HMAC-based (HOTP) and Time-based (TOTP) One-Time Password manager. Works with Google Authenticator for Two-Factor Authentication.

Usage no npm install needed!

<script type="module">
  import akanassRxOtp from 'https://cdn.skypack.dev/@akanass/rx-otp';


One-Time Password manager

One Time Password manager is fully compliant with HOTP (counter based one time passwords) and TOTP (time based one time passwords). It can be used in conjunction with the Google Authenticator, for Two-Factor Authentication, which has free apps for iOS, Android and BlackBerry.

All methods described in both RFC are implemented in API.

Now RxJS compliant, wrote in full Typescript | ES6 for client and server side.

Table of contents


$ npm install --save @akanass/rx-otp rxjs


$ yarn add @akanass/rx-otp rxjs

Super simple to use

RX-OTP is designed to be the simplest way possible to generate and verify OTP.

It's fully Typescript | ES6 wrotten so you can import it :

import {HOTP} from "@akanass/rx-otp";

or use CommonJS:

const HOTP = require('@akanass/rx-otp').HOTP;

Now, it's easy to perform a generation of HOTP:

    token => console.log(token), // display 125165 in the console
    err => console.error(err) // show error in console

Back to top

Browser compatibility

RX-OTP can be used in your favorite browser to have all features in your own front application.

Just import browser/index.js script and enjoy:

<script src="node_modules/@akanass/rx-otp/browser/index.js" type="application/javascript"></script>
<script type="application/javascript">
    const HOTP = ro.HOTP;
            console.log(token); // display 125165 in the console
            console.error(err); // show error in console

Browser version is a standalone version so you just need to copy/paste file from node_modules/@akanass/rx-otp/browser/index.js when you want to create your bundle and change path to it.

Back to top

Build your project with Webpack

If you want to include this library inside a project builds with webpack for a client application, you must add this configuration inside your webpack configuration:

    target: "web",
    node: {
        fs: "empty",
        net: "empty",
        tls: "empty"

For a server application, target will be node, node block in configuration doesn't exist and uglify plugin must be disabled.

Back to top

API in Detail

We implemented some functions and to see their details go to documentation folder:

Back to top


To set up your development environment:

  1. clone the repo to your workspace,
  2. in the shell cd to the main folder,
  3. hit npm or yarn install,
  4. run npm or yarn run test.
    • It will lint the code and execute all tests.
    • The test coverage report can be viewed from ./coverage/lcov-report/index.html.

Back to top

Change History

  • v1.1.0 (2019-07-12)
    • Change repository owner name
    • Latest packages' versions
    • Fix tests
    • Documentation
  • v1.0.0 (2019-03-08)
    • Add scope to library and move to @akanass/rx-otp
    • Rewritten all library and test files in Typescript
    • Add typings support
    • Use JEST for testing
    • Use json-schema and ajv library to validate functions' parameters

Back to top


Copyright (c) 2019 Nicolas Jessel. Licensed under the MIT license.

Back to top