New totp every time? #537
Comments
|
I think what you are trying to achieve is against time based one time password's rules. Secret should be UNIQUE for every USER. So same secret will generate same password everytime during its step(time in seconds). You can get 5 minutes by multiplying 60seconds by 5, so have step: 300, this means that generated password will be valid for 5 minutes and during that 5 minutes its secret will generate the same password. |
|
@digitalml Did you ever find a solution for this? I am trying this package in my E2E tests and if I require login in my tests, some of my tests fail because same token is being re-used which gives error "token expired" |
|
I think @suruaku made a good point here. |
@suruaku |
|
@juanGoesElectric If by token you mean secret, then it's up to you. One way is for example to use some kind of unique option depending on your database (MongoDB example). The same way you ensure unique email for every user. |
I'm trying to create a time based one time password in node that is new every single time generate is called... (secret is the same every time from env file)... I need the verify window to be 5 mins...
The problem i am having is that I get duplicates. I assume this is because step = 30 by default and only a new totp will be generated every 30 seconds? I tried to set it to 0, that didn't work. I tried 1 and i do get a new key everyone one second but if I call it more times than once a second i get duplicates. I thought epoch(Date.now()) would solve this issue but it does not.
Can you please tell me on how to get a new totp every single generate but still have it valid for 5 mins on verify?
The text was updated successfully, but these errors were encountered: