I have a web app that is Angular2 on the front-end and NodeJS on the back-end. I want to allow clients to use Google Authenticator to make their accounts more secure.
How can I implement/use Google Authenticator in my website? I cannot find an API to use or and tutorials to follow or any libraries to use. Where can I find some resources to do this?
Advertisement
Answer
The key phrase that you’re looking for is “TOTP” (Time-Based One-time Password) – and it is a specification, rather than an API maintained by Google.
At a very high level, your backend will generate a secret that it will share with your users’ Google Authenticator app. At login, both the Authenticator app and your backend with use the stored secret and current time to generate a single-use key. If the keys match, it means that the secrets match, and the user may be logged in.
The SpeakEasy node implementation seems to be pretty popular on github.