JS OTP
Javascript Implementation of HOTP and TOTP
A small javascript library (17k minified, 6.3k minified and gzipped) that handles generation of HMAC-based One-time Password Algorithm (HOTP) codes as per the HOTP RFC Draft and the Time-based One-time Password Algorithm (TOTP) codes as per the TOTP RFC Draft. This library produces the same codes as the Google Authenticator app.
This package only exposes jsOTP
and jsSHA
to global scope and does not depend on jQuery.
Usage:
Usage is simple. Just include dist/jsOTP.js
to your page and pass it a config.
<script src='dist/jsOTP.min.js'></script>
<script>
// hotp
var hotp = new jsOTP.hotp();
var hmacCode = hotp.getOtp(<your OTP key>, <counter>);
// totp
var totp = new jsOTP.totp();
var timeCode = totp.getOtp(<your OTP key>);
</script>
Additional Configs
You can also configure the expiry time for each code (defaults to 30 seconds) and the length of the code (between 6 and 8, defaults to 6) by passing two optional arguments to the totp
constructor:
var totp = new jsOTP.totp(<expiry seconds>, <code length>);
You can also input the time for TOTP calculations as an optional second argument:
var timeCode = totp.getOtp(<OTP key>, <milliseconds time>);
Building
Due to an issue with babel causing it to replace window
dependency with undefined
, use release.sh
from the main direcotry. It runs sed
before minification to replace broken window
injections.
Acknowledgements
This package is adapted from the following fiddle and the Node OTP library and uses Brian Turek's jsSHA.