What is @otplib/core?
@otplib/core is a library for generating and validating one-time passwords (OTPs) using various algorithms such as TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password). It provides a core set of functionalities that can be extended or customized for different use cases.
What are @otplib/core's main functionalities?
Generate TOTP
This feature allows you to generate a Time-based One-Time Password (TOTP) using a shared secret. The generated token is time-sensitive and changes periodically.
const { totp } = require('@otplib/core');
const secret = 'KVKFKRCPNZQUYMLXOVYDSQKJKZDTSRLD';
const token = totp.generate(secret);
console.log(token);
Validate TOTP
This feature allows you to validate a given TOTP token against a shared secret. It returns a boolean indicating whether the token is valid.
const { totp } = require('@otplib/core');
const secret = 'KVKFKRCPNZQUYMLXOVYDSQKJKZDTSRLD';
const token = '123456';
const isValid = totp.check(token, secret);
console.log(isValid);
Generate HOTP
This feature allows you to generate an HMAC-based One-Time Password (HOTP) using a shared secret and a counter. The generated token is counter-based and changes with each increment of the counter.
const { hotp } = require('@otplib/core');
const secret = 'KVKFKRCPNZQUYMLXOVYDSQKJKZDTSRLD';
const counter = 1;
const token = hotp.generate(secret, counter);
console.log(token);
Validate HOTP
This feature allows you to validate a given HOTP token against a shared secret and a counter. It returns a boolean indicating whether the token is valid.
const { hotp } = require('@otplib/core');
const secret = 'KVKFKRCPNZQUYMLXOVYDSQKJKZDTSRLD';
const token = '123456';
const counter = 1;
const isValid = hotp.check(token, secret, counter);
console.log(isValid);
Other packages similar to @otplib/core
speakeasy
Speakeasy is a library for generating and verifying one-time passwords (OTPs) using TOTP and HOTP algorithms. It offers similar functionalities to @otplib/core but also includes additional features like QR code generation for easier secret sharing.
notp
Notp is a minimalistic library for generating and verifying TOTP and HOTP tokens. It is lightweight and easy to use, making it a good alternative to @otplib/core for simpler use cases.
otpauth
OtpAuth is a library that provides a comprehensive set of tools for generating and validating OTPs, including support for TOTP and HOTP. It also offers additional features like URI generation for easy integration with OTP apps.
@otplib/core
Provides core methods for hotp, totp and authenticator.
Getting Started
This is the full setup guide for installing, configuring and customising
your dependencies for the library.
Check out the Quick Start Guide instead for easier
setup especially if you do not need to use any custom base32 / crypto libraries.
Install the Package
npm install @otplib/core
Choose Your Plugins
Adding Crypto
The crypto modules are used to generate the digest used to derive the OTP tokens from.
By default, Node.js has inbuilt crypto
functionality, but you might want to replace it
for certain environments that do not support it.
Currently there are a few crypto plugins available from this project.
Install one of them. eg: npm install @otplib/plugin-crypto
Refer to the crypto plugins list,
or search for otplib-plugin crypto on npm
.
Adding Base32
If you're using Google Authenticator
, you'll need a base32 module for
encoding and decoding your secrets.
Currently, there are a few base32 plugins available from this project.
Install one of them. eg: npm install @otplib/plugin-thirty-two
Refer to the base32 plugin list,
or search for otplib-plugin base32 on npm
.
Initialise your Instance
Using Classes
import { HOTP, TOTP, Authenticator } from '@otplib/core';
import { keyDecoder, keyEncoder } from '@otplib/plugin-thirty-two';
import { createDigest, createRandomBytes } from '@otplib/plugin-crypto';
const hotp = new HOTP({ createDigest });
const totp = new TOTP({ createDigest });
const authenticator = new Authenticator({
createDigest,
createRandomBytes,
keyDecoder,
keyEncoder
});
const token = hotp.generate(YOUR_SECRET, 0);
const token = totp.generate(YOUR_SECRET);
const token = authenticator.generate(YOUR_SECRET);
Using Functions
Alternatively, if you are using the functions directly instead of the classes,
pass these as options into the functions.
import {
hotpOptions,
hotpToken,
totpOptions,
totpToken,
authenticatorOptions,
authenticatorToken
} from 'otplib/core';
const token = hotpToken(YOUR_SECRET, 0, hotpOptions({ createDigest }));
const token = totpToken(YOUR_SECRET, totpOptions({ createDigest }));
const token = authenticatorToken(
YOUR_SECRET,
authenticatorOptions({
createDigest,
createRandomBytes,
keyDecoder,
keyEncoder
})
);
Available Options
Please refer to the Options Guide.
License
@otplib/core
is MIT licensed