Closed shubhagrwl-manta closed 2 years ago
You can do this by storing a table of "used" OTPs in your application (data storage is outside the scope of this library). You should only have to store it for <5 minutes, and then it can be deleted, and if a user submits the same OTP within a period, deny access
@pquerna alternatively, instead of using Validate(...)
to validate a user's totp, can't we use GenerateCode(secret, time.Now())
and compare the result with the user's input?
Won't that have the same effect without the additional storage?
As I want to remove my generated code whenever I got a request from my single User, so that he can't use previous OTP