{"id":17582506,"url":"https://github.com/benallfree/pocketbase-otp","last_synced_at":"2025-07-09T23:34:17.784Z","repository":{"id":255443517,"uuid":"852067973","full_name":"benallfree/pocketbase-otp","owner":"benallfree","description":null,"archived":false,"fork":false,"pushed_at":"2024-09-13T22:09:52.000Z","size":217,"stargazers_count":9,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-15T07:08:51.267Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/benallfree.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-04T07:04:36.000Z","updated_at":"2025-03-25T16:45:35.000Z","dependencies_parsed_at":"2024-09-14T12:20:14.583Z","dependency_job_id":null,"html_url":"https://github.com/benallfree/pocketbase-otp","commit_stats":null,"previous_names":["benallfree/pocketbase-otp"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benallfree%2Fpocketbase-otp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benallfree%2Fpocketbase-otp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benallfree%2Fpocketbase-otp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/benallfree%2Fpocketbase-otp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/benallfree","download_url":"https://codeload.github.com/benallfree/pocketbase-otp/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249023723,"owners_count":21199960,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-22T02:00:40.931Z","updated_at":"2025-04-15T07:08:55.764Z","avatar_url":"https://github.com/benallfree.png","language":"JavaScript","funding_links":[],"categories":["JSVM Plugins"],"sub_categories":[],"readme":"# PocketBase OTP Hook\n\nThis is a One Time Password (OTP) authentication hook for [PocketBase](https://pocketbase.io). It enables email-based OTP authentication for users.\n\n## Why use One Time Passwords?\n\n### Benefits\n\n- **Enhanced Security**: OTPs provide an extra layer of security by requiring a temporary, unique code sent to the user's email. This reduces the risk of unauthorized access compared to static passwords.\n- **No Need for Password Storage**: OTP authentication eliminates the need to store sensitive password hashes, reducing the potential for data breaches.\n- **Easy to Use**: Users don't need to remember complex passwords, as each login generates a new code sent directly to their email.\n- **Phishing Resistance**: Since OTPs are time-limited and single-use, they can help mitigate risks from phishing attacks. Even if an attacker gets the OTP, it becomes invalid after use or expiration.\n- **Fits Temporary Access**: OTPs are ideal for temporary or one-time access scenarios, such as guest accounts, event-based logins, or quick signups without requiring a permanent password.\n\n### Use Cases\n\n- **Passwordless Authentication**: OTPs can serve as a standalone authentication method, removing the need for traditional passwords entirely.\n- **Multi-Factor Authentication (MFA)**: OTPs can act as an additional factor in a multi-step authentication process, increasing the security of an account.\n- **Temporary Access or Guest Accounts**: For platforms offering temporary services or guest accounts, OTPs provide a secure and quick login method without the need to create permanent credentials.\n- **Low-Friction Onboarding**: OTPs offer an easier onboarding process for users who don't want to deal with password management, enhancing user experience for apps with quick signup requirements.\n\n## Caveats and Drawbacks\n\n- **Email Delays**: Since OTPs rely on email delivery, network issues or delays in sending emails can frustrate users trying to authenticate quickly.\n- **Email Account Vulnerabilities**: The security of OTP authentication is heavily reliant on the user's email account being secure. If an email account is compromised, the attacker can intercept OTPs.\n- **Single-Point Failure**: If email services are unavailable or if users don’t have access to their email, they cannot authenticate.\n- **Limited Offline Use**: OTP authentication requires internet access for the user to retrieve their email, making it less ideal for situations where offline access is needed.\n- **User Friction**: Constantly entering OTP codes may lead to user fatigue, especially in frequent-use applications, making it less convenient compared to persistent logins or biometric options.\n\n## Installation\n\n1. Install the package:\n\n   ```bash\n   npm install pocketbase-otp\n   ```\n\n2. Copy the migrations into your `pb_migrations`:\n\n   ```bash\n   cp node_modules/pocketbase-otp/pb_migrations pb_migrations\n   ```\n\n3. Copy the hook file into your `pb_hooks`::\n\n   ```bash\n   cp node_modules/pocketbase-otp/pb_hooks pb_hooks\n   ```\n\n## Usage\n\n### Requesting a Code\n\nFirst, make sure your PocketBase instance has SMTP configured and tested for sending emails.\n\nTo request an OTP code:\n\n```javascript\nconst client = new PocketBase(...)\nconst res = await client.send(`/api/otp/auth`, {\n  body: { email },\n  method: 'POST',\n})\n```\n\nThe PocketBase instance will send the OTP code to the provided email address.\n\n### Verifying the Code\n\nOnce the user receives the OTP code, use it to trade for the authentication token and user record:\n\n```javascript\nconst res = await client.send(`/api/otp/verify`, {\n  body: { email, code },\n  method: 'POST',\n})\nclient.authStore.save(res.token, res.record)\n```\n\nThis will authenticate the PocketBase client using the OTP.\n\n## License\n\nMIT License\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbenallfree%2Fpocketbase-otp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbenallfree%2Fpocketbase-otp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbenallfree%2Fpocketbase-otp/lists"}