Google authenticator

TOPT ( Time-based One-Time Passwords) 2FA

定義在 RFC-6238

RFC ft-mraihi-totp-timebased: TOTP: Time-Based One-Time Password AlgorithmIETF Datatracker

What is a Time-based One-time Password (TOTP)?

Key Uri Format · google/google-authenticator WikiGitHub

Authenticator

browser-authenticator.jsCoolAJ86 on GIT

第三方 Node.js 模組：

GitHub - speakeasyjs/speakeasy: **NOT MAINTAINED** Two-factor authentication for Node.js. One-time passcode generator (HOTP/TOTP) with support for Google Authenticator.GitHub

GitHub - yeojz/otplib: One Time Password (OTP) / 2FA for Node.js and Browser - Supports HOTP, TOTP and Google AuthenticatorGitHub

Authenticator API.com - An API for Google Authenticator

程式範例

以下使用 speakeasy 模組，產生 secret 與 qrcode，之後 secret 要記住在後端

const speakeasy = require("speakeasy");
const qrcode = require("qrcode");

const secret = speakeasy.generateSecret({ name: "eason@gmail.com" });

console.log(secret)

qrcode.toDataURL(secret.otpauth_url, function (err, url) {
  console.log(url);
});

驗證

const speakeasy = require("speakeasy");

const verifyResult = speakeasy.totp.verify({
  secret: "<剛才的 secret>",
  encoding: "ascii",
  token: "<手機 google authenticator app 掃碼 qrcode 後產生的六個號碼>"
})

console.log('verifyResult', verifyResult)

GitHub - speakeasyjs/speakeasy: **NOT MAINTAINED** Two-factor authentication for Node.js. One-time passcode generator (HOTP/TOTP) with support for Google Authenticator.GitHub

演算法：

https://github.com/bellstrand/totp-generator/blob/master/index.js