TietjeDK TietjeDK - 1 year ago 79
Node.js Question

Speakeasy.js generate new token every hour

I am trying to generate a password token through speakeasy.js on a node.js express server, which shall be used as authentication. The password should change every hour. I'm using

to retrieve the token and verify it.

If have set
to 30 seconds for testing purposes, but the token never changes.


var secret = speakeasy.generateSecret();

var token = speakeasy.totp({
secret: secret.base32,
encoding: 'base32',
step: : 10

router.get('/token/:token', function(req, res) {
var usertoken = req.params.token;
if(usertoken == token){
} else {
res.send("Not Verified")
res.json({ token: token, usertoken: usertoken });


Any suggestions?

Added step to token.

When i request the end point e.g. http://localhost:8080/api/token/664006 the console shows the toke e.g. 290595. When i refresh the endpoint after a certain amount of time the token should change, but it doesn't. It's still 290595.

Answer Source

I've just checked the documentation and it looks that the parameter you're looking for it's step. You should keep the time field to the default (Date.now() from the doc) and play with the step field.

Something like this:

var secret = speakEasy.generateSecret();
var token = speakEasy.totp({
  secret : secret.base32,
  encoding : 'base32',
  // leave time field to default
  step : 10

and for the verification use the method provided, instead of the ==:

router.get('/token/:token', function(req, res) {
    var usertoken = req.params.token;
    var verified = speakeasy.totp.verify({ 
       secret: base32secret,
       encoding: 'base32',
       token: userToken 
    //check if the token has changed


enter image description here