otplib API Documentation / @otplib/totp / verify
Function: verify()
verify(
options):Promise<VerifyResult>
Defined in: totp/src/index.ts:274
Verify a TOTP code
Compares the provided token against the expected TOTP value using constant-time comparison to prevent timing attacks.
The verification window allows for clock drift between client and server, as recommended in RFC 6238 Section 5.2.
Parameters
options
TOTP verification options
Returns
Promise<VerifyResult>
Verification result with validity and optional delta
See
RFC 6238 Section 5.2 - Validation and Time-Step Size
Example
ts
import { verify } from '@otplib/totp';
import { NodeCryptoPlugin } from '@otplib/plugin-crypto-node';
// Accept tokens valid within ±30 seconds
const result = await verify({
secret: mySecret,
token: '123456',
epochTolerance: 30,
crypto: new NodeCryptoPlugin(),
});
if (result.valid) {
console.log(`Token matched at epoch: ${result.epoch}`);
}