One time Password in Node js [closed]

Question

I want to use OTP for my node-express API. Right now I am able to personalize things using username and password, but would like to do it using mobile number and OTP. What references can I use for this?

Answer 1

If you want to just verify the phone by sending and OTP and then asking for it then I don't think you should go for Speakeasy.

Speakeasy is mainly for TOTP and HOTP which are more like 2 Factor Authentication (generate OTPs every 30 seconds, for example).

But since you want to verify a user's phone once all you need to do is:

1. Generate any random n-digit number and save it in a table in DB mapped to user with creation time.
2. Send this to the user's phone. You can use any service. I personally use twilio.
3. When user enters the OTP, check the current time against the creation time and see if it's valid.
4. Handle the cases: a) if valid: mark user as verified b) if invalid: whatever you want to do.