Miss any of our Open RFC calls?Watch the recordings here! »

meiaentrada-otp

1.0.15 • Public • Published

MEIA ENTRADA OTP

This is a simple library to implement features based on OTP (One-Time Password) algorithms, more specific TOTP algorithm. OTP algorithms are commonly used to implement two factor authentication (2FA). There are two algorithms: HOTP(HMAC-based One-Time Password) and TOTP(Time-Based One-Time Password):

  • HOTP This algorithm generates a otp code based in a secret, current timestamp and a event counter, see RFC 4226.
  • TOTP This algorithm generates the otp code based in a secret and current timestamp. see RFC 6238

To install

To install and save this dependencie in package.json:

npm i meiaentrada-otp --save

To simple install:

npm i meiaentrada-otp

Knowledge

  • secret: A unique key value per user to generate otp values; For example: "secret_of_client_01"

  • holder: A value to represent a people or entity that is using otp value like a client. For example: "bank_01"

  • issuer: A value to represent the website or enterprise that is generating otp values to clients. For example: "bank_client_01"

  • otp value: A positive number with 6 characters. For example: "123456"

Methods

generateKey() Generates a 32-character (160-bit) base32 key

generateOtpURI(secret, holder, issuer) Generate a URI base on OTPAUTH protocol - for more info. There is only a exception, the holder information is present on the URI params.

isValidTokenOTP(secret, otpValue) Validates a time-based token within a +/- 30 second (90 seconds) window. Return true or false in according with secret, current timestamp and otp value.

generateTokenOTP(secret) Generates a 6-digit (20-bit) decimal time-based token

Usage

const otp = require('meiaentrada-otp');
 
const secret = otp.generateKey();
console.log(secret); // "igxo jj5n gpuj gv4c lotw ve7d tmlu xftb"
 
const holder = 'user_01';
const issuer = 'enterprise_01';
 
const uri = otp.generateOtpURI(secret, holder, issuer);
console.log(uri); // otpauth://totp/enterprise_01:user_01?secret=7MEYUZ52337HOOKX25GE3RVIMQ6MJK4O&issuer=enterprise_01&algorithm=SHA1&digits=6&period=30&holder=user_01
 
const otpCode = otp.generateTokenOTP(secret);
console.log(otpCode); // 774729
 
let isValidToken = otp.isValidTokenOTP(secret, otpCode);
console.log(isValidToken); // true
 
isValidToken = otp.isValidTokenOTP('wrong-secret', otpCode);
console.log(isValidToken); // false

Install

npm i meiaentrada-otp

DownloadsWeekly Downloads

17

Version

1.0.15

License

ISC

Unpacked Size

3.67 kB

Total Files

3

Last publish

Collaborators

  • avatar