botp.js/README.md

# You might be in the wrong place

You probably want [Authenticator](https://github.com/Daplie/browser-authenticator).

# Browser One Time Password library (JavaScript)

(aka botp / totp.js / hotp.js)

(forked from [Node One Time Password](https://github.com/guyht/notp))

Simple to use, fast, and with zero dependencies\*. The Browser One Time Password library is fully compliant with [HOTP](http://tools.ietf.org/html/rfc4226) (counter based one time passwords) and [TOTP](http://tools.ietf.org/html/rfc6238) (time based one time passwords).

\* requires [forge](https://github.com/digitalbazaar/forge) for window.sha1Hmac shim in older browsers and [es6-promise](https://github.com/jakearchibald/es6-promise) for ancient browsers.

It can be used in conjunction with the [Authy](https://www.authy.com/personal/), [Google Authenticator](https://github.com/google/google-authenticator/), and [Microsoft Authenticator](https://www.microsoft.com/en-us/store/apps/authenticator/9wzdncrfj3rj), and [GAuth](https://5apps.com/gbraad/gauth) which have free apps for iOS, Android, BlackBerry, OS X, Linux, Windows, and Chrome.

Browser One Time Password library, supports HOTP, TOTP and works with Google Authenticator • forked from https://github.com/guyht/notp

# Installation

```
bower install botp
```

# Usage

```javascript
(function () {
'use strict';

var botp = window.botp;

// this might be used on account creation to create the QR code and verify the token in the browser.

var key = 'secret key for user... could be stored in DB'; // Uint8Array
var token = 'user supplied one time use token'; // 890123

// Check TOTP is correct (HOTP if hotp pass type)
botp.totp.verify(token, key).then(function (login) {
  // invalid token if login is null
  if (!login) {
    console.log('Token invalid');
    return;
  }
  
  // valid token
  console.log('Token valid, sync value is %s', login.delta);
});

}());
```

# API

See <https://github.com/guyht/notp#api>

* botp.totp.gen(keyByteArray) => (promise) tokenArray
* botp.totp.verify(tokenByteArray, keyByteArray) => (promise) delta or null
* botp.hotp.gen(keyByteArray) => (promise) tokenArray
* botp.hotp.verify(tokenByteArray, keyByteArray) => (promise) delta or null
browser fork 2015-10-22 21:22:21 -07:00			`# You might be in the wrong place`
Added travis-ci icon 2012-06-04 05:29:43 -07:00
browser fork 2015-10-22 21:22:21 -07:00			`You probably want [Authenticator](https://github.com/Daplie/browser-authenticator).`
Commit for version 1.1.2 2011-10-02 18:08:30 -07:00
browser fork 2015-10-22 21:22:21 -07:00			`# Browser One Time Password library (JavaScript)`
Commit for version 1.1.2 2011-10-02 18:08:30 -07:00
browser fork 2015-10-22 21:22:21 -07:00			`(aka botp / totp.js / hotp.js)`
Commit for version 1.1.2 2011-10-02 18:08:30 -07:00
browser fork 2015-10-22 21:22:21 -07:00			`(forked from [Node One Time Password](https://github.com/guyht/notp))`
Commit for version 1.1.2 2011-10-02 18:08:30 -07:00
browser fork 2015-10-22 21:22:21 -07:00			`Simple to use, fast, and with zero dependencies\*. The Browser One Time Password library is fully compliant with [HOTP](http://tools.ietf.org/html/rfc4226) (counter based one time passwords) and [TOTP](http://tools.ietf.org/html/rfc6238) (time based one time passwords).`
Commit for version 1.1.2 2011-10-02 18:08:30 -07:00
browser fork 2015-10-22 21:22:21 -07:00			`\* requires [forge](https://github.com/digitalbazaar/forge) for window.sha1Hmac shim in older browsers and [es6-promise](https://github.com/jakearchibald/es6-promise) for ancient browsers.`
add google auth example/details to readme Basic example on using `thirty-two` module to do base32 encoding and creating a barcode URI 2012-06-03 15:57:43 -04:00
browser fork 2015-10-22 21:22:21 -07:00			`It can be used in conjunction with the [Authy](https://www.authy.com/personal/), [Google Authenticator](https://github.com/google/google-authenticator/), and [Microsoft Authenticator](https://www.microsoft.com/en-us/store/apps/authenticator/9wzdncrfj3rj), and [GAuth](https://5apps.com/gbraad/gauth) which have free apps for iOS, Android, BlackBerry, OS X, Linux, Windows, and Chrome.`
update README api changes 2012-05-31 23:48:03 -04:00
browser fork 2015-10-22 21:22:21 -07:00			`Browser One Time Password library, supports HOTP, TOTP and works with Google Authenticator • forked from https://github.com/guyht/notp`
Commit for version 1.1.2 2011-10-02 18:08:30 -07:00
browser fork 2015-10-22 21:22:21 -07:00			`# Installation`
update README api changes 2012-05-31 23:48:03 -04:00
browser fork 2015-10-22 21:22:21 -07:00			```
			`bower install botp`
update README api changes 2012-05-31 23:48:03 -04:00			```
Commit for version 1.1.2 2011-10-02 18:08:30 -07:00
browser fork 2015-10-22 21:22:21 -07:00			`# Usage`
add google auth example/details to readme Basic example on using `thirty-two` module to do base32 encoding and creating a barcode URI 2012-06-03 15:57:43 -04:00
			```javascript
browser fork 2015-10-22 21:22:21 -07:00			`(function () {`
			`'use strict';`
add google auth example/details to readme Basic example on using `thirty-two` module to do base32 encoding and creating a barcode URI 2012-06-03 15:57:43 -04:00
browser fork 2015-10-22 21:22:21 -07:00			`var botp = window.botp;`
add google auth example/details to readme Basic example on using `thirty-two` module to do base32 encoding and creating a barcode URI 2012-06-03 15:57:43 -04:00
browser fork 2015-10-22 21:22:21 -07:00			`// this might be used on account creation to create the QR code and verify the token in the browser.`
add google auth example/details to readme Basic example on using `thirty-two` module to do base32 encoding and creating a barcode URI 2012-06-03 15:57:43 -04:00
browser fork 2015-10-22 21:22:21 -07:00			`var key = 'secret key for user... could be stored in DB'; // Uint8Array`
			`var token = 'user supplied one time use token'; // 890123`
Replace the equal signs in base32 string 2014-08-11 10:23:28 +00:00
browser fork 2015-10-22 21:22:21 -07:00			`// Check TOTP is correct (HOTP if hotp pass type)`
			`botp.totp.verify(token, key).then(function (login) {`
			`// invalid token if login is null`
			`if (!login) {`
			`console.log('Token invalid');`
			`return;`
			`}`

			`// valid token`
			`console.log('Token valid, sync value is %s', login.delta);`
			`});`

			`}());`
add google auth example/details to readme Basic example on using `thirty-two` module to do base32 encoding and creating a barcode URI 2012-06-03 15:57:43 -04:00			```

Commit for version 1.1.2 2011-10-02 18:08:30 -07:00			`# API`
add migrating from 1.x to 2.x to readme 2012-06-03 18:15:56 -04:00
browser fork 2015-10-22 21:22:21 -07:00			`See <https://github.com/guyht/notp#api>`
add migrating from 1.x to 2.x to readme 2012-06-03 18:15:56 -04:00
browser fork 2015-10-22 21:22:21 -07:00			`* botp.totp.gen(keyByteArray) => (promise) tokenArray`
			`* botp.totp.verify(tokenByteArray, keyByteArray) => (promise) delta or null`
			`* botp.hotp.gen(keyByteArray) => (promise) tokenArray`
			`* botp.hotp.verify(tokenByteArray, keyByteArray) => (promise) delta or null`