With the same secret Generates the same OTP code, as long as it does not expire.

BastiaanJansen / otp-java

A small and easy-to-use one-time password generator library for Java implementing RFC 4226 (HOTP) and RFC 6238 (TOTP).

MIT License

186 stars 30 forks source link

With the same secret Generates the same OTP code, as long as it does not expire. #50

Closed rmatute closed 2 years ago

rmatute commented 2 years ago

Hi @BastiaanJansen

I have a question, when I send the same secret and I want to generate an OTP code again, it generates the same as long as it is valid.

Attached capture

issues-OTP-JAVA

BastiaanJansen commented 2 years ago

Hi,

This is intended behavior, with the same secret and within the same period, the generator should generate the same OTP code. Is there anything specific you are trying to accomplish?

ghost commented 2 years ago

Hello @BastiaanJansen How should we use the OTP generator to have different OTPs each time a new one is required, considering that each OTP that is generated must have a maximum lifetime and must be able to validate within that period.

I thought that the secret could be unique and generate different OTPs with it.

BastiaanJansen commented 2 years ago

Hi @gvillacis-ec ,

Whenever you need a new OTP for a different use case, you must use a different secret.

For example, if you want to send an sms with an OTP-code every time a user logs in, you use a different secret for each user so if multiple users sign in, in the same period, they all receive different OTP-codes.

ghost commented 2 years ago

Thanks for the explanation @BastiaanJansen