provided OTP';

// true / false
var status = otp.check(code, secret);

Google Authenticator compatibility notes

Base32 Keys and RFC3548

Google Authenticator requires keys to be base32 encoded. It also requires the base32 encoder to be RFC 3548 compliant.

OTP calculation will still work should you want to use other base32 encoding methods (like Crockford's Base 32) but it will NOT be compatible with Google Authenticator.

Sample

var otp = require('otplib/authenticator');

// base 32 encoded user secret key
var secret = otp.generateSecret();

// otp code
var code = otp.generate(secret);