Open ingin97 opened 1 month ago
Hi @ingin97,
There is no reason to introduce a new interface to keep track on past OTPs in this library. This can easily be achieved on the application side with a caching system, a database or files. Same goes for the bruteforce prevention means.
Description
As the RFC6238 states the following:
It would be nice to have the Totp->verify() function to optionally accept an argument of the previous time the verify function was used. Though this timestamp of course has to be stored in the app itself, it would be nice to have the functionality to check the timestamp inside the package. This could also be done by mentioning explicitly in the documentation that it is best practice to not accept reuse of OTPs.
If this you see the benefit of adding this I will happily open a PR.
Example
Could be achieved by e.g.:
OR