npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

iotp

v3.1.0

Published

Isomorphic One Time Password library for both node and browser, supports HOTP, TOTP and works with Google Authenticator

Downloads

9

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

mountainmoonmountainmoon

Keywords

otphotptotpiotpisomorphic

Readme

Isomorphic One Time Password library

Fork from notp

Simple to use, fast, and with zero dependencies. The Isomorphic Time Password library both for node and browser is fully compliant with HOTP (counter based one time passwords) and TOTP (time based one time passwords). It can be used in conjunction with the Google Authenticator which has free apps for iOS, Android and BlackBerry.

Installation

npm install iotp

Usage

var iotp = require('iotp');

//.... some initial login code, that receives the user details and TOTP / HOTP token

var key = 'secret key for user... could be stored in DB';
var token = 'user supplied one time use token';

// Check TOTP is correct (HOTP if hotp pass type)
var login = await iotp.totp.verify(token, key);

// invalid token if login is null
if (!login) {
    return console.log('Token invalid');
}

// valid token
console.log('Token valid, sync value is %s', login.delta);

Google Authenticator

Google authenticator requires that keys be base32 encoded before being used. This includes manual entry into the app as well as preparing a QR code URI.

To base32 encode a utf8 key you can use the thirty-two module.

var base32 = require('thirty-two');

var key = 'secret key for the user';

// encoded will be the secret key, base32 encoded
var encoded = base32.encode(key);

// Google authenticator doesn't like equal signs
var encodedForGoogle = encoded.toString().replace(/=/g,'');

// to create a URI for a qr code (change totp to hotp if using hotp)
var uri = 'otpauth://totp/somelabel?secret=' + encodedForGoogle;

Note: If your label has spaces or other invalid uri characters you will need to encode it accordingly using encodeURIComponent More details about the uri key format can be found on the google auth wiki

API

hotp.verify(token, key, opt)

Check a counter based one time password for validity.

Returns a Promise will resolved to null if token is not valid for given key and options.

Returns a Promise will resolved to an object {delta: #} if the token is valid. delta is the count skew between client and server.

opt

window

The allowable margin for the counter. The function will check window codes in the future against the provided token. i.e. if window = 100 and counter = 5 all tokens between 5 and 105 will be checked against the supplied token Default - 1

counter

Counter value. This should be stored by the application on a per user basis. It is up to the application to track and increment this value as needed. It is also up to the application to increment this value if there is a skew between the client and server (delta)

totp.verify(token, key, opt)

Check a time based one time password for validity

Returns a Promise will resolved to null if token is not valid for given key and options.

Returns a Promise will resolved to an object {delta: #} if the token is valid. delta is the count skew between client and server.

opt

window

The allowable margin for the counter. The function will check window codes in the future against the provided token. i.e. if window = 5 and counter = 1000 all tokens between 995 and 1005 will be checked against the supplied token Default - 1

time

The time step of the counter. This must be the same for every request and is used to calculate C. Default - 30

hotp.gen(key, opt)

Returns a Promise will resolved to a counter based one time password

opt

counter

Counter value. This should be stored by the application, must be user specific, and be incremented for each request.

totp.gen(key, opt)

Returns a Promise will resolved to a time based one time password

opt

time

The time step of the counter. This must be the same for every request and is used to calculate C. Default - 30

Changed from 2.x to 3.x

  • Support for browser.
  • Use async API style because browser crypto API is async.