OTPAuth
One Time Password (HOTP/TOTP) library for Node.js, Deno, Bun and browsers.
Usage
Node.js
import * as OTPAuth from "otpauth";
// Create a new TOTP object.
let totp = new OTPAuth.TOTP({
issuer: "ACME",
label: "AzureDiamond",
algorithm: "SHA1",
digits: 6,
period: 30,
secret: "NB2W45DFOIZA", // or 'OTPAuth.Secret.fromBase32("NB2W45DFOIZA")'
});
// Generate a token (returns the current token as a string).
let token = totp.generate();
// Validate a token (returns the token delta or null if it is not found in the search window, in which case it should be considered invalid).
let delta = totp.validate({ token, window: 1 });
// Convert to Google Authenticator key URI:
// otpauth://totp/ACME:AzureDiamond?issuer=ACME&secret=NB2W45DFOIZA&algorithm=SHA1&digits=6&period=30
let uri = totp.toString(); // or 'OTPAuth.URI.stringify(totp)'
// Convert from Google Authenticator key URI.
totp = OTPAuth.URI.parse(uri);Deno
import * as OTPAuth from "https://deno.land/x/otpauth@VERSION/dist/otpauth.esm.js"
// Same as above.Bun
import * as OTPAuth from "otpauth";
// Same as above.Browsers
<script src="https://cdnjs.cloudflare.com/ajax/libs/otpauth/VERSION/otpauth.umd.min.js"></script>
<script>
// Same as above.
</script>Documentation
See the documentation page.
Supported hashing algorithms
In Node.js, the same algorithms as
Crypto.createHmac
function are supported, since it is used internally. In Deno, Bun and browsers, the SHA1, SHA224, SHA256, SHA384,
SHA512, SHA3-224, SHA3-256, SHA3-384 and SHA3-512 algorithms are supported by using the
jsSHA library.