Google Authenticator 2FA returning True always

Question

I'm using the GoogleAuthenticator nuget package for 2FA authentication in an ASP.NET application. The issue being that the function ValidateTwoFactorPIN always returns true even when the authenticator app has already changed TOTP code. Nuget Package

public TwoFactorSetupResponse Enable(string email)
        {
            var accountSecretKey = $"{SecretCode}-{email}";
            var setupInfo = _twoFactorAuthenticator.GenerateSetupCode("App", email, Encoding.ASCII.GetBytes(accountSecretKey));

            return new TwoFactorSetupResponse()
            {
                Account = setupInfo.Account,
                ManualEntryKey = setupInfo.ManualEntryKey,
                QrCodeSetupImageUrl = setupInfo.QrCodeSetupImageUrl,
            };
        }

        public bool IsCodeValid(string email, string code)
        {
            var accountSecretKey = $"{SecretCode}-{email}";
            return _twoFactorAuthenticator.ValidateTwoFactorPIN(accountSecretKey, code);
        }

score 1 · Accepted Answer · answered Dec 16 '21 at 00:26

1

That package's default drift tolerance is five minutes, so either test with smaller tolerance or wait until the tolerance window has passed.

answered Dec 16 '21 at 00:26

Martheen

5,198
4
32
55

Do you know how I can change that especification? – Roberto de León Dec 16 '21 at 00:27
1

Use the overload that allow specifying your own tolerance https://github.com/BrandonPotter/GoogleAuthenticator/blob/65b7e24b93601e1973974cd3b9eafff1c232a578/Google.Authenticator/TwoFactorAuthenticator.cs#L201 – Martheen Dec 16 '21 at 00:31
Now it's returning false. Maybe I'm not doing it correctly, do you know where I can see an example? – Roberto de León Dec 16 '21 at 00:46
False with what parameter? Your server and your device likely have a time difference. – Martheen Dec 16 '21 at 00:50
Got it working after some time, thank you! – Roberto de León Dec 16 '21 at 16:40
Can you elaborate? I'm just getting Invalid Code all the time. – Deadeye Sep 06 '22 at 14:51
@Deadeye I don't know anything about your code – Martheen Sep 06 '22 at 23:45

Google Authenticator 2FA returning True always

1 Answers1