otplib

Appearance

otplib API Documentation / otplib / class / OTPVerifyOptions

Type Alias: OTPVerifyOptions

OTPVerifyOptions = object

Defined in: otplib/src/class.ts:122

Options for verifying a token with the OTP class

Properties

afterTimeStep?

optional afterTimeStep: number

Defined in: otplib/src/class.ts:191

Minimum allowed TOTP time step for replay protection (optional)

Rejects tokens with timeStep <= afterTimeStep. Only used by TOTP strategy.

algorithm?

optional algorithm: HashAlgorithm

Defined in: otplib/src/class.ts:139

Hash algorithm (default: 'sha1')

counter?

optional counter: number

Defined in: otplib/src/class.ts:168

Counter value Used by HOTP strategy (required)

counterTolerance?

optional counterTolerance: number | [number, number]

Defined in: otplib/src/class.ts:183

Counter tolerance for HOTP verification (default: 0)

  • Number: creates look-ahead only tolerance [0, n]
  • Tuple [past, future]: explicit window control

digits?

optional digits: Digits

Defined in: otplib/src/class.ts:144

Number of digits (default: 6)

epoch?

optional epoch: number

Defined in: otplib/src/class.ts:150

Current Unix epoch timestamp in seconds (default: now) Used by TOTP strategy

epochTolerance?

optional epochTolerance: number | [number, number]

Defined in: otplib/src/class.ts:176

Time tolerance in seconds for TOTP verification (default: 0)

  • Number: symmetric tolerance (same for past and future)
  • Tuple [past, future]: asymmetric tolerance Use [5, 0] for RFC-compliant past-only verification.

guardrails?

optional guardrails: OTPGuardrails

Defined in: otplib/src/class.ts:196

Validation guardrails

hooks?

optional hooks: OTPHooks

Defined in: otplib/src/class.ts:201

Hooks for customizing token encoding and validation

period?

optional period: number

Defined in: otplib/src/class.ts:162

Time step in seconds (default: 30) Used by TOTP strategy

secret

secret: string | Uint8Array

Defined in: otplib/src/class.ts:129

Base32-encoded secret key

Note: By default, strings are assumed to be Base32 encoded. If you have a raw string/passphrase, you must convert it to Uint8Array first.

t0?

optional t0: number

Defined in: otplib/src/class.ts:156

Initial Unix time to start counting time steps (default: 0) Used by TOTP strategy

token

token: string

Defined in: otplib/src/class.ts:134

OTP code to verify

Released under the MIT License.

Copyright © 2026 Gerald Yeo