Stack Overflow
Stack Overflow

Questions tagged [totp]

Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.

Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.

TOTP is based on HOTP with a timestamp replacing the incrementing counter.

The current timestamp is turned into an integer time-counter (TC) by defining the start of an epoch (T0) and counting in units of a time interval (TI).

Wiki: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

172 questions
0
votes
1 answer

Push Notifications For An OTP Mobile Application

I was given the following challenge: "I want you to develop a mobile application based on react native. It's an authentication app. Which means I want to open a website and try to login and when I do. I will receive a push notification on the device…
Antoine-Assaf15
  • 3
  • 5
0
votes
1 answer

POST request with TOTP password: Response to preflight request doesn't pass access control check

I need to make a POST request with data to a URL, using TOTP (Time-based One-Time Password). I keep getting the following message from server. ======================================================== Access to XMLHttpRequest at URL from origin…
dulerong
  • 231
  • 1
  • 3
  • 8
0
votes
0 answers

Issue with implementing TOTP in PHP using hash_hmac()

I am trying to implement TOTP in PHP, and I get a six digit code, but it never matches the one in my Authenticator app. I was able to zero in on the problem being most likely related to the output of hash_hmac, since I tested all the bit shifting…
turf
  • 101
  • 3
0
votes
1 answer

TOTP: Can someone use the same otp within 30s and misuse it

In my python project i am planning to use TOTP. A new User enter his email. Then he recieves a OTP generated using TOTP. import pyotp totp = pyotp.TOTP('base32secret3232') totp.now() # => '492039' The OTP is valid for 30s. Now one can enter a…
Santhosh
  • 9,965
  • 20
  • 103
  • 243
0
votes
0 answers

Not receiving same OTP in a time step/interval - Django-otp

I have set time step as 300sec and TOTP digit as 6. I'm not receiving same OTP in a time step/interval, means receiving different OTP in a given time step. ie, At 2019-11-03 19:15:00, i will get one code; 19:13:00 , i will get another new code. this…
Emil George James
  • 1,181
  • 1
  • 10
  • 20
0
votes
1 answer

Two Factor Authentication on Iphone?

I have a 2FA code in my nodeJS server application that utilizes speakeasy module to verify whether the passed key is valid or not. I am using google Authenticator app on the client side. I am using a secret key = "A0B0C0D0E0F0A1B1C1D1E1F2". This…
nihal
  • 357
  • 1
  • 3
  • 18
0
votes
3 answers

How do I ensure the users secret key for TOTP is valid?

I'm working on a 2FA App. Is there a way for me the secret key a user provides that I use to generate their tokens is valid beforehand? Edit: For clarification: I am not providing the login server, but the token generation for the user (think authy…
Jujinko
  • 319
  • 3
  • 21
0
votes
1 answer

Double authentication connection cannot be redirected

I am trying to set up a double authentication page under laravel, for that I add a checkTotp method that verifies that the user has activate double authentication and redirect this user to the page in question. The problem is that I am not…
Quentin Geeraert
  • 57
  • 1
  • 8
0
votes
0 answers

How to implement TOTP authentication that is compatible with java and objective-c

I have a problem with TOTP authentification. My server (java) generates a secret key and transmits it to my android and ios applications. At the time of authentication, my mobile application runs the TOTP algorithm, taking the secret key as…
Tuncay mzd
  • 13
  • 6
0
votes
3 answers

QR Code for TOTP multi factor (like google authenticator) -- how do I set my logo?

We generate a QR code fine for TOTP multi factor. This QR code can be consumed fine by google authenticator, authy, etc. We are trying to figure out how to include our logo, so the auth app can show our logo instead of a generic logo. I have dug all…
Jonesome Reinstate Monica
  • 6,618
  • 11
  • 65
  • 112
0
votes
1 answer

Is there a way to renew the OTP secret for user when using the Authy API?

I am using the Authy API for TOTP authentication. Many users prefer to use google authenticator and don't want to download the Authy app. So I am using the authy API as mentioned here to get the QR code for Google Authenticator…
naiem
  • 437
  • 4
  • 11
0
votes
1 answer

Google authentication - TOTP to check remaining seconds

Time (20 seconds validity) based google authentication code, i need to check the time before reading the 4 digit code. Collect the google auth code using TOTP Apply the code automatically in our application Problem, while reading - code at the…
Prabu
  • 3,550
  • 9
  • 44
  • 85
0
votes
3 answers

TOTP / HOTP / HmacSHA256 with unsigned bytes key in Java

As we can see from the following questions: Java HmacSHA256 with key Java vs. Golang for HOTP (rfc-4226) , Java doesn't really play nicely when using a key in a TOTP / HOTP / HmacSHA256 use case. My analysis is that the following cause…
Chris Brandhorst
  • 46
  • 5
0
votes
1 answer

How to maintain sync between time based OTPs of apps like Google authenticator, Authy in iOS

I am working on an application that generates tops for every 30 seconds using a timer. I am getting secret keys from scanned QR codes and appending them to one model array and for each secret key I am generating tOTP and appending them into another…
Purna chandra
  • 107
  • 11
0
votes
1 answer

Error with CURL requests to enable TOTP in WSO2 IS

I have a problem using the TOTP admin services in WSO2 IS (https://docs.wso2.com/display/ISCONNECTORS/Using+the+TOTP+API#UsingtheTOTPAPI-EnableTOTPEnableTOTP). I send the following request: curl -i -X POST -H…
charlesbbc
  • 1
  • 5
1 2 3
11
12