Speakeasy.js generate new token every hour

Question

I am trying to generate a password token through speakeasy.js on a node.js express server, which shall be used as authentication. The password should change every hour. I'm using

routers

to retrieve the token and verify it.

If have set

time

to 30 seconds for testing purposes, but the token never changes.

Code:

var secret = speakeasy.generateSecret();



var token = speakeasy.totp({

  secret: secret.base32,

  encoding: 'base32',

  step: : 10

});



router.get('/token/:token', function(req, res) {

    console.log(token);

    var usertoken = req.params.token;

    if(usertoken == token){

        res.send("Verified")

    } else {

        res.send("Not Verified")

    }

    res.json({ token: token, usertoken: usertoken });   



});

Any suggestions?

EDIT
Added step to token.

When i request the end point e.g. http://localhost:8080/api/token/664006 the console shows the toke e.g. 290595. When i refresh the endpoint after a certain amount of time the token should change, but it doesn't. It's still 290595.

Answer 1

I've just checked the documentation and it looks that the parameter you're looking for it's step. You should keep the time field to the default (Date.now() from the doc) and play with the step field.

Something like this:

var secret = speakEasy.generateSecret();
var token = speakEasy.totp({
  secret : secret.base32,
  encoding : 'base32',
  // leave time field to default
  step : 10
});

and for the verification use the method provided, instead of the ==:

router.get('/token/:token', function(req, res) {
    console.log(token);
    var usertoken = req.params.token;
    var verified = speakeasy.totp.verify({ 
       secret: base32secret,
       encoding: 'base32',
       token: userToken 
    });
    //check if the token has changed
    console.log(verified);  

});

https://github.com/speakeasyjs/speakeasy

Speakeasy.js generate new token every hour

Sign up