passport-otp-strategy
v1.2.1
Published
TOTP authentication strategy for Passport.
Downloads
267
Maintainers
Readme
Passport-OTP
This is a fork of the Passport-TOTP library and uses otplib
instead of notp
.
Passport strategy for two-factor authentication using a TOTP value.
This module lets you authenticate using a TOTP value in your Node.js applications. By plugging into Passport, TOTP two-factor authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express. TOTP values can be generated by hardware devices or software applications, including Google Authenticator and Authy.
Note that in contrast to most Passport strategies, TOTP authentication requires that a user already be authenticated using an initial factor. Requirements regarding when to require a second factor are a matter of application-level policy, and outside the scope of both Passport and this strategy.
Install
$ npm install passport-otp-strategy
Usage
Configure Strategy
The TOTP authentication strategy authenticates a user using a TOTP value
generated by a hardware device or software application (known as a token). The
strategy requires a setup
callback.
The setup
callback accepts a previously authenticated user
and calls done
providing a key
used to verify the token value. Authentication
fails if the value is not verified.
passport.use(new OtpStrategy(
{
codeField: 'code',
authenticator: {}
}
function(user, done) {
TotpKey.findOne({ userId: user.id }, function (err, key) {
if (err) { return done(err); }
return done(null, key.key);
});
}
));
You can find a full listing of authenticator
options here. Note that the crypto
library will be used by default. If you want to change that, you can specify it in authenticator.crypto
(more on that here).
Authenticate Requests
Use passport.authenticate()
, specifying the 'otp'
strategy, to authenticate
requests.
For example, as route middleware in an Express application:
app.post('/verify-otp',
passport.authenticate('otp', { failureRedirect: '/verify-otp' }),
function(req, res) {
req.session.authFactors = [ 'otp' ];
res.redirect('/');
});
Examples
For a complete, working example, refer to the two-factor example. Please keep in mind that this example is not production ready as-is.
Tests
$ npm install
$ make test
Credits
License
Contributing
PRs are welcome!
Contributors ✨
Thanks goes to these wonderful people (emoji key):
This project follows the all-contributors specification. Contributions of any kind welcome!