1.2.5 • Published 5 months ago

2fa-utils v1.2.5

Weekly downloads
35
License
MIT
Repository
github
Last release
5 months ago

Two-Factor Authentication

npm Travis (.com) Codecov Snyk Vulnerabilities for npm package

Using the algorithm provided in RFC 4226, can generate and verify HMAC-based one-time password (HOTP) and time-based one-time password (TOTP).

Features

  • Generate base-32 encoded secrets.
  • Generate HMAC-based one-time passwords (HOTP) at a specific length.
  • Generate time-based HOTPs at a specific amount of windows.
  • Verify generated tokens.

Usage

Generating Secret

For each account, a secret must be generated and shared between the server and the client. This secret will be used to create and verify HOTPs.

const secret = twoFA.generateSecret();

Generating HOTP

HOTP requires a base32-encoded secret and a counter with time-step.

// Generate base32 secret
const secret = twoFA.generateSecret();
// Create counter with 30 seconds interval 
const counter = Math.floor(Date.now() / 30000);

const hotp = twoFA.generateHOTP(secret, counter, 6)

Generating TOTP

Generating TOTP allows you to get a HOTP in a specific time window.

const secret = twoFA.generateSecret();

// Get the current time window's token
const currentTotp = twoFA.generateTOTP(secret, 0);

// Get the future time window's token (1 window ahead)
const futureTotp = twoFA.generateTOTP(secret, 1);

// Get the past time window's token (1 window behind)
const pastTotp = twoFA.generateTOTP(secret, -1);

Verifying HOTP

Verify tokens supplied via user input.

function verifyHOTP(inputToken) {
  const secret = twoFA.generateSecret();
  const counter = Math.floor(Date.now() / 30000);

  // Actual token generated by the server
  const actualToken = twoFA.generateHOTP(secret, counter)

  if (inputToken === actualToken) return true;
  return false
}

Verifying TOTP

Verify tokens supploed via user input with a time tolerance.

const secret = twoFA.generateSecret();

const inputToken = '111111';

/* This will return true if the input token 
  - is currently valid,
  - was previously valid in the last window,
  - will be valid in the next window.
*/
const isTokenValid = twoFA.verifyTOTP(inputToken, secret, 1);

Dependencies

Author

  • Boran Seckin

License

This project is licensed under the MIT License - see the LICENSE file for details.

1.2.5

5 months ago

1.2.4

8 months ago

1.2.3

9 months ago

1.2.2

1 year ago

1.2.1

1 year ago

1.2.0

1 year ago

1.1.11

1 year ago

1.1.10

1 year ago

1.1.9

2 years ago

1.1.8

2 years ago

1.1.7

2 years ago

1.1.6

2 years ago

1.1.5

2 years ago

1.1.4

2 years ago

1.1.3

2 years ago

1.1.2

3 years ago

1.1.1

3 years ago

1.1.0

3 years ago

1.0.4

3 years ago

1.0.3

3 years ago

1.0.1

3 years ago

1.0.0

3 years ago