v7.0.0-1

7.0.0-1

v7.0.0-0

Addressing issue #7

v6.0.3

• fix build process not publishing from the dist folder

v6.0.2

6.0.2

v6.0.1

code

• Code has been split into package-like folders
• Bundler has been changed from webpack to rollup for all cjs packages
  • browser package is still using webpack.
• Authenticator by default sets expected encoding to hex for secrets
  • This properly fixes #7 instead of a prior fix.
  • As such, createHmacSecret for Authenticator has been reverted to totpSecret

tests

• test framework was switched to jest. Syntax-wise, it's kept as it and describe on purpose.

chore

• distribution package has been cleaned up to only include the 6 core + browser output instead of just transpiling source files
• updated readme
• v2 interface has finally been removed.

notes

• For more details, you can refer to the wiki: Upgrading to v6

v6.0.0 (beta)

This is a beta release

• Erroneously tagged as v6.0.0. Should be v6.0.0-beta instead.
• Refer to v6.0.1 release
• This is published under otplib@next

v5.1.1

• revert createHmacSecret for Authenticator to TOTP

v5.1.0

• Removed key encoding for decoder of Authenticator

v5.0.0

code

• createHmacSecret for Authenticator has been defaulted to the hotpSecret function
  • addresses issue #7 (see notes section below).
• Changed output files for webpack from underscore to dashes. i.e. from otplib_commons.js to otplib-commons.js

chore

• updated readme

notes

In RFC 6238, the secret / seed length for different algorithms is predefined:

HMAC-SHA1 - 20 bytes
HMAC-SHA256 - 32 bytes
HMAC-SHA512 - 64 bytes

As such, the length of the secret is padded and sliced according to the expected length for respective algrorithms. However, Google Authenticator does not seem to pad/slice the secret, resulting in wrong tokens generated when using TOTP implementation directly.

v4.0.6

chore

• Updated readme