pt

passport-totp

TOTP authentication strategy for Passport and Node.js.

Showing:

Popularity

Downloads/wk

3.1K

GitHub Stars

140

Maintenance

Last Commit

4yrs ago

Contributors

1

Package

Dependencies

3

Size (min+gzip)

1.5KB

License

Type Definitions

Tree-Shakeable

No?

Categories

Readme

Passport-TOTP

Passport strategy for two-factor authentication using a TOTP value.

This module lets you authenticate using a TOTP value in your Node.js applications. By plugging into Passport, TOTP two-factor authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express. TOTP values can be generated by hardware devices or software applications, including Google Authenticator.

Note that in contrast to most Passport strategies, TOTP authentication requires that a user already be authenticated using an initial factor. Requirements regarding when to require a second factor are a matter of application-level policy, and outside the scope of both Passport and this strategy.

Install

$ npm install passport-totp

Usage

Configure Strategy

The TOTP authentication strategy authenticates a user using a TOTP value generated by a hardware device or software application (known as a token). The strategy requires a setup callback.

The setup callback accepts a previously authenticated user and calls done providing a key and period used to verify the HOTP value. Authentication fails if the value is not verified.

passport.use(new TotpStrategy(
  function(user, done) {
    TotpKey.findOne({ userId: user.id }, function (err, key) {
      if (err) { return done(err); }
      return done(null, key.key, key.period);
    });
  }
));

Authenticate Requests

Use passport.authenticate(), specifying the 'totp' strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.post('/verify-otp', 
  passport.authenticate('totp', { failureRedirect: '/verify-otp' }),
  function(req, res) {
    req.session.authFactors = [ 'totp' ];
    res.redirect('/');
  });

Examples

For a complete, working example, refer to the two-factor example.

Tests

$ npm install
$ make test

Build Status

Credits

License

The MIT License

Copyright (c) 2013 Jared Hanson [http://jaredhanson.net/](http://jaredhanson.net/)

Sponsor

Rate & Review

Great Documentation0
Easy to Use0
Performant0
Highly Customizable0
Bleeding Edge0
Responsive Maintainers0
Poor Documentation0
Hard to Use0
Slow0
Buggy0
Abandoned0
Unwelcoming Community0
100
No reviews found
Be the first to rate

Alternatives

No alternatives found

Tutorials

No tutorials found
Add a tutorial