Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Help: token generated by other libraries does not match with otplib.totp #706

Open
ab-acx opened this issue Oct 30, 2024 · 4 comments
Open

Help: token generated by other libraries does not match with otplib.totp #706

ab-acx opened this issue Oct 30, 2024 · 4 comments

Comments

@ab-acx
Copy link

ab-acx commented Oct 30, 2024

Can you please help me try to figure out why TOTP tokens generated by other libraries don't match. Here is the code that I am using

const speakeasy = require('speakeasy');
const otpauth = require('otpauth');
const otplib = require('otplib');

const secret = 'this is a secret';
const digits = 6;
const period = 30;
const algorithm = 'sha1';

// Get the current epoch time in seconds
const epoch = Math.floor(Date.now() / 1000);

// Generate TOTP using speakeasy
const speakeasyToken = speakeasy.totp({
    secret,
    encoding: 'ascii',
    step: period,
    digits,
    algorithm,
    time: epoch
});
console.log(`Speakeasy Token: ${speakeasyToken}`);

// Generate TOTP using otpauth
const otpauthTOTP = new otpauth.TOTP({
    secret: otpauth.Secret.fromUTF8(secret),
    digits,
    period,
    algorithm
});
const otpauthToken = otpauthTOTP.generate({ time: epoch });
console.log(`OTPAUTH Token: ${otpauthToken}`);

// Generate TOTP using otplib
otplib.totp.options = {
    step: period,
    digits,
    algorithm,
    epoch: epoch * 1000
};
const otplibToken = otplib.totp.generate(secret);
//console.log(`OTPLIB Options: ${JSON.stringify(otplib.totp.allOptions())}`);
console.log(`OTPLIB Token: ${otplibToken}`);

output:

Speakeasy Token: 006867
OTPAUTH Token: 006867
OTPLIB Token: 395990

I am using epoc to make the test more stable however I tried different approaches but none worked.

Thanks
@viperadnan-git
Copy link

#580 (comment)

This solved my same issue.

@kamihork
Copy link

kamihork commented Jan 9, 2025

Since the secret you are entering is a base32 encoded string, decoding it and converting it to hexadecimal may solve the problem!
The authenticator does that, but totp does not.
https://github.com/yeojz/otplib/blob/master/packages/otplib-core/src/authenticator.ts#L191

@ab-acx
Copy link
Author

ab-acx commented Jan 13, 2025

@viperadnan-git

#580 (comment)

This solved my same issue.

changing to otplib.authenticator did not make any difference
const otplibToken = otplib.authenticator.generate(secret);

@ab-acx
Copy link
Author

ab-acx commented Jan 13, 2025

Since the secret you are entering is a base32 encoded string, decoding it and converting it to hexadecimal may solve the problem! The authenticator does that, but totp does not. https://github.com/yeojz/otplib/blob/master/packages/otplib-core/src/authenticator.ts#L191

the secret is 'this is a secret'. it is not base32 encoded.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kamihork @ab-acx @viperadnan-git