Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

yubico

Package Overview
Dependencies
Maintainers
0
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

yubico

Node library for validating Yubico One Time Passwords (OTPs) based on the validation protocol version 2.0.

  • 0.1.2
  • latest
  • Source
  • npm
  • Socket score
Version published
Weekly downloads
0
decreased by-100%
Maintainers
0
Weekly downloads
 
Created
Source

Yubico

Node library for validating Yubico One Time Passwords (OTPs) based on the validation protocol version 2.0.

Installation

npm install yubico

Usage

Create a new instance of the Yubico object and call verify() or verify_multi() method.

var yubico = new Yubico(client_id, api_key, use_https)

Parameters:

  • client_id - client id
  • key - API key (optional)
  • use_https true to use https (defaults to true)

Response message HMAC signature is only verified if an API key is provided so you are encouraged to provide it.

You can get both client_id and the api key at https://upgrade.yubico.com/getapikey/.

Validating a single token

yubico.verify(otp_token, timeout, callback)

Parameters:

  • otp - token generated by the Yubikey
  • timeout - connection timeout in seconds (defaults to 15 seconds)
  • callback - a callback which is called with an error as the first argument if the Yubikey validation fails and true as the second one if the provided token is valid.

Validating multiple tokens

yubico.verify_multi(otp_list, max_time_window, timeout, callback)
  • otp_list - an array of Yubikey tokens. Tokens are validated in the provided order so the order matters (tokens must be provided in the same order as they were generated)
  • max_time_window - how many seconds can pass between the first token and the last token generation so that the result is still considered valid (defaults to 5 seconds)
  • timeout - connection timeout in seconds (defaults to 15 seconds)
  • callback - a callback which is called with an error as the first argument if the Yubikey validation fails and true as the second one if the provided token is valid.

Example

Example is located in example/example.js.

Validating a single token (example)

node example/example.js single client_id [secret_key|null] otp

Validating multiple tokens (example)

node example/example.js multi client_id [secret_key|null] otp_1 otp_2

History

02.02.2010 - v0.1.2:

  • Allow package to be used with node >= 0.3.0
  • Don't use https if node version >= 0.3.0 or use_https equals False
  • Update tests so it works with a new version of expresso

31.12.2010 - v0.1.1:

  • Verify time window in the multi mode
  • Throw exception if none or only a single token is provided in the multi mode
  • Always take "max_time_window" argument in seconds and convert it internally
  • Add tests

28.12.2010 - v0.1.0:

  • Initial release

Keywords

FAQs

Package last updated on 02 Jan 2011

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Fluent Assertions Faces Backlash After Abandoning Open Source Licensing

Security News

Fluent Assertions Faces Backlash After Abandoning Open Source Licensing

Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.

By Sarah Gooding  -  Jan 18, 2025
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc