This content originally appeared on DEV Community and was authored by Haikel Fazzani
One-Time Passwords (OTPs) are a crucial component of modern authentication systems, providing an extra layer of security through Two-Factor Authentication (2FA).
What is one-time-pass?
one-time-pass is a lightweight yet powerful library that generates both TOTP (Time-Based One-Time Password) and HOTP (HMAC-Based One-Time Password) codes. It adheres to the established standards of RFC 6238 and RFC 4226, ensuring that the generated codes are compatible with popular authenticator apps like Google Authenticator.
What makes this library stand out is its commitment to simplicity. With zero dependencies, it keeps your project’s footprint small and avoids potential dependency conflicts, making it a great choice for a wide range of applications.
Getting Started: Installation and Usage
To begin using the library in your project, you can install it via npm:
npm i one-time-pass
The library is designed with a modern syntax, making it easy to import and use with ES modules.
Generating a TOTP Code
TOTP codes are the most common type of OTP, relying on the current time and a shared secret key. Here’s how you can generate one:
import { generateTOTP } from "one-time-pass";
const secretKey = "your-super-secret-key"; // This key should be unique for each user
const totp = generateTOTP(secretKey, {
timeStep: 30, // The time step in seconds (default is 30)
digits: 6, // The number of digits in the OTP (default is 6)
hash: "sha1", // The hashing algorithm (e.g., "sha1", "sha256", "sha512")
});
console.log(totp); // Outputs a 6-digit TOTP code
Generating an HOTP Code
HOTP codes are counter-based, meaning they change each time the counter is incremented. This is useful for systems where a reliable time source is not available.
import { generateHOTP } from "one-time-pass";
const secretKey = "your-super-secret-key";
const counter = 1234; // The counter value
const hotp = generateHOTP(secretKey, counter, {
digits: 6,
hash: "sha1",
});
console.log(hotp); // Outputs a 6-digit HOTP code
Browser Usage
If you’re building a client-side application, you can use a CDN to include the library directly via a script tag.
<script src="https://cdn.jsdelivr.net/npm/one-time-pass"></script>
<script>
// The functions are available globally under the `oneTimePass` object
const totp = otp.generateTOTP("your-secret-key");
console.log(totp);
</script>
Conclusion
Whether you’re developing for the back end with Node.js or a front-end application, one-time-pass provides a simple, dependable, and efficient way to implement OTP generation. Its zero-dependency approach and adherence to open standards make it an excellent choice for any project that needs robust two-factor authentication without the overhead.
To learn more and contribute, check out the one-time-pass GitHub repository.
This content originally appeared on DEV Community and was authored by Haikel Fazzani