yubico-node
Advanced tools
This is a JS implementation of the Yubico Validation Protocol as outlined in their documentation. All of the extra security precautions are implemented such as using the client secret to hash the request on its way out, and validate the response on its way in. This library is also incredibly small and has no outside dependencies.
YUBICO_CLIENT_ID = Client ID from Yubico
YUBICO_SECRET = Secret from Yubico
YUBICO_SL = The SL to use (0 - 100, fast, or secure)
YUBICO_TIMEOUT = The timeout for the request (number)
YUBICO_API_SERVERS = If you run your own compliant verification servers, place the hosts in a comma separated list (ex. api.yubico.com,api2.yubico.com, etc.)
constructor(options?: IYubicoConstructor)The options parameter contains all of the options you might want to set for the verification requests. Some parameters are requrired,
but having an environment variable suffices for the requirement. The options parameter is not required at all of all parameters are met with environment variables.
| option | required | type | default | example |
|---|---|---|---|---|
clientId | ✅ | string | N/A | "MyClientID" |
secret | ✅ | string | N/A | "MySecret" |
sl | number (0-100),"fast","secure" | none | "secure" | |
timeout | number | none | "secure" | |
apiServers | string[] | Yubico API Servers | "secure" |
verify(otp: string): Promise<Response>Verify the OTP against the verification servers. This will return a Response class that can be picked apart to get the data you need.
getOneTimePassword(): stringReturns the same OTP that was passed into the verify function.
getTimestampUTC(): DateReturns the UTC timestamp that was given in response from the verification server.
getTimestamp(): DateReturns the timestamp from when the key was pressed.
getSessionCounter(): numberReturns the internal usage counter provided by the key from when it was pressed.
getSessionUse(): numberReturns the internal session usage counter provided by the key from when it was pressed.
getStatus(): ResponseStatusReturns the response status of the request. This should always be ResponseStatus.OK as all other responses will throw an error.
getPublicId(): stringReturns the public ID of the key. This is unique to each key, but is encoded in ModHex.
If you need the public ID as a number (aka. the serial number), use getSerialNumber().
getSerialNumber():numberReturns the serial number of the key. This is decoded from ModHex and represented as a UIntBE.
FAQs
A NodeJS implementation of the Yubico OTP API
We found that yubico-node demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
Security News
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.