Easy-to-use timebased one time password(TOTP) generator, compatible with Google Authenticator.
# pnpm
pnpm i totp-auth
# npm
npm i totp-authimport { createTOTP, countdown } from "totp-auth"
import { setInterval } from "timers/promises"
//secret from service provider
const secret = "abcd1234"
let totp = createTOTP(secret)
let expire = countdown()
// current TOTP and expiring time in seconds
console.log(`TOTP: ${totp}, expire: ${expire}`)
// keep counting down and refresh TOTP every 30 sec
for await (let _ of setInterval(1000)) {
const cnt = countdown()
if (cnt >= expire) totp = createTOTP(secret)
expire = cnt
console.log(`TOTP: ${totp}, expire: ${expire}`)
}Not all strings can be secret key, invalid secret key will return a customizable error message.
// invalid secret -> default error message
createTOTP('asdf') // returns "invalid secret"
// invalid secret w/ custom error message
createTOTP('asdf', undefined, 'bad key') // returns "bad key" - create base32 representation of the credential
- calculate HMAC hash from the credential with current time
- shift and trim 6 digit TOTP from the hash above
Both createTOTP and countdown are pure functions. Unit test with Jest are included.
The TOTP output could also simply verified by Google Authenticator output.
Algorithm ref: http://jsfiddle.net/russau/ch8PK/ HMAC lib: https://github.com/Caligatio/jsSHA
- How can I extract secret keys from Google Authenticator?
- use another npm package: https://github.com/krissrex/google-authenticator-exporter
- use chrome extension: https://authenticator.cc/
Open a github issue or ping me on Twitter
