Deriving root token from generate-root API

ok, so I’m invoking the APIs to generate a new root token from my recovery keys. Everything works. I got a “encoded_token” in the final call with the last key. I got my encoded “otp” from the initial attempt API call.

So looking at the code, it seems the command line XORs both of these to get the actual usable root token. So I tried the same thing in code, but I can’t seem to get the same “s.xxxxxxxx…>” format token from the command line using the same inputs.

Replicating this code here in Nodejs/Javascript but can’t seem to get the results as the command line:

Nevermind. Figured it out. As reference in case anyone runs into the same problem.

We’re suppose to base64 decode the encoded token from the API then XOR that with the encoded OTP as is.

I was decoding the OTP before XOR-ing. So just don’t do anything with the OTP and use its byte representation of the encoded OTP string for the XOR.