One Time Password (HOTP/TOTP) library for Node.js and browser.
Clone or download
Latest commit cbfd032 Jun 3, 2018

Last version Dependencies status Dev dependencies status NPM status Documentation


One Time Password (HOTP/TOTP) library for Node.js and browser.


Install the module via npm.

npm install otpauth



const OTPAuth = require('otpauth');

let totp = new OTPAuth.TOTP({
	issuer: 'ACME',
	label: 'AzureDiamond',
	algorithm: 'SHA1',
	digits: 6,
	period: 30,
	secret: OTPAuth.Secret.fromB32('NB2W45DFOIZA')

// Generate TOTP token.
let token = totp.generate();

// Validate TOTP token.
let delta = totp.validate({
	token: token,
	window: 10

// Convert to Google Authenticator key URI:
//   otpauth://totp/ACME:AzureDiamond?issuer=ACME&secret=NB2W45DFOIZA&algorithm=SHA1&digits=6&period=30
let uri = totp.toString();


<script src="otpauth.min.js"></script>
	// Same as above...

Supported hashing algorithms

In Node.js, the same algorithms as Crypto.createHmac function are supported, since it is used internally. In browsers, the SHA1, SHA256 and SHA512 algorithms are supported by using the Stanford Javascript Crypto Library.


See the documentation page.


MIT License © Héctor Molinero Fernández.