2.0.1 • Published 3 years ago

@ladjs/passport-otp-strategy v2.0.1

Weekly downloads
22
License
MIT
Repository
github
Last release
3 years ago

@ladjs/passport-otp-strategy

npm Build Status

Table of Contents

Foreword

This is a fork of passport-otp, which is a fork itself of the Passport-TOTP library and uses otplib instead of notp.

Passport strategy for two-factor authentication using a TOTP value.

This module lets you authenticate using a TOTP value in your Node.js applications. By plugging into Passport, TOTP two-factor authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express. TOTP values can be generated by hardware devices or software applications, including Google Authenticator and Authy.

Note that in contrast to most Passport strategies, TOTP authentication requires that a user already be authenticated using an initial factor. Requirements regarding when to require a second factor are a matter of application-level policy, and outside the scope of both Passport and this strategy.

Install

npm install @ladjs/passport-otp-strategy

Usage

Configure Strategy

The TOTP authentication strategy authenticates a user using a TOTP value generated by a hardware device or software application (known as a token). The strategy requires a setup callback.

The setup callback accepts a previously authenticated user and calls done providing a key used to verify the token value. Authentication fails if the value is not verified.

passport.use(new OtpStrategy(
  {
    codeField: 'code',
    authenticator: {}
  }
  function(user, done) {
    TotpKey.findOne({ userId: user.id }, function (err, key) {
      if (err) { return done(err); }
      return done(null, key.key);
    });
  }
));

You can find a full listing of authenticator options here. Note that the crypto library will be used by default. If you want to change that, you can specify it in authenticator.crypto (more on that here).

Authenticate Requests

Use passport.authenticate(), specifying the 'otp' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.post(
  '/verify-otp',
  passport.authenticate('otp', { failureRedirect: '/verify-otp' }),
  function(req, res) {
    req.session.authFactors = [ 'otp' ];
    res.redirect('/');
  }
);

Examples

For a complete, working example, refer Lad source code.

Tests

npm install
npm run test

Contributors

NameWebsite
Eric Hayeshttps://github.com/ejhayes
Jared Hansonhttps://github.com/jaredhanson

License

MIT © Eric Hayes

authauthenticationauthnoathotppassporttotp
otplibpassport-strategypkginfo
@everything-registry/sub-chunk-533@zalastax/nolb-_lad@ladjs/passport
2.0.1

3 years ago

2.0.0

3 years ago

1.1.0

5 years ago