As I want to remove my generated code whenever I got a request from my single User, so that he can't use previous OTP

You can do this by storing a table of "used" OTPs in your application (data storage is outside the scope of this library). You should only have to store it for <5 minutes, and then it can be deleted, and if a user submits the same OTP within a period, deny access

@pquerna alternatively, instead of using Validate(...) to validate a user's totp, can't we use GenerateCode(secret, time.Now()) and compare the result with the user's input?

Won't that have the same effect without the additional storage?