TOTP Token Validation using Custom Python Code - n8n Workflow

• Security Engineers: Implementing custom two-factor authentication (2FA) mechanisms.


• Backend Developers: Integrating secure authentication steps directly into backend API calls using n8n.


• Automation Specialists: Users needing a self-contained TOTP verification solution without relying on external n8n credentials or dedicated services.


• Anyone looking for an advanced example of using the Code n8n node for cryptographic operations.

This specialized n8n template provides a highly flexible method for verifying Time-based One-time Passwords (TOTP) codes. Unlike standard methods that might require setting up specific n8n credentials, this n8n workflow uses a robust, self-contained Python script to handle the entire verification process—from base32 decoding to HMAC-SHA1 generation.

The primary value of this n8n workflow is its independence. It allows you to dynamically retrieve the user's TOTP secret (e.g., from a database) and immediately check the user-provided code against the current time interval. This is essential for building custom sign-in or secure action verification flows, offering a powerful core logic flow control within your overall n8n automation.

This automation is initiated by the Manual Trigger n8n node, typically used for testing or when executed as a sub-workflow.

1. Start and Initialization (When clicking ‘Test workflow’): The flow begins, often replacing this initial n8n trigger with a production webhook or database query.


2. Define Example Inputs (EXAMPLE FIELDS): The n8n node labeled 'EXAMPLE FIELDS' sets the two critical inputs: the totpsecretexample (the user's Base32 secret key) and the codetoverify_example (the 6-digit code provided by the user).


3. Execute Validation Logic (TOTP VALIDATION): The core of the n8n workflow resides in this Code n8n node. It executes a comprehensive Python script that imports necessary cryptographic libraries (hmac, hashlib). The script decodes the Base32 secret, calculates the current time interval counter, generates the expected TOTP code using HMAC-SHA1, and compares it to the input code. It returns a status of 1 (valid) or 0 (invalid).


4. Conditional Routing (IF CODE IS VALID): The flow uses an IF n8n node to check the output status. If the status is 1, the n8n workflow proceeds down the 'true' branch for successful authentication; if 0, it proceeds down the 'false' branch, allowing for custom error handling or credential rejection.

To deploy this n8n workflow, follow these steps:

1. Import: Copy the provided JSON data and paste it directly into your n8n instance using the 'New' menu > 'Import from JSON'.


2. Trigger Setup: The initial n8n trigger is set to 'Manual Trigger'. For production use, replace this with your desired trigger (e.g., Webhook, API call, or Database Query).


3. Customize Data Input: Locate the 'TOTP VALIDATION' Code n8n node.

1. Test: Use the 'Test workflow' button after setting the example data to ensure the custom Python logic works correctly within your n8n environment.

When clicking ‘Test workflow’ (Manual Trigger n8n node): Serves as the starting point for testing this n8n template. In a live system, this n8n trigger would be replaced by a production trigger.
EXAMPLE FIELDS (Set n8n node): A utility node used solely for testing. It injects sample data (a totpsecretexample and codetoverifyexample) into the n8n workflow structure before validation.
TOTP VALIDATION (Code n8n node): The functional core. This n8n node contains a Python script implementing the RFC 6238 standard for TOTP. Key configurations include setting the language to Python and defining the verifytotp function to compare the calculated token with the input code.
IF CODE IS VALID (IF n8n node): A core logic flow control n8n node. It checks the status output ($json.status) from the preceding Code n8n node. If the status equals 1, the validation is successful, directing the n8n workflow accordingly.