https://github.com/aegisjsproject/otp
An OTP library written using the `crypto` API
https://github.com/aegisjsproject/otp
crypto node npm otp totp
Last synced: 10 months ago
JSON representation
An OTP library written using the `crypto` API
- Host: GitHub
- URL: https://github.com/aegisjsproject/otp
- Owner: AegisJSProject
- License: mit
- Created: 2025-04-14T17:43:02.000Z (about 1 year ago)
- Default Branch: master
- Last Pushed: 2025-08-30T16:18:46.000Z (10 months ago)
- Last Synced: 2025-08-30T18:21:45.086Z (10 months ago)
- Topics: crypto, node, npm, otp, totp
- Language: JavaScript
- Homepage: https://www.npmjs.com/package/@aegisjsproject/otp
- Size: 432 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: .github/CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# `@aegisjsproject/otp`
An OTP library written using the `crypto` API
[](https://github.com/Aegisjsproject/otp/actions/workflows/codeql-analysis.yml)
[](https://github.com/Aegisjsproject/otp/blob/master/LICENSE)
[](https://github.com/Aegisjsproject/otp/commits/master)
[](https://github.com/Aegisjsproject/otp/releases)
[](https://github.com/sponsors/shgysk8zer0)
[](https://www.npmjs.com/package/@aegisjsproject/otp)
[](https://www.npmjs.com/package/@aegisjsproject/otp)
[](https://github.com/AegisJSProject)
[](https://twitter.com/shgysk8zer0)
[](https://liberapay.com/shgysk8zer0/donate "Donate using Liberapay")
- - -
- [Code of Conduct](./.github/CODE_OF_CONDUCT.md)
- [Contributing](./.github/CONTRIBUTING.md)
## Features
* Implements RFC 6238 for TOTP generation and verification.
* Uses the standard `Web Crypto API` for secure HMAC operations.
* Supports SHA-1, SHA-256, and SHA-512 algorithms.
* Provides Base32 encoding/decoding (RFC 4648 compatible).
* Generates and parses `otpauth://totp/` URIs for easy provisioning with authenticator apps.
* Cryptographically secure secret generation.
* Configurable token length, time period, and time skew tolerance.
* Pure ES Module, no external runtime dependencies for core crypto.
## Installation
### Using npm (for Node.js, Bundlers)
Install the package using your preferred package manager:
```bash
# Using npm
npm install @aegisjsproject/otp
# Using yarn
yarn add @aegisjsproject/otp
# Using pnpm
pnpm add @aegisjsproject/otp
# Using Git submodules
git submodule add https://github.com/Aegisjsproject/otp.git path/to/destination
```
### Using a CDN with [Importmap](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/script/type/importmap)
```html
{
"imports": {
"@aegisjsproject/otp": "https://unpkg.com/@aegisjsproject/otp[@vx.y.z]/otp.min.js",
"@aegisjsproject/otp/": "https://unpkg.com/@aegisjsproject/otp[@vx.y.z]/"
}
}
```
## Usage Example
```js
import {
generateSecret,
secretToKey,
createOTPAuthURI,
generateTOTP,
verifyTOTP,
parseOTPAuthURI,
// other exports if needed...
} from '@aegisjsproject/otp';
// Generate the random bytes
const secret = generateSecret();
// Create a secret key from those random bytes
const key = await secretToKey(secret);
// Generate an `otpauth:` URI to QR encode (QR encoding not provided)
const uri = createOTPAuthURI({ label: 'Acme:user@example.com', issuer: 'Acme', secret });
// Verify a user-provided TOTP code
const valid = await verifyTOTP(totpCode, key);
```