Skip to content

jaredhanson/passport-hotp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
examples/two-factor
examples/two-factor
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.npmignore
.npmignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
package.json
package.json
 
 

Repository files navigation

Passport-HOTP

Passport strategy for two-factor authentication using a HOTP value.

This module lets you authenticate using a HOTP value in your Node.js applications. By plugging into Passport, HOTP two-factor authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express. HOTP values can be generated by hardware devices or software applications, including Google Authenticator.

Note that in contrast to most Passport strategies, HOTP authentication requires that a user already be authenticated using an initial factor. Requirements regarding when to require a second factor are a matter of application-level policy, and outside the scope of both Passport and this strategy.

Install

$ npm install passport-hotp

Usage

Configure Strategy

The HOTP authentication strategy authenticates a user using a HOTP value generated by a hardware device or software application (known as a token). The strategy requires a setup callback and a resync callback.

The setup callback accepts a previously authenticated user and calls done providing a key and counter used to verify the HOTP value. Authentication fails if the value is not verified.

After successful authentication, the resync callback is invoked to synchronize the counter values on the server and on the token.

passport.use(new HotpStrategy(
  function(user, done) {
    HotpKey.findOne({ userId: user.id }, function (err, key) {
      if (err) { return done(err); }
      return done(null, key.key, key.counter);
    });
  },
  function(user, key, counter, delta, done) {
    HotpKey.update(user.id, { key: key, counter: counter }, function (err, key) {
      if (err) { return done(err); }
      return done();
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'hotp' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.post('/verify-otp', 
  passport.authenticate('hotp', { failureRedirect: '/verify-otp' }),
  function(req, res) {
    req.session.authFactors = [ 'hotp' ];
    res.redirect('/');
  });

Examples

For a complete, working example, refer to the two-factor example.

Tests

$ npm install
$ make test

Build Status

Credits

License

The MIT License

Copyright (c) 2013 Jared Hanson <http://jaredhanson.net/>

Sponsor

About

HOTP authentication strategy for Passport and Node.js.

Resources

Readme

License

MIT license
Activity

Stars

11 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

1 tags

Packages

No packages published

Languages