Methods
digest(options) → {Buffer}
Digest the one-time passcode options.
Parameters:
Name | Type | Description | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
Object |
Properties
|
Returns:
The one-time passcode as a buffer.
- Type
- Buffer
generateSecret(options) → {Object|GeneratedSecret}
Generates a random secret with the set A-Z a-z 0-9 and symbols, of any length (default 32). Returns the secret key in ASCII, hexadecimal, and base32 format, along with the URL used for the QR code for Google Authenticator (an otpauth URL). Use a QR code library to generate a QR code based on the Google Authenticator URL to obtain a QR code you can scan into the app.
Parameters:
Name | Type | Description | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
Object |
Properties
|
Returns:
-
- Type
- Object
-
The generated secret key.
- Type
- GeneratedSecret
generateSecretASCII(lengthopt, symbolsopt) → {String}
Generates a key of a certain length (default 32) from A-Z, a-z, 0-9, and symbols (if requested).
Parameters:
Name | Type | Attributes | Default | Description |
---|---|---|---|---|
length |
Integer |
<optional> |
32 | The length of the key. |
symbols |
Boolean |
<optional> |
false | Whether to include symbols in the key. |
Returns:
The generated key.
- Type
- String
hotp(options) → {String}
Generate a counter-based one-time token. Specify the key and counter, and receive the one-time password for that counter position as a string. You can also specify a token length, as well as the encoding (ASCII, hexadecimal, or base32) and the hashing algorithm to use (SHA1, SHA256, SHA512).
Parameters:
Name | Type | Description | |||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
Object |
Properties
|
Returns:
The one-time passcode.
- Type
- String
hotp.verify(options) → {Boolean}
Verify a counter-based one-time token against the secret and return true if it verifies. Helper function for `hotp.verifyDelta()`` that returns a boolean instead of an object. For more on how to use a window with this, see hotp.verifyDelta.
Parameters:
Name | Type | Description | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
Object |
Properties
|
Returns:
Returns true if the token matches within the given window, false otherwise.
- Type
- Boolean
hotp.verifyDelta(options) → {Object}
Verify a counter-based one-time token against the secret and return the delta. By default, it verifies the token at the given counter value, with no leeway (no look-ahead or look-behind). A token validated at the current counter value will have a delta of 0.
You can specify a window to add more leeway to the verification process.
Setting the window param will check for the token at the given counter value
as well as window
tokens ahead (one-sided window). See param for more info.
verifyDelta()
will return the delta between the counter value of the token
and the given counter value. For example, if given a counter 5 and a window
10, verifyDelta()
will look at tokens from 5 to 15, inclusive. If it finds
it at counter position 7, it will return { delta: 2 }
.
Parameters:
Name | Type | Description | ||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
Object |
Properties
|
Returns:
On success, returns an object with the counter
difference between the client and the server as the delta
property (i.e.
{ delta: 0 }
).
- Type
- Object
otpauthURL(options) → {String}
Generate a Google Authenticator-compatible otpauth:// URL for passing the secret to a mobile device to install the secret.
Authenticator considers TOTP codes valid for 30 seconds. Additionally, the app presents 6 digits codes to the user. According to the documentation, the period and number of digits are currently ignored by the app.
To generate a suitable QR Code, pass the generated URL to a QR Code
generator, such as the qr-image
module.
Parameters:
Name | Type | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
Object |
Properties
|
Throws:
Error if secret or label is missing, or if hotp is used and a
counter is missing, if the type is not one of hotp
or totp
, if the
number of digits is non-numeric, or an invalid period is used. Warns if
the number of digits is not either 6 or 8 (though 6 is the only one
supported by Google Authenticator), and if the hashihng algorithm is
not one of the supported SHA1, SHA256, or SHA512.
Returns:
A URL suitable for use with the Google Authenticator.
- Type
- String
totp(options) → {String}
Generate a time-based one-time token. Specify the key, and receive the one-time password for that time as a string. By default, it uses the current time and a time step of 30 seconds, so there is a new token every 30 seconds. You may override the time step and epoch for custom timing. You can also specify a token length, as well as the encoding (ASCII, hexadecimal, or base32) and the hashing algorithm to use (SHA1, SHA256, SHA512).
Under the hood, TOTP calculates the counter value by finding how many time steps have passed since the epoch, and calls HOTP with that counter value.
Parameters:
Name | Type | Description | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
Object |
Properties
|
Returns:
The one-time passcode.
- Type
- String
totp.verify(options) → {Boolean}
Verify a time-based one-time token against the secret and return true if it verifies. Helper function for verifyDelta() that returns a boolean instead of an object. For more on how to use a window with this, see totp.verifyDelta.
Parameters:
Name | Type | Description | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
Object |
Properties
|
Returns:
Returns true if the token matches within the given window, false otherwise.
- Type
- Boolean
totp.verifyDelta(options) → {Object}
Verify a time-based one-time token against the secret and return the delta. By default, it verifies the token at the current time window, with no leeway (no look-ahead or look-behind). A token validated at the current time window will have a delta of 0.
You can specify a window to add more leeway to the verification process.
Setting the window param will check for the token at the given counter value
as well as window
tokens ahead and window
tokens behind (two-sided
window). See param for more info.
verifyDelta()
will return the delta between the counter value of the token
and the given counter value. For example, if given a time at counter 1000 and
a window of 5, verifyDelta()
will look at tokens from 995 to 1005,
inclusive. In other words, if the time-step is 30 seconds, it will look at
tokens from 2.5 minutes ago to 2.5 minutes in the future, inclusive.
If it finds it at counter position 1002, it will return { delta: 2 }
.
If it finds it at counter position 997, it will return { delta: -3 }
.
Parameters:
Name | Type | Description | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
options |
Object |
Properties
|
Returns:
On success, returns an object with the time step
difference between the client and the server as the delta
property (e.g.
{ delta: 0 }
).
- Type
- Object
Type Definitions
GeneratedSecret
Type:
- Object
Properties:
Name | Type | Description |
---|---|---|
ascii |
String | ASCII representation of the secret |
hex |
String | Hex representation of the secret |
base32 |
String | Base32 representation of the secret |
qr_code_ascii |
String | URL for the QR code for the ASCII secret. |
qr_code_hex |
String | URL for the QR code for the hex secret. |
qr_code_base32 |
String | URL for the QR code for the base32 secret. |
google_auth_qr |
String | URL for the Google Authenticator otpauth URL's QR code. |
otpauth_url |
String | Google Authenticator-compatible otpauth URL. |