Stack Overflow
Stack Overflow

Questions tagged [totp]

Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.

Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.

TOTP is based on HOTP with a timestamp replacing the incrementing counter.

The current timestamp is turned into an integer time-counter (TC) by defining the start of an epoch (T0) and counting in units of a time interval (TI).

Wiki: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

172 questions
0
votes
2 answers

update a user phone number attribute to AWS cognito and verify phone number through sms mfa using node.js

Can any only help me with the above requirement? We have to update the phone_number attribute in AWS cognito and send a SMS MFA to confirm the mobile number. and also we have to verify the code sent to the user.
Vamshi G
  • 23
  • 1
  • 6
0
votes
1 answer

Shorter manual setup code for AWS Amplify Cognito TOTP setup

We are using Amplify, Cognito and Angular to build a login workflow. During setup of TOTP, we show a QR code to the user. As good practice, we also want to allow the user to manually enter a "setup code" in case they can't use the QR code. I can't…
cbp
  • 25,252
  • 29
  • 125
  • 205
0
votes
0 answers

TOTP 2FA codes for login to GitHub are not working anymore since Daylight Saving Time occurred

I'm using this mobile app on Android: https://getaegis.app/ which is using TOTP for connecting to, e.g. GitHub and some other web apps (e.g. a self hosted Django one for example). Since this morning, nothing is working anymore. I'm not able to log…
swiss_knight
  • 5,787
  • 8
  • 50
  • 92
0
votes
1 answer

how to incorporate TOTP with user migration in AD B2C

I'm using the guide here to perform Just-In-Time migration of a user from a legacy Idp to azure ad b2c: https://github.com/azure-ad-b2c/user-migration/tree/master/jit-migration-v2. I have this working properly on its own with a service I am using to…
Riz
  • 6,486
  • 19
  • 66
  • 106
0
votes
0 answers

QR code not generated for Azure AD B2C custom totp sample

I am following this sample here and have deployed it and integrated it with my test Azure AD B2C user sign in journey. However, when it loads the page (selfasserted-appfactor-registration.html), there is no QR code. I don't see anything in the…
Riz
  • 6,486
  • 19
  • 66
  • 106
0
votes
2 answers

Using sam stevens totp - can't get it to work

I found a project on GitHub to generate and check tokens (TOTP). I tried to get it working but failed. Here is the code: import java.io.IOException; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import…
shahar eldad
  • 861
  • 1
  • 12
  • 31
0
votes
0 answers

TOTP Algorithm Seed Length for HmacSHA512

I am trying to implement TOTTP algorithm described here: https://www.rfc-editor.org/rfc/rfc6238 Key key = new SecretKeySpec(seed.getBytes(StandardCharsets.UTF_8), "HmacSHA512"); However RFC says that: Seed for HMAC-SHA512 - 64 bytes String…
kamaci
  • 72,915
  • 69
  • 228
  • 366
0
votes
1 answer

Assign variable from database

I'm trying to create a python smart lock thing using rfid and the password instead of regular "1234", I'm using Time OTP with PyOTP Libray. At the moment I'm stuck with how to assign the secret variable value at the if function using data from…
Al-
  • 27
  • 7
0
votes
1 answer

How to check if entered TOTP secret key format is correct?

I'm doing a small web project to generate OTP online (like Google authenticator). I'm currently using otpauth library to generate OTP code. It can't generate code if secret key is wrong. So how do I check if entered secret key is correct?
quangthang
  • 38
  • 4
0
votes
1 answer

Azure AD B2C - Maintaining OTP between browser close/reopen

The otp used in Azure B2C in the displaycontrol / email verification has the following parameter: ReuseSameCode: Whether a duplicate code should be given rather than generating a new code when given code has not expired and is still valid. The…
MoP
  • 19
  • 5
0
votes
1 answer

AWS Cognito Software Token MFA works once, then unexpectedly reverts to SMS MFA for all future logins

Background: I have a React web app (utilizing aws-amplify) which is connecting to/using an AWS Cognito User Pool for auth. I am trying to enable MFA and, more specifically, I want my users to have the option to utilize Software Token TOTP MFA (i.e.…
WGriffing
  • 604
  • 6
  • 12
0
votes
1 answer

Migrating Google Authenticator secret keys between servers

I got an OpenVPN server (ubuntu 14.04) with pam-google-authenticator (20130529-2) I'm trying to create a new OpenVPN server (ubuntu 18.04) with pam-google-authenticator (20170702-1) and migrate all the existing secret keys. when creating a new key…
ShalevBs
  • 46
  • 3
0
votes
1 answer

OTP in pass-otp

I have a question as I use pass: the standard unix password manager with the plugin pass-otp. I also generate the OTP in Google Authenticator and sometimes the generated codes differ even though the input (secret) and the algorithm are the…
phodina
  • 1,341
  • 1
  • 12
  • 25
0
votes
1 answer

MFA One-time password image

I'm using auth0 one-time password option to set up MFA in my application: https://auth0.com/docs/mfa/guides/configure-otp This allow users to set up the MFA with google authenticator or similar applications that read the QR code. I'm also an user of…
javrd
  • 712
  • 7
  • 19
0
votes
2 answers

Getting error on generating the correct TOTP with Node with correct Headers and SHA512 hashed Token?

Initiating an HTTP post request I am getting an error: 'Access Denied: Invalid token, wrong code'. I have tried every possible solution but I can't pass this error. Details for this challenge: Authorization The URL is protected by HTTP Basic…
Kamishiwa
  • 1
  • 2
1 2 3
11 12