The ThreadLocal-based approach introduced in 5e625e7 works, but I'm concerned that it's making things too complicated and introduces too much baggage for casual use cases. As an alternative, this approach just uses synchronization to manage access to stateful resources.
I like this approach because:
It maintains thread-safety.
The performance cost in single-threaded cases is negligible.
Callers can still create one HOTP/TOTP generator per thread if they're really concerned about throughput.
The
ThreadLocal-based approach introduced in 5e625e7 works, but I'm concerned that it's making things too complicated and introduces too much baggage for casual use cases. As an alternative, this approach just uses synchronization to manage access to stateful resources.I like this approach because: