TOTP Authentication Service: Time Based Passwords for Enterprise Apps

This workflow provides a secure TOTP authentication service, generating time-based one-time passwords for enterprise applications. Key nodes include Webhook, Set, Code, Condition, and HTTP Request. It validates requests, retrieves secrets from a vault, generates TOTP codes, encrypts them, and logs events for auditing. To set up, install n8n from n8n.io for self-hosting or use cloud.n8n.io for a hosted solution. Configure the Webhook node to accept POST requests at the /totp-generate path. Set up a vault service (e.g., HashiCorp Vault) and obtain an API URL and access token; update vaultApiUrl in the Set node ('Security Configuration') and configure the HTTP Request node ('Vault Secret Retriever') with the token. Define validUserIds and requiredAuthHeader (e.g., X-API-Key) in the Set node. For logging, set loggingServiceUrl to your logging service endpoint in the same node. Ensure the Webhook node’s URL is accessible externally by setting up a public-facing server or using n8n’s cloud webhook URL. Secure the webhook with a strong X-API-Key. Test by sending a POST request to the Webhook URL with JSON payload {userId: 'user1', service: 'app1'} and X-API-Key header. Validate output in the Webhook Response node ('Success Response') for success=true, encryptedCode, and codeMetadata.expiresAt. Errors like 'AUTH_001' (missing header) or 'REQ_001' (missing userId/service) trigger the Webhook Response node ('Authentication Error') with a 401 status. Invalid secrets (length <16) cause 'VAULT_001' errors in the Webhook Response node ('Vault Error Handler'). If TOTP generation fails, 'TOTP_001' is logged. Deploy by activating the workflow and registering the webhook URL with your application. Monitor executionStatus and totalExecutionTime in the Set node ('Monitoring Metrics') for performance. Check logs in the HTTP Request node ('Audit Logger') for TOTP_GENERATED events to ensure compliance.