One Time Password (HOTP/TOTP) library for Node.js, Deno, Bun and browsers.
import * as OTPAuth from "otpauth";
// Create a new TOTP object.
let totp = new OTPAuth.TOTP({
issuer: "ACME",
label: "AzureDiamond",
algorithm: "SHA1",
digits: 6,
period: 30,
secret: "NB2W45DFOIZA", // or 'OTPAuth.Secret.fromBase32("NB2W45DFOIZA")'
});
// Generate a token (returns the current token as a string).
let token = totp.generate();
// Validate a token (returns the token delta or null if it is not found in the search window, in which case it should be considered invalid).
let delta = totp.validate({ token, window: 1 });
// Convert to Google Authenticator key URI:
// otpauth://totp/ACME:AzureDiamond?issuer=ACME&secret=NB2W45DFOIZA&algorithm=SHA1&digits=6&period=30
let uri = totp.toString(); // or 'OTPAuth.URI.stringify(totp)'
// Convert from Google Authenticator key URI.
totp = OTPAuth.URI.parse(uri);
import * as OTPAuth from "https://deno.land/x/otpauth@VERSION/dist/otpauth.esm.js"
// Same as above.
import * as OTPAuth from "otpauth";
// Same as above.
<script src="https://cdnjs.cloudflare.com/ajax/libs/otpauth/VERSION/otpauth.umd.min.js"></script>
<script>
// Same as above.
</script>
See the documentation page.
In Node.js, the same algorithms as
Crypto.createHmac
function are supported, since it is used internally. In Deno, Bun and browsers, the SHA1
, SHA224
, SHA256
, SHA384
,
SHA512
, SHA3-224
, SHA3-256
, SHA3-384
and SHA3-512
algorithms are supported by using the
jsSHA library.