The Two-Factor Authentication (2FA) API provides a simple server-side implementation of Time-based One-Time Password (TOTP) for securing user authentication. It supports the generation of secret keys, provisioning of mobile apps with QR codes, and verification of one-time passwords. Additionally, it integrates with Twilio for sending OTP via SMS and supports sending OTP via email.
- Node.js and npm installed
- Twilio account for sending SMS (optional)
- Nodemailer-compatible email service for sending emails (optional)
-
Clone the repository:
git clone https://github.com/Mr-vero/CD-Auth-API.git
-
Install dependencies:
cd two-factor-auth-api npm install
-
Set up environment variables:
Create a
.env
file and add the following:TWILIO_ACCOUNT_SID=your_twilio_account_sid TWILIO_AUTH_TOKEN=your_twilio_auth_token TWILIO_PHONE_NUMBER=your_twilio_phone_number EMAIL_SERVICE_API_KEY=your_email_service_api_key EMAIL_SENDER_ADDRESS=your_email_sender_address
Replace the placeholders with your actual credentials.
-
Start the server:
npm start
The server will be running on http://localhost:3000.
- Endpoint:
/generate-secret-key
- Method: GET
- Description: Generates a secret key for TOTP.
- Endpoint:
/request-one-time-password
- Method: POST
- Description: Generates and sends a one-time password. Requires a valid secret key and optional issuer and phone number parameters.
- Endpoint:
/verify
- Method: POST
- Description: Verifies a provided one-time password. Requires a valid secret key, OTP, and last OTP timestamp.
- Endpoint:
/generate-qr-code-for-provisioning-mobile-apps
- Method: POST
- Description: Generates a QR code for provisioning mobile apps. Requires a valid secret key, issuer, and email.
To enable Twilio integration for sending SMS, provide your Twilio credentials in the .env
file.
To enable email integration, provide your email service API key and sender address in the .env
file.
- The server runs on the specified port (default is 3000).
- Environment variables are used for configuration, and you can customize the
.env
file as needed.
Feel free to contribute by opening issues and submitting pull requests. Please follow the code of conduct.
This project is licensed under the MIT License - see the LICENSE file for details.
Make sure to customize the placeholders (like `your_twilio_account_sid`, `your_twilio_auth_token`, etc.) with your actual credentials and modify the content based on your specific implementation and requirements.