Client and Server generating different TOTP

Question

Client and Server generating different TOTP

rahul-gharat opened this issue 3 years ago · comments

Rahul Gharat commented 3 years ago

TOTP generated at client and server for the same secret at the same time is different.
(OTP not getting validated).

I tried to play with step and window parameters but didnt worked.

Client Machine has IST timezone and the server has UTC.

I tried to check epoc time at both machines, it is same. (UTC Timestamp is same)

Can someone please help me with this? maybe i am missing something.

Thanks in advance

Hiago Silva Souza · Answer 1 · Thu Aug 26 2021 03:07:14 GMT+0800 (China Standard Time)

@rahul-gharat I have the same problem =/

Matt Harris · Answer 2 · Thu Aug 26 2021 04:02:38 GMT+0800 (China Standard Time)

I'm also seeing this in one of my services that uses this package

Rahul Gharat · Answer 3 · Thu Aug 26 2021 21:49:59 GMT+0800 (China Standard Time)

Hi, As a workaround I used browserify to compile otplib node module and used it at client side. Now it is working fine.
I guess npm module and unpkg module has some code difference.

Matt Harris · Answer 4 · Thu Aug 26 2021 22:31:36 GMT+0800 (China Standard Time)

Do you have any clue to what version the issue might be on, or what version I should use if I follow the steps you mentioned above

Rahul Gharat · Answer 5 · Fri Aug 27 2021 00:23:25 GMT+0800 (China Standard Time)

I am using otplib@12.0.0 from npm

Hiago Silva Souza · Answer 6 · Fri Aug 27 2021 01:23:36 GMT+0800 (China Standard Time)

I am using otplib@12.0.0 from npm

I'm too.