totp-generator-ts
v1.0.3
Published
Generate time-based one-time passwords.
Downloads
485
Maintainers
Readme
Time-based one-time password generator (TOTP)
This package is heavily inspired by bellstrand/totp-generator. It uses the JsSHA package to generate one-time passwords described in RFC 6238.
Major benefits of this package are the usage of Typescript and tsup so it can provide a CommonJS and ESModule version. It also uses zod as a validation library to parse user inputs.
To use this package, simply install is using npm, yarn or pnpm.
npm install totp-generator-ts
You can look at the documentation in the code using documenting comments or follow this guide.
Guide
This guide will only show the usage of this package with Typescript but it can also be used in any Javascript Application.
First, import the package into your program.
import { TokenGenerator } from 'totp-generator-ts';
Instantiate an object from the class, optionally passing configuration. The default settings are:
- SHA-1 Algorithm
- 30 second time-step size
- 6 digit tokens
- current time as the timestamp
You can change the values using the constructor or changing them later in your program.
const tokenGen = new TokenGenerator({
algorithm: 'SHA-512',
period: 60,
digits: 8,
timestamp: 1675325019,
});
tokenGen.digits = 6;
To generate a token, simply used the public function getToken()
which takes a string as an argument.
The string has to be at least one character long (it should most definitly be longer) and can only contain base32 characters defined in RFC 4684.
import { TokenGenerator } from 'totp-generator-ts';
const tokenGen = new TokenGenerator();
const token = tokenGen.getToken('JBSWY3DPEHPK3PXP');
console.log(token);
This package will validate all your inputs and throw errors accordingly.
Contrary to the specifications for the TOTP-Algorithm described in RFC 6238, this program does not support time values greater than a 32bit-integer and will therefore NOT WORK after the year 2038!
If you find any issues or have suggestions please make sure to report them on the issue tracker.
You can also write me an email and/or join my discord server.
Thank you for using my repository and good luck with your next secure program!