mirror of
https://github.com/hectorm/otpauth.git
synced 2026-05-07 20:12:27 +00:00
dependabot[bot]
7f8013221a
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
OTPAuth
One Time Password (HOTP/TOTP) library for Node.js, Deno, Bun and browsers.
Usage
Node.js
import * as OTPAuth from "otpauth";
// Create a new TOTP object.
let totp = new OTPAuth.TOTP({
// Provider or service the account is associated with.
issuer: "ACME",
// Account identifier.
label: "AzureDiamond",
// Algorithm used for the HMAC function.
algorithm: "SHA1",
// Length of the generated tokens.
digits: 6,
// Interval of time for which a token is valid, in seconds.
period: 30,
// Arbitrary key encoded in Base32 or OTPAuth.Secret instance.
secret: "NB2W45DFOIZA", // or 'OTPAuth.Secret.fromBase32("NB2W45DFOIZA")'
});
// A cryptographically secure random secret can also be generated with:
let secret = new OTPAuth.Secret({ size: 20 });
// Generate a token (returns the current token as a string).
let token = totp.generate();
// Validate a token (returns the token delta or null if it is not found in the
// search window, in which case it should be considered invalid).
let delta = totp.validate({ token, window: 1 });
// Get the remaining seconds until the current token changes.
let seconds = (totp.period * (1 - ((Date.now() / 1000 / totp.period) % 1))) | 0;
// Convert to Google Authenticator key URI format (usually the URI is encoded
// in a QR code that can be scanned by the user. This functionality is outside
// the scope of the project, but there are many libraries that can be used for
// this purpose).
//
// otpauth://totp/ACME:AzureDiamond?issuer=ACME&secret=NB2W45DFOIZA&algorithm=SHA1&digits=6&period=30
let uri = totp.toString(); // or 'OTPAuth.URI.stringify(totp)'
// Convert from Google Authenticator key URI format.
totp = OTPAuth.URI.parse(uri);
Deno
import * as OTPAuth from "https://deno.land/x/otpauth@VERSION/dist/otpauth.esm.js";
// Same as above.
Bun
import * as OTPAuth from "otpauth";
// Same as above.
Browsers
<script src="https://cdnjs.cloudflare.com/ajax/libs/otpauth/VERSION/otpauth.umd.min.js"></script>
<script>
// Same as above.
</script>
Documentation
See the documentation page.
Supported hashing algorithms
In Node.js, the same algorithms as
Crypto.createHmac
function are supported, since it is used internally. In Deno, Bun and browsers, the SHA1, SHA224, SHA256, SHA384,
SHA512, SHA3-224, SHA3-256, SHA3-384 and SHA3-512 algorithms are supported by using the
jsSHA library.