0.3.1 • Public • Published

    passport-local-with-otp Artsy

    Passport strategy for authenticating with a username, password and OTP.

    This module lets you authenticate using a username, password and time-based one-time password (OTP) in your Node.js applications.

    This is a fork of https://github.com/jaredhanson/passport-local, adapted for the use case of submitting username, password and otp in unison to an upstream server for authentication and second-factor verification in a single request.



    $ yarn add passport-local-with-otp


    Configure Strategy

    The local-with-otp authentication strategy authenticates users using a username password, and otp. The strategy requires a verify callback, which accepts these credentials and calls done providing a user.

    passport.use(new LocalWithOtpStrategy(
      function(username, password, otp, done) {
        try {
          const user = authenticateWithUpstreamService(username, password, otp)
          return done(null, user)
        } catch (error) {
          return done(err)
    Available Options

    This strategy takes an optional options hash before the function, e.g. new LocalWithOtpStrategy({/* options */, callback}).

    The available options are:

    • usernameField - Optional, defaults to 'username'
    • passwordField - Optional, defaults to 'password'
    • otpField - Optional, defaults to 'otp'

    Both fields define the name of the properties in the POST body that are sent to the server.


    By default, **Local**WithOtpStrategy expects to find credentials in parameters named username, password and otp. If your site prefers to name these fields differently, options are available to change the defaults.

    passport.use(new LocalWithOtpStrategy({
        usernameField: 'email',
        passwordField: 'passwd',
        otpField: 'otp_attempt',
        session: false
      function(username, password, done) {
        // ...

    When session support is not necessary, it can be safely disabled by setting the session option to false.

    The verify callback can be supplied with the request object by setting the passReqToCallback option to true, and changing callback arguments accordingly.

    passport.use(new LocalWithOtpStrategy({
        usernameField: 'email',
        passwordField: 'passwd',
        otpField: 'otp_attempt',
        passReqToCallback: true,
        session: false
      function(req, username, password, done) {
        // request object is now first argument
        // ...

    Authenticate Requests

    Use passport.authenticate(), specifying the 'local-with-otp' strategy, to authenticate requests.

    For example, as route middleware in an Express application:

      passport.authenticate('local', { failureRedirect: '/login' }),
      function(req, res) {


    Developers using the popular Express web framework can refer to an example as a starting point for their own web applications.


    The MIT License

    Copyright (c) 2011-2015 Jared Hanson <http://jaredhanson.net/>


    npm i @artsy/passport-local-with-otp

    DownloadsWeekly Downloads






    Unpacked Size

    19 kB

    Total Files


    Last publish


    • artsy-engineering
    • erikdstock
    • xtina-starr
    • damassi
    • anandaroop
    • yuki24
    • mzikherman
    • oxaudo
    • eessex
    • arjelks
    • zephraph
    • sweir27
    • dblandin
    • icirellik