Currently we observed that, whenever we generate a totp, the step config configured (say 30 seconds) . The totp expires on the 30th second. say if XXXXXX is totp generated at 12:00:15, expires at 12:00:30. Instead , totp generated at 12:00:15 to be expired at 12:00:45.

The Time-Based Algorithms work this way. It doesn't mean that the code's 30-second life starts from the time when it is generated. It means that it complies with the 30-second TOTP RFC 6238 algorithm. Otherwise, you would not have been able to generate the same time-based codes in different devices as they had been generated at different times.

The Time-Based Algorithms work this way. It doesn't mean that the code's 30-second life starts from the time when it is generated. It means that it complies with the 30-second TOTP RFC 6238 algorithm. Otherwise, you would not have been able to generate the same time-based codes in different devices as they had been generated at different times.

You mean in that case any generated totp within 12:00 and 12:30 (excluded) will expire at 12:30 ?

@Lerado correct!

@Lerado correct!

Thank you ! According to the RFC it's recommended to consider having an acceptable delay of transmission that could be considered valid. At most one time-step backwards is recommended.

So considering T1 and T2 two consecutive timesteps, any token generated within T1 but checked with T2 could be considered valid according to RFC 6238.