I am trying to generate OTP in express js using speakeasy .

Here is the sample code i've tried

var speakeasy = require('speakeasy');
        var secret = speakeasy.generateSecret({length:32});

        //generate token
        var code = speakeasy.totp({
            secret:secret.base32,
            encoding: 'base32',
            step:300,
            window:100,
            counter:123
        });

        //verify token
        var verified = speakeasy.totp.verify({
            secret:secret.base32 ,
            encoding: 'base32',
            token: code
        });

When verify the token console.log(verified) always return false.

I've followed this github link but it didn't help

I am trying to generate OTP in express js using speakeasy https://www.npmjs./package/speakeasy.

Here is the sample code i've tried

var speakeasy = require('speakeasy');
        var secret = speakeasy.generateSecret({length:32});

        //generate token
        var code = speakeasy.totp({
            secret:secret.base32,
            encoding: 'base32',
            step:300,
            window:100,
            counter:123
        });

        //verify token
        var verified = speakeasy.totp.verify({
            secret:secret.base32 ,
            encoding: 'base32',
            token: code
        });

When verify the token console.log(verified) always return false.

I've followed this github link https://github./speakeasyjs/speakeasy/issues/52 but it didn't help

• javascript
• mysql
• node.js
• express

Share Improve this question Follow asked Apr 12, 2017 at 11:01 JabaaJabaa 1,76377 gold badges3636 silver badges6363 bronze badges 4

• Here is a demo.. Checkout this, sedemo-mktb.rhcloud. – David R Commented Apr 12, 2017 at 11:31
• Same code is used but verified returns false – Jabaa Commented Apr 12, 2017 at 11:32
• Have you tried adding window: 2 option to your verify function. – David R Commented Apr 12, 2017 at 13:44
• Added but it didn't worked – Jabaa Commented Apr 17, 2017 at 5:36

Add a ment  | 

5 Answers 5

Sorted by: Reset to default 3

module.exports = (num = 4) => {
    return Math.random().toFixed(num).substr(`-${num}`)
}

Edit:.substr is deprecated

`.substr` is now [deprecated][1]. We can use this approach instead:

module.exports = (num = 4) => {
     Math.random().toFixed(num).substring(0, length);
}

OTP: 9749

I don't know about speakeasy, but we've successfully used notp in our project to generate one-time passwords we use with Express, maybe this might help : https://www.npmjs./package/notp

Add step value given while generating token for verify.

var verified = speakeasy.totp.verify({
        secret:secret.base32 ,
        encoding: 'base32',
        token: code,
        step: 300
    });

You should be added counter = 123 into verify function:

var verified = speakeasy.totp.verify({
      secret: secret.base32,
      encoding: 'base32',
      token: code, 
      counter: 123
});

A very simple way to generate 1 time otp is to utilize Math random function. Here is how to do it for 4 unique digit otp by making a utility function in your express project etc.

// generateOtp.js

/**
 * Math.random() returns a number beterrn 0 and 1. 
 * It is then added with 1000 and multiplied with 9000 to return a float,
 * Which is then round up to greatest integer less than or equal to its numeric argument.
 * 
 * @returns 4 unique digits
 */
const generateOtp = () => Math.floor(1000 + Math.random() * 9000)

// Export
module.exports = generateOtp;

Now, use this function where required.

Example: Here is how to utilize function.

// anyfile.js
const generateOtp = require(" /*Path to your utility function*/ ");

// Get otp
const otp = generateOtp();

console.log(otp); // 4 unique digits

// Do the reset i.e, Send it to user via nodemailer etc...

More on Math random