Closed wdperson closed 1 month ago
Rodauth uses TOTP: https://github.com/mdp/rotp/blob/main/lib/rotp/totp.rb#L39
@jeremyevans thanks for the help. That helped narrow it down. However, in version 1.11.0 of rodauth-rails The code here: https://github.com/mdp/rotp/blob/main/lib/rotp/totp.rb#L46
Shows a match for the otp vs the generated_otp based on the timecode.
However, when I upgrade to version 1.14.1 of rodauth-rails all of them come back as false for a match and throw a "Invalid Authentication Token" error.
I think I am straying off topic a bit for Rodauth here, if it is better I open an issue/reference this one in rodauth-rails I can do that.
Best practice if you are using rodauth-rails is to always open a discussion in the rodauth-rails repository. If @janko determines the issue is actually in Rodauth, he'll raise the issue here.
@jeremyevans thanks, that's what I will do. Appreciate your help/guidance.
We are using the ROTP gem with Rodauth rails (however the issue may be coming from Rodauth...see below) and after upgrading to the latest version of Rodauth Rails, we are having an issue with verifying the one time password. The line here: https://github.com/mdp/rotp/blob/main/lib/rotp/otp.rb#L53
ROTP is looking for two params. From Rodauth, it seems to only be passing one of the two params to ROTP: https://github.com/jeremyevans/rodauth/blob/0c8dc7aa718790053a101c32ce44ffd98feed2f4/lib/rodauth/features/otp.rb#L271
I am not sure if it is an issue with ROTP or Rodauth or if I am not understanding how this is working. Any help would be appreciated. I also opened this issue on ROTP's repo.