An OTP library written using the crypto API
- Implements RFC 6238 for TOTP generation and verification.
- Uses the standard
Web Crypto APIfor secure HMAC operations. - Supports SHA-1, SHA-256, and SHA-512 algorithms.
- Provides Base32 encoding/decoding (RFC 4648 compatible).
- Generates and parses
otpauth://totp/URIs for easy provisioning with authenticator apps. - Cryptographically secure secret generation.
- Configurable token length, time period, and time skew tolerance.
- Pure ES Module, no external runtime dependencies for core crypto.
Install the package using your preferred package manager:
# Using npm
npm install @aegisjsproject/otp
# Using yarn
yarn add @aegisjsproject/otp
# Using pnpm
pnpm add @aegisjsproject/otp
# Using Git submodules
git submodule add https://github.com/Aegisjsproject/otp.git path/to/destinationUsing a CDN with Importmap
<script type="importmap">
{
"imports": {
"@aegisjsproject/otp": "https://unpkg.com/@aegisjsproject/otp[@vx.y.z]/otp.min.js",
"@aegisjsproject/otp/": "https://unpkg.com/@aegisjsproject/otp[@vx.y.z]/"
}
}
</script>import {
generateSecret,
secretToKey,
createOTPAuthURI,
generateTOTP,
verifyTOTP,
parseOTPAuthURI,
// other exports if needed...
} from '@aegisjsproject/otp';
// Generate the random bytes
const secret = generateSecret();
// Create a secret key from those random bytes
const key = await secretToKey(secret);
// Generate an `otpauth:` URI to QR encode (QR encoding not provided)
const uri = createOTPAuthURI({ label: 'Acme:[email protected]', issuer: 'Acme', secret });
// Verify a user-provided TOTP code
const valid = await verifyTOTP(totpCode, key);