Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

Tiny-OTP

Tiny-OTP is a tiny (4kb) Javascript library that can generate RFC 4226 compliant HMAC-based one-time passwords (HOTPs), and RFC 6238 compliant time-based one-time passwords (TOTPs).

This is the core library powering the Open-OTP project. To see an example of a full web app using Tiny-OTP (with QR code generation for easy Google Authenticator integration), visit the Open-OTP github repository.

Usage

// Generate a random secret
const secret = OTP.getRandomInt(0, 10 ** 12)

// Initialize OTP generator with secret
const generator = new OTP(secret)

// Get the current 6-digit TOTP value.
// This value will change every 30 seconds.
let totp = generator.getTOTP()

// Get current 6-digit HOTP value.
// This value will change based on the provided counter parameter value.
let hotp = generator.getHOTP(5)

NPM / Browserify / Webpack

Install
npm install tiny-otp
Import
const OTP = require('tiny-otp')

or

import OTP from 'tiny-otp'

Browser Script Tag

Import
<script src="https://cdn.patricktriest.com/vendor/otp/otp.min.js"></script>
Base32 Compatibility

Google Authenticator requires secrets to be imported as base32 encoded strings. Tiny-OTP uses UTF-8 encoding by default, but contains helpers to import and export base32 encoded secrets.

To import a base32 encoded secret.

const generator = new OTP(secret, 'base32')

To export the secret in base32 encoding.

generator.getBase32Secret()

Extra digits

Tiny-OTP generates 6-digit OTPs by default, but can also generate 8-digit OTPs. The number of digits is an optional parameter of the TOTP and HOTP methods.

// Get the current 8-digit TOTP value.
let totp = generator.getTOTP(8)

// Get 8-digit HOTP value, for counter = 5.
let hotp = generator.getHOTP(5, 8)

Distribution Test

To verify that the OTP generates a valid random(flat) distribution of possible 6-digit OTP values, the test directory contains a simple webpage + webworker that will generate batches of 50,000 OTPs, and continuously plot the distribution. To view this visualization, run http-server . and open http://localhost/test/.

You can also view this distribution test at https://cdn.patricktriest.com/vendor/otp/test/index.html

About

Browser-based, Google Authenticator compatible, time-based one-time-password (TOTP) library. 4kb minified and gzipped.

Resources

License

Releases

No releases published

Packages

No packages published