TominoLP / 2FA-API

A simple API to generate QR codes and validate the user input
Apache License 2.0
4 stars 1 forks source link

Could you add a drift for validation method? #3

Open dpastov opened 4 months ago

dpastov commented 4 months ago

So when we validate TOTP on server, I want to be able to set -2 mins to +2 mins to avoid possible misconfig in time?

TominoLP commented 4 months ago

Im not completly shure what you mean... Like a Toleranz Windows ? @dpastov

dpastov commented 4 months ago

@TominoLP Yes. Imagine a server where we validate totp is 1 minute behind of real time. so we need to be able to set a window like checking code from -2 mins to now and to +2 mins.

TominoLP commented 4 months ago

Thanks for the clarification. I understand the concept now, and I'll make sure to implement it today evening if I can find the time to do so. @dpastov

dpastov commented 4 months ago

If you can make it today or Monday morning would be great :-)

TominoLP commented 4 months ago

Im sorry but i dont have the time today, I'm going to have a lot of stress in the next week, I can't say whether I have time to make the changes, but you're welcome to find a solution yourself and do a PR

if you use the newest version pls note that the TOTP validation method is not under TOTP. and not AuthSys.

dpastov commented 4 months ago

@TominoLP thanks, I can update the solution if I make it run with Java8 on my server (it still throw an error).

TominoLP commented 4 months ago

Version 1.3.1 runs at V8 Just fine for me , can you provide me with more Details?

TominoLP commented 4 months ago

@dpastov can you provide me The error and then Version you are currently using, then i may be able to reproduce it and Help you

Please Open a new issue for that

dpastov commented 4 months ago

I have fixed the error, but in my case I had to pack all dependencies into jar and it's relatively big...

rvmey commented 1 week ago

I would also appreciate this feature. Too often the TOTP code validation fails because of the time difference between the phone and the server. The option to allow +1 and -1 minutes to the time window would fix it.

TominoLP commented 1 week ago

@rvmey im currently Not working in any privat Projects To mutch To-Do at Work, sorry