The Two-Factor Authentication (2FA) API provides a simple server-side implementation of Time-based One-Time Password (TOTP) for securing user authentication. It supports the generation of secret keys, provisioning of mobile apps with QR codes, and verification of one-time passwords. Additionally, it integrates with Twilio for sending OTP via SMS and supports sending OTP via email.

• Getting Started
  • Prerequisites
  • Installation
• API Endpoints
  • Generate Secret Key
  • Request One-Time Password
  • Verify
  • Generate QR Code for Provisioning Mobile Apps
• Integrations
  • Twilio
  • Email Service
• Configuration
• Contributing
• License

• Node.js and npm installed
• Twilio account for sending SMS (optional)
• Nodemailer-compatible email service for sending emails (optional)

1. Clone the repository:

   git clone https://github.com/Mr-vero/CD-Auth-API.git

2. Install dependencies:

   cd two-factor-auth-api
   npm install

3. Set up environment variables:

   Create a .env file and add the following:

   TWILIO_ACCOUNT_SID=your_twilio_account_sid
   TWILIO_AUTH_TOKEN=your_twilio_auth_token
   TWILIO_PHONE_NUMBER=your_twilio_phone_number
   EMAIL_SERVICE_API_KEY=your_email_service_api_key
   EMAIL_SENDER_ADDRESS=your_email_sender_address

   Replace the placeholders with your actual credentials.

4. Start the server:

   npm start

   The server will be running on http://localhost:3000.

• Endpoint: /generate-secret-key
• Method: GET
• Description: Generates a secret key for TOTP.

• Endpoint: /request-one-time-password
• Method: POST
• Description: Generates and sends a one-time password. Requires a valid secret key and optional issuer and phone number parameters.

• Endpoint: /verify
• Method: POST
• Description: Verifies a provided one-time password. Requires a valid secret key, OTP, and last OTP timestamp.

• Endpoint: /generate-qr-code-for-provisioning-mobile-apps
• Method: POST
• Description: Generates a QR code for provisioning mobile apps. Requires a valid secret key, issuer, and email.

To enable Twilio integration for sending SMS, provide your Twilio credentials in the .env file.

To enable email integration, provide your email service API key and sender address in the .env file.

• The server runs on the specified port (default is 3000).
• Environment variables are used for configuration, and you can customize the .env file as needed.

Feel free to contribute by opening issues and submitting pull requests. Please follow the code of conduct.

This project is licensed under the MIT License - see the LICENSE file for details.

Make sure to customize the placeholders (like `your_twilio_account_sid`, `your_twilio_auth_token`, etc.) with your actual credentials and modify the content based on your specific implementation and requirements.