This is a web only implementation of a TOTP. It uses the Crypto.subtle web API to generate these time-based passwords.
The demo application is only TOTP, although HOTP could be extended as I use the HOTP algorithm to generate the TOTP.
The encoded secret provided works with Google Authenticator. It can be any string encoded in base32. I am using the hi-base32 library to encode the string, striping any non-alphanumeric characters.