DEV Community

Cover image for 🚀 otp package (high performance TOTP and HOTP generator)
Gopher profile image Javad Rajabzadeh
Javad Rajabzadeh for Gopher

Posted on

🚀 otp package (high performance TOTP and HOTP generator)

#go #javascript #otp #totp

If you're looking to implement two-factor authentication (2FA) in your Go applications, the otp offers a high-performance, zero-dependency solution for generating and validating TOTP and HOTP one-time passwords, fully compliant with RFC 4226 and RFC 6238.

Binding nodejs is available here.

Key Features

  • Zero Dependencies – Fully self-contained, no third-party libraries.
  • High Performance – Optimized for speed and minimal memory usage.
  • Support for TOTP & HOTP – RFC-compliant implementation.
  • Custom Digits & Algorithms – Use 6, 8, or 10 digits with SHA1, SHA256, or SHA512.
  • Secure – Constant-time validation to prevent timing attacks.
  • Clock Skew Tolerance – Allows minor time drift in TOTP validation.
  • Authenticator App Compatible – Supports otpauth:// URL generation for Google Authenticator and others.
  • Secure Secret Generator – Cryptographically secure random base32 secrets.
  • Well Tested – Passes all RFC test vectors, includes fuzzing and benchmarks.

Installation 

go get -u github.com/Ja7ad/otp
Enter fullscreen mode Exit fullscreen mode

Benchmarks

Compared to popular packages like pquerna/otp, this package:

Is ~2x faster

Uses 30–50% less memory

Has zero allocations in some core paths

Usage Example 

package main

import (
    "fmt"
    "github.com/Ja7ad/otp"
    "log"
    "time"
)

func main() {
    secret, err := otp.RandomSecret(otp.SHA1)
    if err != nil {
        log.Fatal(err)
    }

    t := time.Now()

    code, err := otp.GenerateTOTP(secret, t, otp.DefaultTOTPParam)
    if err != nil {
        log.Fatal(err)
    }
    fmt.Println("Generated TOTP code:", code)

    valid, err := otp.ValidateTOTP(secret, code, t, otp.DefaultTOTPParam)
    if err != nil {
        log.Fatal(err)
    }

    if valid {
        fmt.Println("The TOTP code is valid.")
    } else {
        fmt.Println("The TOTP code is invalid.")
    }

    url, err := otp.GenerateTOTPURL(otp.URLParam{
        Issuer:      "https://example.com",
        Secret:      secret,
        AccountName: "foobar",
        Period:      otp.DefaultTOTPParam.Period,
        Digits:      otp.DefaultTOTPParam.Digits,
        Algorithm:   otp.DefaultTOTPParam.Algorithm,
    })
    if err != nil {
        log.Fatal(err)
    }

    fmt.Println("TOTP URL:", url.String())
}
Enter fullscreen mode Exit fullscreen mode

Conclusion

The otp package is a robust, fast, and easy-to-integrate solution for adding 2FA to your Go applications. Whether you're building a secure login flow or a developer tool, this package delivers production-grade OTP generation and validation without the bloat.

profile
Datadog
 Promoted

Image of Datadog

Diagram Like A Pro

Bring your cloud architecture to life with expert tips from AWS and Datadog. In this ebook, AWS Solutions Architects Jason Mimick and James Wenzel reveal pro strategies for building clear, compelling diagrams that make an impact.

Get the Guide

Top comments (0)

DEV Community

Classic DEV Post:

Visualizing Promises and Async/Await 🤯

async await

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay