How to implement two-factor authentication with Speakeasy in Node.js

Two-factor authentication (2FA) is a security process in which a user provides two different authentication factors to verify their identity. Speakeasy is a popular library that allows for easy implementation of 2FA in Node.js applications. In this tutorial, we'll walk through the steps necessary to implement 2FA using Speakeasy in a Node.js application.

Step 1: Install Speakeasy

The first step in implementing 2FA with Speakeasy is to install the library. You can do this using npm:

npm install speakeasy

Step 2: Generate a Secret Key

The next step is to generate a secret key that will be used to generate the one-time passwords (OTPs) that will be sent to the user. You can generate a secret key using the following code:

const speakeasy = require('speakeasy');
const secret = speakeasy.generateSecret();
console.log(secret.base32);

This will generate a secret key and print it to the console. Make sure to keep this secret key secure, as it will be used to generate the OTPs.

Step 3: Save the Secret Key

Next, you'll need to save the secret key for the user that you're implementing 2FA for. This could be in a database or some other type of storage, depending on your application. For this tutorial, we'll assume that you're using a database and that you have a user model with a field for the secret key.

const User = require('./models/user');

// Save the secret key for the user
const user = await User.findById(userId);
user.secretKey = secret.base32;
await user.save();

Step 4: Generate an OTP

Once you have the secret key saved for the user, you can generate an OTP using the following code:

const token = speakeasy.totp({
  secret: user.secretKey,
  encoding: 'base32',
  digits: 6,
  window: 1
});

console.log(token);

This will generate a 6-digit OTP that is valid for 30 seconds. The window parameter specifies the number of time steps that the OTP will be valid for. In this case, we're setting it to 1, which means that the OTP will be valid for 30 seconds.

Step 5: Verify the OTP

When the user logs in to your application, you'll need to verify the OTP that they enter. You can do this using the following code:

const isValid = speakeasy.totp.verify({
  secret: user.secretKey,
  encoding: 'base32',
  token: req.body.token,
  window: 1
});

if (isValid) {
  // OTP is valid
} else {
  // OTP is invalid
}

This code verifies that the OTP that the user entered matches the OTP that was generated using their secret key. If the OTP is valid, you can proceed with logging the user in to your application.

Step 6: Use a QR Code to Enable 2FA

To make it easier for users to enable 2FA, you can generate a QR code that they can scan with a mobile authenticator app. You can do this using the following code:

const qrCode = speakeasy.otpauthURL({
  secret: user.secretKey,
  label: 'My App',
  issuer: 'My Company'
});

console.log(qrCode);

This will generate a URL that can be used to generate a QR code. You can use a library like qrcode to generate the QR code and display it to the user.

Conclusion

In this tutorial, we walked through the steps