speakeasy icon indicating copy to clipboard operation
speakeasy copied to clipboard

Published 20 hours ago verified publisher icon speakeasyjs

Increase token expiration time

Open Shamoncushbu opened this issue 8 years ago • 6 comments

var token = speakeasy.totp({ secret: secret.base32, encoding: 'base32', time:300 });

        console.log(token);

        var verified = speakeasy.totp.verify({
            secret: secret.base32,
            encoding: 'base32',
            token: token
        });
        console.log(verified);

Always returns false value

Shamoncushbu avatar Apr 17 '17 06:04 Shamoncushbu

The time option overrides the TOTP expiry algorithm. The token you generated is valid at 00:05 on 1 January 1970.

On Apr 16, 2017, at 11:17 PM, Shamoncushbu [email protected] wrote:

var token = speakeasy.totp({ secret: secret.base32, encoding: 'base32', time:300 });

    console.log(token);

    var verified = speakeasy.totp.verify({
        secret: secret.base32,
        encoding: 'base32',
        token: token
    });
    console.log(verified);

Always returns false value

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/speakeasyjs/speakeasy/issues/85, or mute the thread https://github.com/notifications/unsubscribe-auth/AAm4b_RYJX3L6lFPXQjQAC5lBQlHzMEEks5rwwPzgaJpZM4M-591.

mikepb avatar Apr 17 '17 17:04 mikepb

@mikepb so whats the correct way of using time based tokens

Shamoncushbu avatar Apr 18 '17 04:04 Shamoncushbu

If a custom time token is created, you need to pass the same time value to verify/verifyDelta method.

var token = speakeasy.totp({ secret: secret.base32, encoding: 'base32', time:300 });

var verified = speakeasy.totp.verify({ secret: secret.base32, encoding: 'base32', token: token, time: 300 }); console.log(verified);

The console log statement will return verified in this case. The totp.verify example with custom time value is not provided in documentation. It should be updated to avoid future confusion.

railsstudent avatar Apr 21 '17 15:04 railsstudent

so what's the expiry time then? 30 seconds? or how do i increase the expiry time?

Jinnified avatar Nov 06 '17 02:11 Jinnified

so what's the expiry time then? 30 seconds? or how do i increase the expiry time?

@mikepb Could you answer this?

kamal0808 avatar Apr 30 '18 16:04 kamal0808

I added a time to mine but the token stays the same no matter what, is this suppose to happen? When I take out the time it changes the token but quite frequently, I feel like the documentation didn't explain this well.

var token = speakeasy.totp({ secret: secret, encoding: 'base32', time: 120, }); return token; console.log(token); }

scottyh527 avatar Aug 20 '19 02:08 scottyh527