> ## Documentation Index
> Fetch the complete documentation index at: https://momentic.ai/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Log in with OTPAuth (TOTP)

> Generate authenticator-app 2FA codes inside a **JavaScript** step using the `otpauth` library.

<Info>
  **Prerequisite**: A Base32 TOTP secret (shown during 2FA enrollment) or an
  `otpauth://` URI (often embedded in a QR code).
</Info>

The [`otpauth`](https://www.npmjs.com/package/otpauth) library is preloaded in
the **JavaScript** step sandbox.

## From a Base32 secret

```js theme={null}
const totp = new OTPAuth.TOTP({
  issuer: "MyApp",
  label: "alice@example.com",
  algorithm: "SHA1",
  digits: 6,
  period: 30,
  secret: env.TOTP_SECRET, // Base32-encoded
});

setVariable("TOTP_CODE", totp.generate());
```

## From an `otpauth://` URI

```js theme={null}
const totp = OTPAuth.URI.parse(env.TOTP_URI);
setVariable("TOTP_CODE", totp.generate());
```

Then add a **Type** step with value `{{ env.TOTP_CODE }}`.

<Tip>
  Store the secret as an [environment
  variable](/core-concepts/variables#environment-variables) rather than
  hardcoding it.
</Tip>

## Related

* [Email OTP](/guides/auth/email-otp)
* [SMS OTP](/guides/auth/sms-otp)
* [otpauth code generator](https://otpauth.molinero.dev/)
