otplibOne-Time Password Library

TypeScript-first library for HOTP and TOTP authentication with multi-runtime support and pluggable architecture

See it in action

Get Started

Key Features

Built with modern practices

TypeScript Native

Written in TypeScript with complete type definitions. Async-first API design with synchronous alternatives.

Pluggable Architecture

Swap crypto and Base32 implementations via plugins. Use Web Crypto, Node crypto, or bring your own.

RFC Compliant /
Authenticator Compatible

Full implementation of RFC 4226 (HOTP) and RFC 6238 (TOTP) specifications.
Compatible with common authenticator apps like Google, Microsoft, Authy and many more.

Interactive Demo

See it in action

TOTP

Time-based tokens that refresh every 30 seconds. The standard for authenticator apps.

Setup

Client (Generate)

Resets in: 30s

Server (Verify)

HOTP

Counter-based tokens that increment with each use. Ideal for hardware tokens.

Setup

Client (Generate)

Counter: 0

Click to increment the counter and generate the next OTP.

Server (Verify)

Expected Counter: 0

The server accepts any token from the current counter up to a window ahead (resync).

otplibOne-Time Password Library

Key Features

TypeScript Native

Pluggable Architecture

RFC Compliant / Authenticator Compatible

Interactive Demo

Setup

Client (Generate)

Server (Verify)

Setup

Client (Generate)

Server (Verify)

RFC Compliant /
Authenticator Compatible