**NOT MAINTAINED** Two-factor authentication for Node.js. One-time passcode generator (HOTP/TOTP) with support for Google Authenticator.
Speakeasy 2.0.0 is a major update based on a Speakeasy fork, Passcode, by Michael Phan-Ba, which also incorporates code from another Node.js HOTP/TOTP module, notp, by Guy Halford-Thompson, with additional functionality and API compatibility changes made by Mark Bao. Speakeasy is now also moving to its own GitHub organization.
Speakeasy 2.0.0 is API-compatible with Speakeasy 1.x.x, but a number of functions are renamed and deprecated for consistency. See below. Future versions of Speakeasy 2.x.x may not be API-compatible with Speakeasy 1.x.x. Deprecation notices have been added.
verify
functions from notp, adding verification window functionality which allows for the verification of tokens across a window (e.g. in HOTP, x tokens ahead, or in TOTP, x tokens ahead or behind).verifyDelta
functions which calculate a delta between a given token and where it was found within the window.verify
functions which wrap verifyDelta
to return a boolean.issuer
, counter
, and type
to Google Authenticator otpauth:// URL. Thanks, Vincent Lombard.otpuathURL()
, to output an otpauth:// URL.v2.0.0 does not introduce any breaking changes, but deprecates a number of functions and parameters. Backwards compatibility is maintained for v2.0.0 but may not be maintained for future versions. While we highly recommend updating to 2.x.x, please make sure to update your package.json
to use Speakeasy at versions ^1.0.5
if you'd like to use the 1.x.x API.
generate_key()
is now generateSecret()
. generate_key()
deprecated.generate_key_ascii()
is now generateSecretASCII()
. generate_key_ascii()
deprecated.totp()
and hotp()
now take the key
parameter as secret
(key
deprecated).totp()
and hotp()
now take the length
parameter as digits
(length
deprecated).totp()
now takes the initial_time
parameter as epoch
(initial_time
deprecated).generateSecret()
no longer supports returning URLs to QR codes using qr_codes
and google_auth_qr
since passing the secret to a third party may be a security risk. Implement QR code generation on your own instead, such as by using a QR module like qr-image
or node-qrcode
.base32.js
Node package for base32 conversions.index.js
.