Documentation: https://otp.oslojs.dev
A JavaScript library for generating and verifying OTPs by Oslo.
Supports HMAC-based one-time passwords (HOTP) and time-based one-time passwords (TOTP) as defined in RFC 4226 and RFC 6238.
- Runtime-agnostic
- No third-party dependencies
- Fully typed
import { generateTOTP, verifyTOTP } from "@oslojs/otp";
const totp = generateTOTP(key, 30, 6);
const valid = verifyTOTP(totp, key, 30, 6);
npm i @oslojs/otp
This package requires the Web Crypto API. This is available in most modern runtimes, including Node.js 20+, Deno, Bun, and Cloudflare Workers. The big exception is Node.js 16 and 18. Make sure to polyfill it using webcrypto
.
import { webcrypto } from "node:crypto";
globalThis.crypto = webcrypto;
Alternatively, add the --experimental-global-webcrypto
flag when executing files.
node --experimental-global-webcrypto index.js