1.0.2 • Published 10 months ago
@prsm/otp v1.0.2
@prsm/otp
A simple and secure library for generating and verifying One-Time Passwords (OTPs) based on the TOTP algorithm.
Installation
npm install @prsm/otpUsage
Create a Secret
Generate a secret with different strengths:
import Otp from "@prsm/otp";
// Default (high) strength
const secret = Otp.createSecret();
// Low strength
const lowStrengthSecret = Otp.createSecret(Otp.SHARED_SECRET_STRENGTH_LOW);
// Moderate strength
const moderateStrengthSecret = Otp.createSecret(Otp.SHARED_SECRET_STRENGTH_MODERATE);For each user, store the secret securely and associate it with the user. When authenticating a user, you need to reference the secret that was generated for that user. The secret should be kept confidential and never shared.
Generate a TOTP
const secret = Otp.createSecret();
const totp = Otp.generateTotp(secret);
console.log(totp); // A 6-digit TOTP
const totp8 = Otp.generateTotp(secret, undefined, 8);
console.log(totp8); // An 8-digit TOTPVerify a TOTP
const isValid = Otp.verifyTotp(secret, totp);
console.log(isValid); // true, even if the TOTP is expiredFor strict verification, you can specify the number of steps and the time window:
const isValidStrict = Otp.verifyTotp(secret, totp, 0, 0);
console.log(isValidStrict); // true only if the TOTP is valid at the current timeGenerate a TOTP URI for QR Code
const uri = Otp.createTotpKeyUriForQrCode("app.example.com", "john.doe@example.org", secret);
console.log(uri); // URI for QR codeCustom Configuration
Customize OTP length, interval, and hash function:
const customTotp = Otp.generateTotp(secret, undefined, 8, 60, undefined, Otp.HASH_FUNCTION_SHA_256);
const isValidCustom = Otp.verifyTotp(secret, customTotp, undefined, undefined, undefined, 8, 60, undefined, Otp.HASH_FUNCTION_SHA_256);
console.log(isValidCustom); // trueError Handling
Handle specific errors:
try {
Otp.generateTotp("shortsecret");
} catch (error) {
if (error instanceof Otp.InvalidSecretError) {
console.error("The provided secret is too short.");
}
}