Documentation Regarding Delay Window for Verification of ToTP

BastiaanJansen / otp-java

A small and easy-to-use one-time password generator library for Java implementing RFC 4226 (HOTP) and RFC 6238 (TOTP).

MIT License

186 stars 30 forks source link

Documentation Regarding Delay Window for Verification of ToTP #76

Closed manurajsingh closed 12 months ago

manurajsingh commented 12 months ago

Hello I would like to use your library for verifying ToTP. I see that the verification method allows delayWindow parameter. Can you please add some documentation regarding what are the units for the delayWindow? Is it in milliseconds, seconds, minutes or something else?

Thanks.

BastiaanJansen commented 12 months ago

Hi @manurajsingh,

The delayWindow parameter allows you to allow older or newer totp codes. So if your totp period is 30 seconds and you verify with a delayWindow of 1 you also allow totp codes generated in one 30 second period before or after.

manurajsingh commented 12 months ago

Hello @BastiaanJansen

Thanks for a quick answer. So, following is what I understand: With a delay window of 1, I will have PAST<--->CURRENT<--->FUTURE 30s<---->30s<---->30s which means overall period of 1min 30s to verify

and if delay window is 2, I will have 60s<--->30s<---->60s which means overall period of 2min 30s to verify

Am I correct?

Thanks

BastiaanJansen commented 12 months ago

Correct!

manurajsingh commented 12 months ago

Great Thanks.