Browser One Time Password library, supports HOTP, TOTP and works with Google Authenticator
Fork from notp for support browser.
npm install botp
var botp = require('botp');
//.... some initial login code, that receives the user details and TOTP / HOTP token
var key = 'secret key for user... could be stored in DB';
var token = 'user supplied one time use token';
// Check TOTP is correct (HOTP if hotp pass type)
var login = botp.totp.verify(token, key);
// invalid token if login is null
if (!login) {
return console.log('Token invalid');
}
// valid token
console.log('Token valid, sync value is %s', login.delta);
Google authenticator requires that keys be base32 encoded before being used. This includes manual entry into the app as well as preparing a QR code URI.
var base32 = require('botp/base32');
var key = 'secret key for the user';
// encoded will be the secret key, base32 encoded
var encoded = base32.encode(key);
// Google authenticator doesn't like equal signs
var encodedForGoogle = encoded.toString().replace(/=/g,'');
// to create a URI for a qr code (change totp to hotp if using hotp)
var uri = 'otpauth://totp/somelabel?secret=' + encodedForGoogle;
Note: If your label has spaces or other invalid uri characters you will need to encode it accordingly using encodeURIComponent More details about the uri key format can be found on the google auth wiki
Check a counter based one time password for validity.
Returns null if token is not valid for given key and options.
Returns an object {delta: #} if the token is valid. delta is the count skew between client and server.
window
The allowable margin for the counter. The function will check
windowcodes in the future against the provided token. i.e. ifwindow = 100andcounter = 5all tokens between 5 and 105 will be checked against the supplied token Default - 50
counter
Counter value. This should be stored by the application on a per user basis. It is up to the application to track and increment this value as needed. It is also up to the application to increment this value if there is a skew between the client and server (
delta)
Check a time based one time password for validity
Returns null if token is not valid for given key and options.
Returns an object {delta: #} if the token is valid. delta is the count skew between client and server.
window
The allowable margin for the counter. The function will check
windowcodes in the future against the provided token. i.e. ifwindow = 5andcounter = 1000all tokens between 995 and 1005 will be checked against the supplied token Default - 6
time
The time step of the counter. This must be the same for every request and is used to calculate C. Default - 30
Return a counter based one time password
counter
Counter value. This should be stored by the application, must be user specific, and be incremented for each request.
Return a time based one time password
time
The time step of the counter. This must be the same for every request and is used to calculate C. Default - 30
FAQs
Browser One Time Password library, supports HOTP, TOTP and works with Google Authenticator
We found that botp demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket and Seal Security collaborate to fix a critical npm overrides bug, resolving a three-year security issue in the JavaScript ecosystem's most popular package manager.
Security News
TypeScript is porting its compiler to Go, delivering 10x faster builds, lower memory usage, and improved editor performance for a smoother developer experience.
Research
Security News
The Socket Research Team has discovered six new malicious npm packages linked to North Korea’s Lazarus Group, designed to steal credentials and deploy backdoors.