Need help with passport-totp?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

jaredhanson
131 Stars 42 Forks MIT License 11 Commits 12 Opened issues

Description

TOTP authentication strategy for Passport and Node.js.

Services available

!
?

Need anything else?

Contributors list

# 4,752
JavaScr...
C
npm
React N...
8 commits
# 2,436
JavaScr...
MongoDB
Less
Socket....
2 commits

Passport-TOTP

Passport strategy for two-factor authentication using a TOTP value.

This module lets you authenticate using a TOTP value in your Node.js applications. By plugging into Passport, TOTP two-factor authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express. TOTP values can be generated by hardware devices or software applications, including Google Authenticator.

Note that in contrast to most Passport strategies, TOTP authentication requires that a user already be authenticated using an initial factor. Requirements regarding when to require a second factor are a matter of application-level policy, and outside the scope of both Passport and this strategy.

Install

$ npm install passport-totp

Usage

Configure Strategy

The TOTP authentication strategy authenticates a user using a TOTP value generated by a hardware device or software application (known as a token). The strategy requires a

setup
callback.

The

setup
callback accepts a previously authenticated
user
and calls
done
providing a
key
and
period
used to verify the HOTP value. Authentication fails if the value is not verified.
passport.use(new TotpStrategy(
  function(user, done) {
    TotpKey.findOne({ userId: user.id }, function (err, key) {
      if (err) { return done(err); }
      return done(null, key.key, key.period);
    });
  }
));

Authenticate Requests

Use

passport.authenticate()
, specifying the
'totp'
strategy, to authenticate requests.

For example, as route middleware in an Express application:

app.post('/verify-otp', 
  passport.authenticate('totp', { failureRedirect: '/verify-otp' }),
  function(req, res) {
    req.session.authFactors = [ 'totp' ];
    res.redirect('/');
  });

Examples

For a complete, working example, refer to the two-factor example.

Tests

$ npm install
$ make test

Build Status

Credits

License

The MIT License

Copyright (c) 2013 Jared Hanson <http://jaredhanson.net/>

Sponsor

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.