Two-factor authentication for Node.js using one-time password (TOTP, HOTP). Supports Google Authenticator app.
TwoFacts implements the HMAC-Based One-time Password (HOTP) algorithm specified in RFC 4226 and the Time-based One-time Password (TOTP) algorithm specified in RFC 6238.
const twofacts = require('twofacts'); // When this package is published to npm
const userInput = '123456';
// Obtain this from some secure place where secret is stored. The security of the whole process is based on this secret.
const secret = 'LM7SGZFB4PBVJXXTFE2YDI22QUAHI3NK';
console.log(verifyUsingGoogleAuthenticator(userInput, secret)); // Returns true if user entered the correct OTP
Verifies if the OTP entered by user is correct or not.
Each parameter this function accepts is decribed below:
Parameter | Required? | Default Value | Description |
---|---|---|---|
otp |
Yes | None | One-time password user has entered from the Google Authenticator app. |
secret |
Yes | None | The secret key for the application against which OTP is generated. |
Boolean
value true
or false
indicating if the otp
entered by user was valid or not.
Generates a new, random, base32-encoded secret key that can be added to an authenticator app, like Google Authenticator, to generate OTPs. Use a third-party library to generate a QR code using the OTPAUTH URL generated by this function.
Each parameter this function accepts is decribed below:
Parameter | Required? | Default Value | Description |
---|---|---|---|
length |
No | 20 |
Length of the secret key. |
otpauthurl |
No | false |
If true , this function will also generate the optauth URL which can be used to create a QR code. |
label |
Yes, if otpauthurl is true |
None | Label that will be displayed on the authenticator app for the generated secret. |
The following object:
If otpauthurl
is true
:
{
secret: 'LM7SGZFB4PBVJXXTFE2YDI22QUAHI3NK', // Base32 encoded random `string` value as the secret.
url: 'otpauth://totp/label?secret=LM7SGZFB4PBVJXXTFE2YDI22QUAHI3NK' // OTPAUTH URL
}
If otpauthurl
is false
:
{
secret: 'LM7SGZFB4PBVJXXTFE2YDI22QUAHI3NK', // Base32 encoded random `string` value as the secret.
url: null
}
Verifies if the Time-based OTP entered by user is correct or not.
Each parameter this function accepts is decribed below:
Parameter | Required? | Default Value | Description |
---|---|---|---|
otp |
Yes | None | One-time password user has entered from the Google Authenticator app. |
secret |
Yes | None | The secret key for the application against which OTP is generated. |
window |
No | 1 |
The time step window for which the function should verify. For example, if the time step is 30 seconds and window is 1, then the function will verify OTPs generated at current time, 30 seconds before current time and 30 seconds after current time. If window is 2, it will check for 60 seconds before current time and 60 seconds after. |
timeStepInSeconds |
No | 30 |
The size of window in seconds after which a new OTP is calculated. |
initialTime |
No | 0 |
The starting time which should be subtracted from current time to verify OTP. Default value 0 indicates the Unix epoch time (00:00:00 January 1st, 1970 at UTC). |
otpLength |
No | 6 |
The number of digits of OTP generated. |
Boolean
value true
or false
indicating if the otp
entered by user was valid or not.
Generates a Time-based one time password.
Each parameter this function accepts is decribed below:
Parameter | Required? | Default Value | Description |
---|---|---|---|
secret |
Yes | None | The secret key for the application against which OTP should be generated. |
window |
No | 0 |
The time step window for which the function should generate the OTP. If window is 0 , the OTP will be generated at the current time. If window is -1 , then the OTP will be generated at current time - 30 seconds . |
timeStepInSeconds |
No | 30 |
The size of window in seconds after which the OTP is generated. |
initialTime |
No | 0 |
The starting time which should be subtracted from current time to verify OTP. Default value 0 indicates the Unix epoch time (00:00:00 January 1st, 1970 at UTC). |
otpLength |
No | 6 |
The number of digits of OTP generated. |
Number
value which will be the time-based one time password for a secret.
Generates a HMAC-based one time password.
Each parameter this function accepts is decribed below:
Parameter | Required? | Default Value | Description |
---|---|---|---|
secret |
Yes | None | The secret key for the application against which OTP should be generated. |
counter |
Yes | None | The counter required for HOTP generation. |
otpLength |
No | 6 |
The number of digits of OTP generated. |
hmacAlgorithm |
No | sha1 |
The algorithm to use to create HMAC. Examples are sha256 , sha512 . |
Number
value which will be the hmac-based one time password for a secret.