A secure email-based OTP (One-Time Password) authentication system built with Node.js, Express, and React.
This project implements a passwordless authentication system where users receive a one-time password via email to log in. The system generates a 6-digit OTP, sends it to the user's email, and verifies it to issue a JWT token for authenticated sessions.
- Email-based OTP authentication
- 6-digit OTP generation
- OTP expiration (5 minutes)
- JWT token-based session management
- Support for multiple email service providers
- Email configuration testing endpoint
- In-memory OTP storage
Backend:
- Node.js
- Express.js
- Nodemailer (email sending)
- JSON Web Tokens (JWT)
- dotenv (environment configuration)
Frontend:
- React
- Axios (API calls)
- Clone the repository and install dependencies:
# Install backend dependencies
cd backend
npm install
# Install frontend dependencies
cd ../frontend
npm install- Configure email service (see Email Configuration section below)
For development and testing, use Ethereal (auto-configured test email):
cd backend
node setup-ethereal.jsUpdate backend/.env with your email service credentials:
EMAIL_SERVICE=brevo
EMAIL_HOST=smtp-relay.brevo.com
EMAIL_PORT=587
EMAIL_USER=your-email@example.com
EMAIL_PASS=your-smtp-key
JWT_SECRET=your-secret-key
PORT=5000Supported services: Brevo, SendGrid, Mailgun, Gmail, Outlook, or any SMTP server.
Start the backend server:
cd backend
npm startStart the frontend (in a new terminal):
cd frontend
npm startThe backend runs on http://localhost:5000 and frontend on http://localhost:3000.
- OTPs expire after 5 minutes
- JWT tokens expire after 1 hour
- OTPs are stored in-memory (consider Redis for production)
- Use HTTPS in production
- Implement rate limiting for OTP requests
- Use strong JWT secrets