passport-2fa-totp
Passport strategy for Two-factor authenticating with a username, password and TOTP code.
This module lets you authenticate using a username, password and TOTP code in your Node.js applications. By plugging into Passport, 2FA TOTP authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express. You can use any TOTP code generators to generate one-time passwords, for example Google Authenticator.
Install
$ npm install passport-2fa-totp
Usage
Configure Strategy
The 2FA TOTP authentication strategy authenticates a user using a username, password and TOTP value generated by a hardware device or software application (known as a token). The strategy requires a callback to verify a username and password and a callback to setup TOTP generator.
var GoogleAuthenticator = GoogeAuthenticator;var TwoFAStartegy = Strategy; ... passport;
GoogleAuthenticator
object provides utility methods for Google Authenticator
GoogleAuthenticator.register(username)
- Generate a secret key and render a QR code (SVG) to register an account in Google Authenticator.
GoogleAuthenticator.decodeSecret(secret)
- Convert BASE 32 encoded string to byte array.
Available Options
This strategy takes an optional options hash before the function, e.g. new TwoFAStartegy({/* options */, verifyUsernameAndPasswordCallback, verifyTotpCodeCallback})
.
The available options are:
usernameField
- Optional, defaults to 'username'passwordField
- Optional, defaults to 'password'codeField
- Optional, defaults to 'code'window
- Optional defaults to 6. A window to generate TOTP code.skipTotpVerification
- Optional defaults to false. TOTP code verification is skipped if it is set to be true.passReqToCallback
- Optional defaults to false. Passrequest
object to the callbacks if it is set to be true.
Authenticate Requests
Use passport.authenticate()
, specifying the '2fa-totp' strategy, to authenticate requests.
router;
Examples
Developers using the popular Express web framework can refer to an node-2fa as a starting point for their own web applications.
Tests
$ npm install$ npm test