kislyuk
commented
3 years ago TOTP is not meant to be used that way. You are looking for HOTP.
Closed al-muammar closed 3 years ago
kislyuk
commented
3 years ago TOTP is not meant to be used that way. You are looking for HOTP.
I just discovered that OTP computes time remaining using modulo: https://github.com/pyauth/pyotp/issues/87
Which means that an OTP could expire right after it was generated. Right now I'm generating OTP codes and sending them to customer emails for email verification. And sometimes it happens that the codes are already expired.
Am I using OTP in the wrong way? If that's an intended use case, how to overcome the problem I just described? I want to give customers genuine N seconds to verify emails.