Skip to main content

Last version npm downloads


One Time Password (HOTP/TOTP) library for Node.js, Deno and browsers.



import * as OTPAuth from "otpauth";

// Create a new TOTP object.
let totp = new OTPAuth.TOTP({
  issuer: "ACME",
  label: "AzureDiamond",
  algorithm: "SHA1",
  digits: 6,
  period: 30,
  secret: "NB2W45DFOIZA", // or 'OTPAuth.Secret.fromBase32("NB2W45DFOIZA")'

// Generate a token.
let token = totp.generate();

// Validate a token.
let delta = totp.validate({
  token: token,
  window: 1,

// Convert to Google Authenticator key URI:
//   otpauth://totp/ACME:AzureDiamond?issuer=ACME&secret=NB2W45DFOIZA&algorithm=SHA1&digits=6&period=30
let uri = totp.toString(); // or 'OTPAuth.URI.stringify(totp)'

// Convert from Google Authenticator key URI.
let parsedTotp = OTPAuth.URI.parse(uri);


import * as OTPAuth from ""

// Same as above...


<script src=""></script>
  // Same as above...


See the documentation page.

Supported hashing algorithms

In Node.js, the same algorithms as Crypto.createHmac function are supported, since it is used internally. In Deno and browsers, the SHA1, SHA224, SHA256, SHA384, SHA512, SHA3-224, SHA3-256, SHA3-384 and SHA3-512 algorithms are supported by using the jsSHA library.


MIT License © Héctor Molinero Fernández.