Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Google Authenticator with NodeJS

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Philipp Dunkel Philipp Dunkel
March 14, 2014
Programming
0
270

Google Authenticator with NodeJS

Mini-Talk at the first Vienn-NodeJS-Meetup

Avatar for Philipp Dunkel

Philipp Dunkel

March 14, 2014
Tweet

Other Decks in Programming

See All in Programming
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
Avatar for tetutetu214 tetutetu214
2
110
Basic Architectures
Avatar for Denys Poltorak denyspoltorak
0
670
Spinner 軸ズレ現象を調べたらレンダリング深淵に飲まれた #レバテックMeetup
Avatar for 弁護士ドットコム bengo4com
1
230
Package Management Learnings from Homebrew
Avatar for Mike McQuaid mikemcquaid
0
210
AI & Enginnering
Avatar for codelynx codelynx
0
110
IFSによる形状設計/デモシーンの魅力 @ 慶應大学SFC
Avatar for がむ gam0022
1
300
AgentCoreとHuman in the Loop
Avatar for Har1101 har1101
5
230
FOSDEM 2026: STUNMESH-go: Building P2P WireGuard Mesh Without Self-Hosted Infrastructure
Avatar for Date Huang tjjh89017
0
160
Architectural Extensions
Avatar for Denys Poltorak denyspoltorak
0
280
なぜSQLはAIぽく見えるのか/why does SQL look AI like
Avatar for florets1 florets1
0
450
360° Signals in Angular: Signal Forms with SignalStore & Resources @ngLondon 01/2026
Avatar for Manfred Steyer manfredsteyer
PRO
0
120
Fluid Templating in TYPO3 14
Avatar for Simon Praetorius s2b
0
130

Featured

See All Featured
We Are The Robots
Avatar for Honza Javorek honzajavorek
0
160
Helping Users Find Their Own Way: Creating Modern Search Experiences
Avatar for Dan Newman danielanewman
31
3.1k
Navigating Team Friction
Avatar for Lara Hogan lara
192
16k
Agile Leadership in an Agile Organization
Avatar for Dr. Kim W Petersen kimpetersen
PRO
0
79
New Earth Scene 8
Avatar for Sydney Stone popppiees
1
1.5k
sira's awesome portfolio website redesign presentation
Avatar for ElsiraPls elsirapls
0
150
Done Done
Avatar for chrislema chrislema
186
16k
Building a A Zero-Code AI SEO Workflow
Avatar for Ian Lurie portentint
PRO
0
300
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
666
130k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
133
19k
Design in an AI World
Avatar for tapps tapps
0
140
Fireside Chat
Avatar for paigeccino paigeccino
41
3.8k

Transcript

  1. GOOGLE-AUTHENTICATOR WITH NODEJS PHILIPP DUNKEL PIPOBSCURE

  2. PROTOCOL • T imebased • O ne • T ime

    • P assword RFC 6238 - http://tools.ietf.org/html/rfc6238

  3. PRO - CON/CAVEATS • Variable / Changing • Second Factor

    • Standardised • Added Security • Shared Secret • Raw Secret Stored !

  4. GOOGLE AUTHENTICATOR - IN THE WILD • Amazon Web Services

    • Asia Nexgen • Atomic-Trade.com • App.net • Bitstamp • Bitcoin.de • Blockchain.info • BTC-e.com • CaVirtEx.com • Cex.io • CipherGraph Networks • Coinbase • Dashlane • DigitalOcean • Dreamhost • Dropbox • Drupal • Evernote • Eclipse Mining Consortium • Facebook • Gaia Online • Gandi.net • GitHub • Google Apps • Google Mail • HootSuite • Joomla • LastPass • Linode • LinOTP • LocalBitcoins • Linux • Microsoft account • Mt. Gox • Net4Game • Okcoin • Salesforce.com • Synology • SupportPoint • TACACS.net • Teamviewer • timetotrade • WordPress • Xat • XenForo ! !

  5. GOOGLE AUTHENTICATOR APP

  6. MODULES - OTP & QRPNG

  7. CREATE A SECRET var OTP = require(‘otp’); function createUser(request, reply)

    { var otp = OTP({ name: request.params.username + '@demo' }); var filename = __dirname + '/data/' + request.params.username + ‘.json’; var content = JSON.stringify(otp, undefined, ' ‘); fs.writeFile(filename, content, function(err) { if (err) return reply(err); reply(otp.totpURL); }); }

  8. TOTP - INFORMATION { "class": "OTP{@phidelta}", "name": "pipobscure@demo", "keySize": 32,

    "codeLength": 6, “secret": “INJCM5ZXGEYW2QJJGN5TEW25LNAC6NLUFZYWK2CWIE2U2S3MIZIQ“, "epoch": 0, "timeSlice": 30 } otpauth://totp/pipobscure@demo?secret=INJCM5ZXGEYW2QJJGN5TEW25LNAC6NLUFZYWK2CWIE2U2S3MIZIQ

  9. CREATE A QR-CODE otpauth://totp/pipobscure@demo?secret=INJCM5ZXGEYW2QJJGN5TEW25LNAC6NLUFZYWK2CWIE2U2S3MIZIQ var QR = require(‘qrpng’); function fetchQRCode(request,

    reply) { var url = request.query.url; var scale = request.query.scale || 4; QR(url, scale, function(err, png) { if (err) return reply(err); reply(png).type('image/png'); }); }

  10. VALIDATE A CODE function verifyCode(request, reply) { var filename =

    __dirname + '/data/' + request.params.username + ‘.json'; fs.readFile(, 'utf-8', function(err, data) { if (err) return reply(err); var otp = JSON.parse(data, OTP.reviveJSON); ! if (String(otp.totp()) !== String(request.payload)) { return reply({ valid: false }).code(403); } ! reply({ valid: true }); }); }