Flexability when validating TOTP code.

BastiaanJansen / otp-java

A small and easy-to-use one-time password generator library for Java implementing RFC 4226 (HOTP) and RFC 6238 (TOTP).

MIT License

186 stars 30 forks source link

Flexability when validating TOTP code. #75

Closed brett-walker closed 1 year ago

brett-walker commented 1 year ago

From wikipedia

Some authenticators allow values that should have been generated before or after the current time in order to account for slight clock skews, network latency and user delays.

Is this possible using your library to allow this flexability?

If so, could you post some code showing how this is possible. Thanks

brett-walker commented 1 year ago

Looking further at the TOTPGenerator class.

The public boolean verify(final String code) method is the strict version. The public boolean verify(final String code, final int delayWindow) method seems to be the more lenient version.

Would using the 2nd method mentioned able provide the flexibility I've inquired about?

BastiaanJansen commented 1 year ago

Yes, correct. The delay window allows you to accept codes slightly before or after.