Search code examples
node.jstwo-factor-authenticationtotp

Two Factor Authentication on Iphone?

I have a 2FA code in my nodeJS server application that utilizes speakeasy module to verify whether the passed key is valid or not. I am using google Authenticator app on the client side. I am using a secret key = "A0B0C0D0E0F0A1B1C1D1E1F2". This works on Android devices well. However, when I try the same on an Iphone, I face the following issues:

  1. Google Authenticator App on Iphone does not allow me to add the secret "A0B0C0D0E0F0A1B1C1D1E1F2". It seems it has some native rules wrt secret keys.
  2. Even when I enter a secret key that the Iphone allows, speakeasy.totp code is not able to verify, and always returns a FALSE.
  secretKey = "A0B0C0D0E0F0A1B1C1D1E1F2";
  var verified = speakeasy.totp.verify({
    secret: secretKey,
    encoding: 'base32',
    token: userToken
  }); 

if(!verified) {
         // verification failed
    } else {
         // verification ok
    }

How do I fix this issue so that it works on both Android and Iphone devices?

Note: The app is still in test region. The secret keys in prod will be stored on a permanent storage/db.

Thanks.

Solution

  • The secret used in totp.verify was in lowercase. When i converted that to upper case, it started working fine.