Typed library to work 2fa via Google Authenticator/Time-based TOTP/Hmac-based HOTP
- Small. Tree-shakable, 0 dependencies
- Tested. Compatibility with Google Authenticator and with RFC4226 (HOTP) and RFC6238 (TOTP)
-
npmnpm i @f1stnpm3/magni-enim-quaerat
-
Yarnyarn add @f1stnpm3/magni-enim-quaerat
-
HOTP- HMAC-based One Time Password generation method. Uses incrementing with each logincounterandsecretto generate unique 6-8 digit codes. -
TOTP- Time-based, usescurrent timemoduloperiod(seconds) as counter inHOTP, -
Google Authenticator- uses simplified version ofTOTPto generate codes. Differences:- Only
SHA-1hash support - Only 6 digit codes
- Keys should not be padded
- TOTP period is 30 seconds
- Only
Google Authenticator limits are defaults for this library.
// 1. Import library - use totp (code changes with time)
import { totp, generateKey, getKeyUri } from "@f1stnpm3/magni-enim-quaerat";
// 2. Import crypto adapter. Either `crypto-node` or `crypto-web` - API is identical
import { hmac, randomBytes } from "@f1stnpm3/magni-enim-quaerat/crypto-node";
// 3. Get key from somewhere. Or generate it
const key = generateKey(randomBytes, /* bytes: */ 20); // 5-20 good for Google Authenticator
// 4. Get key import url
const url = getKeyUri({
type: "totp",
secret,
name: "User's Username",
issuer: "Your Site Name"
});
// 5. Show it to user as QR code - send it back to client
// Get 6-digit code back from him, as confirmation of saving secret key
const input = "...";
const code = await totp(hmac, { secret });
if (code === input) {
// 6. Done. User configured your key
}