Skip to content
100% Javascript Implementation of HOTP and TOTP for Two-Factor Authentication.
JavaScript CoffeeScript HTML Shell
Branch: master
Clone or download
jiangts Merge pull request #10 from runerune-sgt/master
Fix occasional bad TOTP length for tokens of length >6, add es6 support
Latest commit 8cfc5df May 9, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.


Javascript Implementation of HOTP and TOTP

A small javascript library (17k minified, 6.3k minified and gzipped) that handles generation of HMAC-based One-time Password Algorithm (HOTP) codes as per the HOTP RFC Draft and the Time-based One-time Password Algorithm (TOTP) codes as per the TOTP RFC Draft. This library produces the same codes as the Google Authenticator app.

This package only exposes jsOTP and jsSHA to global scope and does not depend on jQuery.


Usage is simple. Just include dist/jsOTP.js to your page and pass it a config.

<script src='dist/jsOTP.min.js'></script>
// hotp
var hotp = new jsOTP.hotp();
var hmacCode = hotp.getOtp(<your OTP key>, <counter>);

// totp
var totp = new jsOTP.totp();
var timeCode = totp.getOtp(<your OTP key>);

Additional Configs

You can also configure the expiry time for each code (defaults to 30 seconds) and the length of the code (between 6 and 8, defaults to 6) by passing two optional arguments to the totp constructor:

var totp = new jsOTP.totp(<expiry seconds>, <code length>);

You can also input the time for TOTP calculations as an optional second argument:

var timeCode = totp.getOtp(<OTP key>, <milliseconds time>);


Due to an issue with babel causing it to replace window dependency with undefined, use from the main direcotry. It runs sed before minification to replace broken window injections.


This package is adapted from the following fiddle and the Node OTP library and uses Brian Turek's jsSHA.

You can’t perform that action at this time.