Passport-TOTP
Passport strategy for two-factor authentication using
a TOTP value.This module lets you authenticate using a TOTP value in your Node.js applications. By plugging into Passport, TOTP two-factor authentication can be easily and unobtrusively integrated into any application or framework that supports Connect-style middleware, including Express. TOTP values can be generated by hardware devices or software applications, including Google Authenticator.
Note that in contrast to most Passport strategies, TOTP authentication requires that a user already be authenticated using an initial factor. Requirements regarding when to require a second factor are a matter of application-level policy, and outside the scope of both Passport and this strategy.
Install
$ npm install passport-totp
Usage
Configure Strategy
The TOTP authentication strategy authenticates a user using a TOTP value generated by a hardware device or software application (known as a token). The strategy requires asetup
callback.The
setup
callback accepts a previously authenticated user
and calls done
providing a key
and period
used to verify the HOTP value. Authentication
fails if the value is not verified.passport.use(new TotpStrategy(
function(user, done) {
TotpKey.findOne({ userId: user.id }, function (err, key) {
if (err) { return done(err); }
return done(null, key.key, key.period);
});
}
));
Authenticate Requests
Usepassport.authenticate()
, specifying the 'totp'
strategy, to authenticate
requests.For example, as route middleware in an Express application:
app.post('/verify-otp',
passport.authenticate('totp', { failureRedirect: '/verify-otp' }),
function(req, res) {
req.session.authFactors = [ 'totp' ];
res.redirect('/');
});
Examples
For a complete, working example, refer to the two-factor example.Tests
$ npm install
$ make test
Credits
- Jared HansonLicense
The MIT LicenseCopyright (c) 2013 Jared Hanson <http://jaredhanson.net/>