OTP code till valid after 30 secondes ! #246
Comments
|
Checking whether a code has been used is outside the scope of this library since that requires specific logic in the application. The library is stateless and does not have context of the user that's being validated. It's just checking if a given code with a certain private key is valid for the time period. The default validity period is 5 minutes (to allow for clock drift), but that can be adjusted by using an overload: var tfa = new TwoFactorAuthenticator();
var isValid = tfa.ValidateTwoFactorPIN(secretKey, codeFromClient, Timespan.FromMinutes(1)); |
|
Hello, We have adjusted the clock drift, and it works well. However, we encountered another problem. When we set the code for 30 seconds, an additional tolerance of 30 seconds is added, causing the code to expire after 1 minute instead of the intended duration. Could you suggest any changes we need to make so that the app accepts exactly 30 seconds without a +30 seconds tolerance? Thank you so much! I appreciate your help. |
|
I did some testing and it looks like using a time tolerance of 0 seconds will get you what you are looking for. The "current" will always be validated for the length of time specified in the constructor (30 seconds is used if not specified). new TwoFactorAuthenticator(HashType.SHA256)
.GetCurrentPINs(this.txtSecretKey.Text, TimeSpan.FromSeconds(0))
|
Hello,
We're using the GoogleAuthenticator Library version 3.2.0, and we're currently experiencing an issue. The OTP code should be valid for only 30 seconds, but I've noticed that even after 30 seconds, it can still be used for a much longer period, usually around 3 to 4 minutes. Additionally, when the OTP code is used, I logged out, logged back in, and used the same OTP code, and it still worked!
I made sure that the timezone is properly configured and that synchronization with the NTP server is working, but I'm still facing the same issue!
The text was updated successfully, but these errors were encountered: