2fa-util

!Build Status
!License
!NPM Version

A lightweight, robust Node.js utility for generating Two-Factor Authentication (TOTP) secrets, QR codes, and verifying tokens. Compatible with Google Authenticator, Microsoft Authenticator, and Authy.

$3

Features

* Easy Setup: Generate a secret and QR code in one function call.
* Standard Compatible: Works with any RFC 6238 compliant authenticator app.
* Flexible Verification: Supports custom windows, steps, and other otplib options.
* Zero-Dependency (Runtime): Bundles necessary logic efficiently (uses otplib and qrcode under the hood).

Installation

``bash
npm install 2fa-util
`

Usage

$3

`javascript
const { generateSecret, verify } = require('2fa-util');

(async () => {
// 1. Generate a Secret and QR Code
const { secret, qrcode, otpauth } = await generateSecret('john.doe@example.com', 'MyApp');

console.log('Secret:', secret);
console.log('QR Code Data URL:', qrcode); // Display this in an

// ... User scans QR code ...

// 2. Verify a Token
const userToken = '123456'; // Input from user
const isValid = verify(userToken, secret);

console.log('Is Valid:', isValid);
})();
`

$3

You can pass standard otplib options to the verify function, such as window (for clock drift) or step.

`javascript
const isValid = verify(token, secret, {
window: 1, // Allow 1 step before/after (approx +/- 30sec)
step: 60 // Custom step size in seconds
});
`

API Reference

$3

Generates a new TOTP secret and corresponding QR code.

* label (string): The username or account identifier (e.g., email).
* issuer (string, optional): The name of your application or company.
* Returns: Promise