speakeasy icon indicating copy to clipboard operation
speakeasy copied to clipboard
verified publisher icon Levminer

TOTP Token expires earlier

Open ralphskie opened this issue 2 years ago • 3 comments

Hi, im currently having a hard time understanding the basics of TOTP. Below is my testing which I dont full undestand why the token is expiring (false) before the correct time it should expire.

generation code

const speakeasy = require("@levminer/speakeasy")
let SECRET = 'test'
let token = speakeasy.totp({
        secret: SECRET.base32,
        encoding: "base32",
        window: 2
    })

verification code

let tokenValidates = speakeasy.totp.verify({
        secret: SECRET.base32,
        encoding: "base32",
        token: otp,
        window: 2,
    })

settings

window = 2 step = 30 secs (default) toekn is created 07:49:23 PM , it will be valid until 07:50:52 PM base on the window which is 2 (+30 and +60 seconds from the token generation time)

results

958614 crea 07:49:23 PM --> token created 958614 true 07:49:28 PM 958614 true 07:49:43 PM (results truncated as they are "true") 958614 true 07:50:26 PM 958614 true 07:50:29 PM 958614 false 07:50:31 PM

ralphskie avatar Apr 04 '23 12:04 ralphskie

Facing the same issue, tokenValidates returns false before the 30 secs span

UdumiziSolomon avatar Oct 14 '23 18:10 UdumiziSolomon

I added { step: 600, window: 5 } // equiv to 5 mins

let tokenValidates = speakeasy.totp.verify({
        secret: SECRET.base32,
        encoding: "base32",
        token: otp,
        window: 5,
        step: 600
    })

UdumiziSolomon avatar Oct 14 '23 18:10 UdumiziSolomon

Check out: https://time.is/ Make sure your clock is in sync

Levminer avatar Oct 15 '23 14:10 Levminer