authenticator and totp giving different results
tsndr opened this issue · comments
Describe the bug
Authenticator and TOTP give different results (Authenticator is correct, TOTP is wrong)
Authenticator
Code:
authenticator.options = {
algorithm: 'sha1',
digits: 6,
encoding: 'hex',
epoch: Date.now(),
step: 30,
window: 0,
}
authenticator.generate(this.secret)
Options:
{
algorithm: 'sha1',
createDigest: [Function: createDigest],
createHmacKey: [Function: totpCreateHmacKey],
digits: 6,
encoding: 'hex',
epoch: 1593951693570,
step: 30,
window: 0,
createRandomBytes: [Function: createRandomBytes],
keyDecoder: [Function: keyDecoder],
keyEncoder: [Function: keyEncoder]
}
Result: 649517
TOTP
Code:
totp.options = {
algorithm: 'sha1',
digits: 6,
encoding: 'hex',
epoch: Date.now(),
step: 30,
window: 0,
}
totp.generate(this.secret)
Options:
{
algorithm: 'sha1',
createDigest: [Function: createDigest],
createHmacKey: [Function: totpCreateHmacKey],
digits: 6,
encoding: 'hex',
epoch: 1593951693570,
step: 30,
window: 0
}
Result: 821648
- otplib version: 12.0.1
- os: macOS 11.0 Big Sur
- browser: Google Chrome 83
- node: 14.4
- frameworks (if any): express
@tsndr are you using the exact same secret for both?
Authenticator requires the secret to be decoded first before it's used.
TOTP takes the secret AS-IS
So do I have to encode my secret to be able to use it with TOTP or is it possible to set an option to tell it that the given secret is decoded? Because that's what's in my database.
If you want to use totp on the backend, while using an authenticator compatible app to generate your tokens, then just
encode the secret before passing to the app. On the backend, you retain and use the decoded secret with totp.