Write Your Own OTP Authenticator In Javascript and NodeJs

admin Mar 5, 2024

In this tutorial we are going to create a One-Time Password (OTP) Authenticator in JavaScript and Node.js. You can use as a simple project for understanding two-factor authentication mechanisms and improving your Node.js skills. Or you can simply use it as viable alternative to Google Authenticator or microsoft Authenticator.

Prerequisites

Basic knowledge of JavaScript and Node.js.
Node.js installed on your computer.
An editor to write your code (e.g., VSCode, Sublime Text, etc.).

Step 1: Setting Up Your Project

Create a new directory for your project and navigate into it:

mkdir otp-authenticator
cd otp-authenticator

Initialize a new Node.js project:

npm init -y

Install necessary libraries:

npm install speakeasy prompt-sync qrcode-terminal

speakeasy is used for generating TOTP codes.
prompt-sync allows synchronous prompts for user input in the command line.
qrcode-terminal generates QR codes in the terminal, useful for adding accounts to your authenticator.

Step 2: Writing the Authenticator Script

Create a new file named auth.js in your project directory, and open it in your editor.

Import Required Modules

Add the following lines at the top of auth.js to import the modules you'll use:

const speakeasy = require('speakeasy');
const prompt = require('prompt-sync')({sigint: true});
const fs = require('fs');
const path = require('path');
const qrcode = require('qrcode-terminal');

Initialize Data Storage

Below the module imports, add code to handle data storage in a JSON file:

const dataFile = path.join(__dirname, 'data.json');

// Initialize data
let data = {};
if (fs.existsSync(dataFile)) {
  data = JSON.parse(fs.readFileSync(dataFile, 'utf8'));
}

Implementing the add Command

The add command will allow users to input a label and a secret key for an account, optionally verifying it with an OTP:

function add() {
  const label = prompt('Enter label (e.g., GitHub:usern): ');
  const secret = prompt('Enter the secret key provided by the service: ');

  const userTOTPInput = prompt('Enter a current OTP from your authenticator app to verify (optional, press enter to skip): ');
  let verificationPassed = true;

  if (userTOTPInput.trim() !== '') {
    verificationPassed = speakeasy.totp.verify({
      secret: secret,
      encoding: 'base32',
      token: userTOTPInput,
      window: 1
    });
  }

  if (verificationPassed) {
    data[label] = { secret: secret };
    fs.writeFileSync(dataFile, JSON.stringify(data, null, 2));
    console.log(`${label} account added successfully.`);
  } else {
    console.log('Verification failed. Please check the OTP entered and try again.');
  }
}

Implementing the show Command

The show command will display OTP codes for all or filtered accounts based on keywords:

function show() {
  const filters = process.argv.slice(3);
  console.log('Filtered OTP Codes:');

  Object.keys(data).forEach(label => {
    const isMatch = filters.every(filter => label.toLowerCase().includes(filter.toLowerCase()));

    if (isMatch || filters.length === 0) {
      const secret = data[label].secret;
      const token = speakeasy.totp({
        secret: secret,
        encoding: 'base32'
      });
      console.log(`${label}: ${token}`);
    }
  });
}

Handling Commands

Add command handling logic to auth.js:

const command = process.argv[2];

switch(command) {
  case 'add':
    add();
    break;
  case 'show':
    show();
    break;
  default:
    console.log('Invalid command. Use "add" or "show".');
}

Step 3: Running Your Authenticator

To add an account: node auth.js add, then follow the prompts. To view OTPs: node auth.js show or node auth.js show to filter results.

Conclusion

Congratulations! You've created a basic OTP authenticator in JavaScript and Node.js. This project covers key concepts like TOTP generation, command-line input/output, and simple data storage. As you become more comfortable, consider adding features

Next Steps

Encrypting the secret using node crypto library and pgp

OTP NodeJs