Tiny-OTP
The browser-based Google-Authenticator compatible OTP generator.
Tiny-OTP is a tiny(4kb) Javascript library that can generate RFC 4226 compliant HMAC-based one-time passwords (HOTPs), and RFC 6238 compliant time-based one-time passwords (TOTPs).
Usage
// Generate a random secretconst secret = OTP // Initialize OTP generator with secretconst generator = secret // Get the current 6-digit TOTP value.// This value will change every 30 seconds.let totp = generator // Get current 6-digit HOTP value.// This value will change based on the provided counter parameter value.let hotp = generator
NPM / Browserify / Webpack
Install
npm install tiny-otp
Import
const OTP =
Browser Script Tag
Import
Base32 Compatibility
Google Authenticator requires secrets to be imported as base32 encoded strings. Tiny-OTP uses UTF-8 encoding by default, but contains helpers to import and export base32 encoded secrets.
To import a base32 encoded secret.
const generator = secret 'base32'
To export the secret in base32 encoding.
generator
Extra digits
Tiny-OTP generates 6-digit OTPs by default, but can also generate 8-digit OTPs. The number of digits is an optional parameter of the TOTP and HOTP methods.
// Get the current 8-digit TOTP value.let totp = generator // Get 8-digit HOTP value, for counter = 5.let hotp = generator
Distribution Test
To verify that the OTP generates a valid random(flat) distribution of possible 6-digit OTP values, the test
directory contains a simple webpage + webworker that will generate batches of 50,000 OTPs, and continuously plot the distribution. To view this visualization, run http-server .
and open http://localhost/test/
.
You can also view this distribution test at https://cdn.patricktriest.com/vendor/otp/test/index.html