Google authenticator

TOPT ( Time-based One-Time Passwords) 2FA

定義在 RFC-6238

LogoRFC ft-mraihi-totp-timebased: TOTP: Time-Based One-Time Password AlgorithmIETF Datatracker
LogoWhat is a Time-based One-time Password (TOTP)?
LogoKey Uri Format · google/google-authenticator WikiGitHub

第三方 Node.js 模組:

程式範例

以下使用 speakeasy 模組,產生 secret 與 qrcode,之後 secret 要記住在後端

const speakeasy = require("speakeasy");
const qrcode = require("qrcode");

const secret = speakeasy.generateSecret({ name: "eason@gmail.com" });

console.log(secret)

qrcode.toDataURL(secret.otpauth_url, function (err, url) {
  console.log(url);
});

驗證

const speakeasy = require("speakeasy");

const verifyResult = speakeasy.totp.verify({
  secret: "<剛才的 secret>",
  encoding: "ascii",
  token: "<手機 google authenticator app 掃碼 qrcode 後產生的六個號碼>"
})

console.log('verifyResult', verifyResult)

演算法:

https://github.com/bellstrand/totp-generator/blob/master/index.js

PreviousTwitter OAuthNextfacebook oauth

Last updated