UNPKG

otplib

Version:

TypeScript-first library for TOTP and HOTP with multi-runtime and plugin support

otplib.yeojz.dev

yeojz/otplib

123 lines (119 loc) 3.25 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
import { CryptoPlugin, Base32Plugin, OTPGuardrails, HashAlgorithm, Digits, OTPHooks } from '@otplib/core'; /** * Type definitions for otplib package */ /** * OTP Strategy Type */ type OTPStrategy = "totp" | "hotp"; /** * Options with plugin overrides */ type OTPAuthOptions = { /** * Crypto plugin to use (default: NobleCryptoPlugin) */ readonly crypto?: CryptoPlugin; /** * Base32 plugin to use (default: ScureBase32Plugin) */ readonly base32?: Base32Plugin; }; /** * Common options for OTP generation * * These options apply to both TOTP and HOTP strategies. */ type OTPGenerateOptions = { /** * Base32-encoded secret key * * **Note**: By default, strings are assumed to be Base32 encoded. * If you have a raw string/passphrase, you must convert it to Uint8Array first. */ secret: string | Uint8Array; /** * OTP strategy to use (default: 'totp') * - 'totp': Time-based OTP * - 'hotp': HMAC-based OTP */ strategy?: OTPStrategy; /** * Crypto plugin to use (default: NobleCryptoPlugin) */ crypto?: CryptoPlugin; /** * Base32 plugin to use (default: ScureBase32Plugin) */ base32?: Base32Plugin; /** * Validation guardrails */ guardrails?: OTPGuardrails; /** * Hash algorithm (default: 'sha1') */ algorithm?: HashAlgorithm; /** * Number of digits (default: 6) */ digits?: Digits; /** * Time step in seconds (default: 30) * Used by TOTP strategy */ period?: number; /** * Current Unix epoch timestamp in seconds (default: now) * Used by TOTP strategy */ epoch?: number; /** * Initial Unix time to start counting time steps (default: 0) * Used by TOTP strategy */ t0?: number; /** * Counter value * Used by HOTP strategy (required) */ counter?: number; /** * Hooks for customizing token encoding and validation. * Allows non-standard OTP variants (e.g., Steam Guard) to replace * the default numeric encoding with custom schemes. */ hooks?: OTPHooks; }; /** * Options for OTP verification * * Extends OTPFunctionalOptions with token and tolerance parameters. */ type OTPVerifyOptions = OTPGenerateOptions & { /** * OTP code to verify */ token: string; /** * Time tolerance in seconds for TOTP verification (default: 0) * - Number: symmetric tolerance (same for past and future) * - Tuple [past, future]: asymmetric tolerance * Use [5, 0] for RFC-compliant past-only verification. */ epochTolerance?: number | [number, number]; /** * Counter tolerance for HOTP verification (default: 0) * - Number: creates look-ahead only tolerance [0, n] * - Tuple [past, future]: explicit window control */ counterTolerance?: number | [number, number]; /** * Minimum allowed TOTP time step for replay protection (optional) * * Rejects tokens with timeStep <= afterTimeStep. * Only used by TOTP strategy. */ afterTimeStep?: number; }; export type { OTPAuthOptions as O, OTPGenerateOptions as a, OTPStrategy as b, OTPVerifyOptions as c };