TOTP authentication strategy for Passport and Node.js.
Passport strategy for two-factor authentication using a TOTP value.
This module lets you authenticate using a TOTP value in your Node.js applications. By plugging into Passport, TOTP two-factor authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express. TOTP values can be generated by hardware devices or software applications, including Google Authenticator.
Note that in contrast to most Passport strategies, TOTP authentication requires that a user already be authenticated using an initial factor. Requirements regarding when to require a second factor are a matter of application-level policy, and outside the scope of both Passport and this strategy.
$ npm install passport-totp
The TOTP authentication strategy authenticates a user using a TOTP value generated by a hardware device or software application (known as a token). The strategy requires a
setupcallback.
The
setupcallback accepts a previously authenticated
userand calls
doneproviding a
keyand
periodused to verify the HOTP value. Authentication fails if the value is not verified.
passport.use(new TotpStrategy( function(user, done) { TotpKey.findOne({ userId: user.id }, function (err, key) { if (err) { return done(err); } return done(null, key.key, key.period); }); } ));
Use
passport.authenticate(), specifying the
'totp'strategy, to authenticate requests.
For example, as route middleware in an Express application:
app.post('/verify-otp', passport.authenticate('totp', { failureRedirect: '/verify-otp' }), function(req, res) { req.session.authFactors = [ 'totp' ]; res.redirect('/'); });
For a complete, working example, refer to the two-factor example.
$ npm install $ make test
Copyright (c) 2013 Jared Hanson <http://jaredhanson.net/>