Skip to content

Instantly share code, notes, and snippets.

Last active May 18, 2023 13:18
  • Star 20 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
OTP verification without database, full sample source code
const otpGenerator = require("otp-generator");
const crypto = require("crypto");
const key = "verysecretkey"; // Key for cryptograpy. Keep it secret
function createNewOTP(phone){
// Generate a 6 digit numeric OTP
const otp = otpGenerator.generate(6, {alphabets: false, upperCase: false, specialChars: false});
const ttl = 5 * 60 * 1000; //5 Minutes in miliseconds
const expires = + ttl; //timestamp to 5 minutes in the future
const data = `${phone}.${otp}.${expires}`; // phone.otp.expiry_timestamp
const hash = crypto.createHmac("sha256",key).update(data).digest("hex"); // creating SHA256 hash of the data
const fullHash = `${hash}.${expires}`; // Hash.expires, format to send to the user
// you have to implement the function to send SMS yourself. For demo purpose. let's assume it's called sendSMS
sendSMS(phone,`Your OTP is ${otp}. it will expire in 5 minutes`);
return fullHash;
function verifyOTP(phone,hash,otp){
// Seperate Hash value and expires from the hash returned from the user
let [hashValue,expires] = hash.split(".");
// Check if expiry time has passed
let now =;
if(now>parseInt(expires)) return false;
// Calculate new hash with the same key and the same algorithm
let data = `${phone}.${otp}.${expires}`;
let newCalculatedHash = crypto.createHmac("sha256",key).update(data).digest("hex");
// Match the hashes
if(newCalculatedHash === hashValue){
return true;
return false;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment