OTP generation in nodejs using speakeasy :set expiry time

Question

I am using https://www.npmjs.com/package/speakeasy to generate OTP and i would like the expiry to 10 minutes.

Here is the code for generation

const generateOtp = function generateOtp() {
    let token = speakeasy.totp({
        secret:process.env.OTP_KEY,
        encoding: 'base32',
        digits:4,
        window:10
    });
    return token;
}

Verify OTP

const verifyOtp = function verifyOtp(token){
    let expiry =  speakeasy.totp.verify({
        secret:process.env.OTP_KEY,
        encoding: 'base32',
        token: token,
        window:10
    });
    console.log(expiry)
}

But I don't know how to set the expiry to 10 minutes??

How to know the field value of secret. where can I find the secret otp key. — Himabindu, Nov 30 '21 at 05:43
You can use `// Generate a secret key. var secret = speakeasy.generateSecret({length: 20});` to generate the secret key — shamon shamsudeen, Nov 30 '21 at 05:58

Dez · Answer 1 · 2018-09-22T20:59:57.920

Reading the documentation you can find out that the base step is 30 seconds, so if you want to have an expiration time of 10 minutes you need to set up the step to 60. Then, using the verifyDelta method you should be able to check if the token expired.

const generateOtp = function generateOtp() {
    let token = speakeasy.totp({
        secret:process.env.OTP_KEY,
        encoding: 'base32',
        digits:4,
        step: 60,
        window:10
    });
    return token;
}

const verifyOtp = function verifyOtp(token){
    let expiry =  speakeasy.totp.verifyDelta({
        secret:process.env.OTP_KEY,
        encoding: 'base32',
        token: token,
        step: 60,
        window:10
    });
    console.log(expiry)
}

Thanks this is working but the the token is expired very fast (ie with in two minutes) — shamon shamsudeen, Mar 31 '22 at 13:54

OTP generation in nodejs using speakeasy :set expiry time

1 Answers1