1.0.11 • Published 1 year ago
totp-auth v1.0.11
TOTP Auth
Easy-to-use timebased one time password(TOTP) generator, compatible with Google Authenticator.
Installation
# pnpm
pnpm i totp-auth
# npm
npm i totp-authUsage
import { createTOTP, countdown } from "totp-auth"
import { setInterval } from "timers/promises"
//secret from service provider
const secret = "abcd1234"
let totp = createTOTP(secret)
let expire = countdown()
// current TOTP and expiring time in seconds
console.log(`TOTP: ${totp}, expire: ${expire}`)
// keep counting down and refresh TOTP every 30 sec
for await (let _ of setInterval(1000)) {
const cnt = countdown()
if (cnt >= expire) totp = createTOTP(secret)
expire = cnt
console.log(`TOTP: ${totp}, expire: ${expire}`)
}Error Handling
Not all strings can be secret key, invalid secret key will return a customizable error message.
// invalid secret -> default error message
createTOTP('asdf') // returns "invalid secret"
// invalid secret w/ custom error message
createTOTP('asdf', undefined, 'bad key') // returns "bad key" Source Code
https://github.com/hoishing/totp-auth
code logic
- create base32 representation of the credential
- calculate HMAC hash from the credential with current time
- shift and trim 6 digit TOTP from the hash above
Tests
Both createTOTP and countdown are pure functions. Unit test with Jest are included.
The TOTP output could also simply verified by Google Authenticator output.
Credits
Algorithm ref: http://jsfiddle.net/russau/ch8PK/ HMAC lib: https://github.com/Caligatio/jsSHA
FAQ
- How can I extract secret keys from Google Authenticator?
- use another npm package: https://github.com/krissrex/google-authenticator-exporter
- use chrome extension: https://authenticator.cc/
Need Help?
Open a github issue or ping me on Twitter