Time-based one-time passwords

Use generateTOTP() to generate TOTPs and use verifyTOTPWithGracePeriod() or verifyTOTP() to verify them. Adding a grace period allows you to account for network latency and time discrepancy between devices.

import { generateTOTP, verifyTOTPWithGracePeriod, verifyTOTP } from "@oslojs/otp";

const digits = 6;
const intervalInSeconds = 30;

const otp = generateTOTP(key, intervalInSeconds, digits);
const valid = verifyTOTPWithGracePeriod(key, intervalInSeconds, digits, otp, 30);
const valid = verifyTOTP(key, intervalInSeconds, digits, otp);

Use createTOTPKeyURI() to create a key URI, which are then usually encoded into a QR code.

import { createTOTPKeyURI } from "@oslojs/otp";

const issuer = "My app";
const accountName = "[email protected]";
const intervalInSeconds = 30;
const digits = 6;
const uri = createTOTPKeyURI(issuer, accountName, key, intervalInSeconds, digits);