otplib icon indicating copy to clipboard operation
otplib copied to clipboard
verified publisher icon yeojz

totp to expire with step config after generation

Open surajk-TDM opened this issue 2 years ago • 4 comments

Currently we observed that, whenever we generate a totp, the step config configured (say 30 seconds) . The totp expires on the 30th second. say if XXXXXX is totp generated at 12:00:15, expires at 12:00:30. Instead , totp generated at 12:00:15 to be expired at 12:00:45.

surajk-TDM avatar Mar 07 '23 16:03 surajk-TDM

The Time-Based Algorithms work this way. It doesn't mean that the code's 30-second life starts from the time when it is generated. It means that it complies with the 30-second TOTP RFC 6238 algorithm. Otherwise, you would not have been able to generate the same time-based codes in different devices as they had been generated at different times.

lpavliuk avatar Apr 26 '23 03:04 lpavliuk

The Time-Based Algorithms work this way. It doesn't mean that the code's 30-second life starts from the time when it is generated. It means that it complies with the 30-second TOTP RFC 6238 algorithm. Otherwise, you would not have been able to generate the same time-based codes in different devices as they had been generated at different times.

You mean in that case any generated totp within 12:00 and 12:30 (excluded) will expire at 12:30 ?

Lerado avatar Jul 28 '23 03:07 Lerado

@Lerado correct!

lpavliuk avatar Jul 28 '23 04:07 lpavliuk

@Lerado correct!

Thank you ! According to the RFC it's recommended to consider having an acceptable delay of transmission that could be considered valid. At most one time-step backwards is recommended.

So considering T1 and T2 two consecutive timesteps, any token generated within T1 but checked with T2 could be considered valid according to RFC 6238.

Lerado avatar Jul 28 '23 14:07 Lerado