2fa-hotp-totp

Zero dependency HOTP/TOTP 2FA

Usage no npm install needed!

<script type="module">
  import faHotpTotp from 'https://cdn.skypack.dev/2fa-hotp-totp';
</script>

README

Help


Rate me

2FA-HOTP-TOTP

Zero-dependency, <1kB gzipped

My implementation of 2FA H/TOTP algorithms in TypeScript + base32 encoder for creating links for authenticator programs like Google Authenticator

Read more about otpauth:// links

Specifications:

Install

npm i 2FA-HOTP-TOTP

    or

yarn add 2FA-HOTP-TOTP

Usage

Import

import { TFA } from '2FA-HOTP-TOTP';
   OR
const { TFA } = require('2FA-HOTP-TOTP');

HOTP

Generate
TFA.HOTP.generate({
  key: 'test',
  counter: 0, // optional
});

// => 941117
Validate
TFA.HOTP.validate({
  token: '123123', // length must be 6
  key: 'test',
  window: 1,       // optional
  counter: 0,      // optional
});

// => time-step (number) or null

TOTP

Generate
TFA.TOTP.generate({
  key: 'test',
  time: 30, // optional
});

// => 432486
Validate
TFA.TOTP.validate({
  token: '123123', // length must be 6
  key: 'test',
  window: 1,       // optional
  time: 30,        // optional
});

// => time-step (number) or null

Base32

TFA.base32('test');

// => ORSXG5A

Description

All code also covered with JSDoc with links to specifications and its pages

HOTP

Implementation of RFC 4226

HOTP(K,C) = Truncate(HMAC-SHA-1(K,C))

HOTP.generate

Arguments (object):

obj.* Required Description Default
key unique secret key for user
counter moving factor (read page 6) 0

Returns string of 6 int, because it must be always 6 ing length and first can be zero

HOTP.validate

Arguments (object):

obj.* Required Description Default
token code, provided by user
key unique secret key for user
window counter values window 1
counter moving factor (read page 6) 0

Returns null if nothing found or number between -window to +window if same code in steps found

What is window:

For example, if you using TOTP (HOTP with time) with 0 window, only current XX (30 by default) second code will be checked for verification. If you set 1, neighboring seconds code (+30 and -30) also checked.

One more example with time-step 30 sec:

  • window 0 = only 04:20:00 - 04:20:30 will be checked
  • window 1 = 04:19:30 - 04:20:00, 04:20:00 - 04:20:30 and 04:20:30 - 04:21:00 all steps codes (-1, 0, 1) checked

TOTP

Implementation of RFC 6238

TOTP = HOTP(K, T)

TOTP.generate

Arguments (object):

obj.* Required Description Default
key unique secret key for user
time time-step in seconds (default recomended) 30

Returns string of 6 int, because it must be always 6 ing length and first can be zero

HOTP.validate

Arguments (object):

obj.* Required Description Default
token code, provided by user
key unique secret key for user
window counter values window 1
time time-step in seconds (default recomended) 30

Returns null if nothing found or number between -window to +window if same code in steps found

👆 What is window