OTP io

> Typed library to work 2fa via Google Authenticator/Time-based TOTP/Hmac-based HOTP


Example • API Reference

Why use this lib?

- Small. Tree-shakable, 0 dependencies
- Tested. Compatibility with Google Authenticator and with RFC4226 (HOTP) and RFC6238 (TOTP)

Install

- npm
``bash
npm i otp-io
`
- Yarn
`bash
yarn add otp-io
`

What is this?

- HOTP - HMAC-based One Time Password generation method. Uses incrementing with each login counter and secret to generate unique 6-8 digit codes.
- TOTP - Time-based, uses current time modulo period (seconds) as counter in HOTP,
- Google Authenticator - uses simplified version of TOTP to generate codes. Differences:
- Only SHA-1 hash support
- Only 6 digit codes
- Keys should not be padded
- TOTP period is 30 seconds

Google Authenticator limits are defaults for this library.

How it works?

`typescript
// 1. Import library - use totp (code changes with time)
import { totp, generateKey, getKeyUri } from "otp-io";
// 2. Import crypto adapter.
// Specify crypto-node or crypto-web if node/bundler cannot
// detect correct version
import { hmac, randomBytes } from "otp-io/crypto";

// 3. Get key from somewhere. Or generate it
const secret = generateKey(randomBytes, / bytes: / 20); // 5-20 good for Google Authenticator

// 4. Get key import url
const url = getKeyUri({
type: "totp",
secret,
name: "User's Username",
issuer: "Your Site Name"
});

// 5. Show it to user as QR code - send it back to client
// Get 6-digit code back from him, as confirmation of saving secret key

const input = "...";

const code = await totp(hmac, { secret });

if (code === input) {
// 6. Done. User configured your key
}
``

Api Reference

API Reference