speakeasy icon indicating copy to clipboard operation
speakeasy copied to clipboard

Published 20 hours ago verified publisher icon speakeasyjs

How to generate a token that is valid only 15 minutes?

Open MacgyverMartins opened this issue 5 years ago • 3 comments

Hi all! I'm tring to implement this logic: User types his email and the API send him a token by email (without use Google Authenticator) . This token has to be valid only for 15 minutes. But all my tentatives after generate token return false.

First question: Can I do this with speakeasy without use Google Auth.. ? Second question: If yes, do you guys can help me, by showing what I am doing wrong in this code below?

    // generate token
    const secret = speakeasy.generateSecret();
    const base32secret = secret.base32;

    const access = await Access.findOne({ where: { email: email } });
    access.base32secret = secret.base32;
    await access.save();

    return speakeasy.totp({
      secret: base32secret,
      encoding: 'base32',
      step: 900
    });

  // validate
  const access = await Access.findOne({ where: { email: email } });
  return speakeasy.totp.verify({
    secret: access.base32secret,
    encoding: 'base32',
    token: token
  });

If I remove step it works, but just for 30 seconds How can I change this? Thanks a lot

MacgyverMartins avatar Apr 26 '19 16:04 MacgyverMartins

use window delta There is example in https://github.com/speakeasyjs/speakeasy/wiki/General-Usage-for-Time-Based-Token that uses custom time Test the delta of the token at a custom time is between 0 and 30.

railsstudent avatar Apr 28 '19 23:04 railsstudent

Thanks @railsstudent Sorry, but I still don't understanding very well.

I try this:

token = speakeasy.totp({ secret: secret.base32, encoding: 'base32', step: 60 });

// return true
speakeasy.totp.verify({ secret: secret.base32, encoding: 'base32', token: token, window: 6, step: 60});

// returns {delta: -8}
speakeasy.totp.verifyDelta({ secret: secret.base32, encoding: 'base32', token: token, window: 15, step: 60});

Is that right? Is this the right way ensure that token is valid only 15 minutes from now?

MacgyverMartins avatar Apr 29 '19 20:04 MacgyverMartins

Sorry, my previous reply is incorrect.

if the token is valid for 15 minutes, step is 60 * 15 = 900. Therefore,

// token expires every 15 minutes token = speakeasy.totp({ secret: secret.base32, encoding: 'base32', step: 900 });

// validate token against the current time // return true speakeasy.totp.verify({ secret: secret.base32, encoding: 'base32', token: token, step: 900});

// compute the delta against the current time // return {delta: 0} speakeasy.totp.verify({ secret: secret.base32, encoding: 'base32', token: token, step: 900});

Thanks @railsstudent Sorry, but I still don't understanding very well.

I try this:

token = speakeasy.totp({ secret: secret.base32, encoding: 'base32', step: 60 });

// return true
speakeasy.totp.verify({ secret: secret.base32, encoding: 'base32', token: token, window: 6, step: 60});

// returns {delta: -8}
speakeasy.totp.verifyDelta({ secret: secret.base32, encoding: 'base32', token: token, window: 15, step: 60});

Is that right? Is this the right way ensure that token is valid only 15 minutes from now?

railsstudent avatar Apr 30 '19 02:04 railsstudent