otp-io

OTP io

Typed library to work 2fa via Google Authenticator/Time-based TOTP/Hmac-based HOTP

Example • API Reference

Why use this lib?

• Small. Tree-shakable, 0 dependencies
• Tested. Compatibility with Google Authenticator and with RFC4226 (HOTP) and RFC6238 (TOTP)

How it works?

// 1. Import library - use totp (code changes with time)
import { totp, generateKey, getKeyUri } from "otp-io";
// 2. Import crypto adapter. Either `crypto-node` or `crypto-browser` - API is identical
import { hmac, randomBytes } from "otp-io/crypto-node";

// 3. Get key from somewhere. Or generate it
const key = await generateKey(randomBytes, /* bytes: */ 20); // 5-20 good for Google Authenticator

// 4. Get key import url
const url = getKeyUri({
  type: "totp",
  secret,
  name: "User's Username",
  issuer: "Your Site Name"
});

// 5. Show it to user as QR code - send it back to client
// Get 6-digit code back from him, as confirmation of saving secret key

const input = "...";

const code = await totp(hmac, { secret });

if (code === input) {
  // 6. Done. User configured your key
}

Api Reference

API Reference