invalidate old otp values

[charith26]

Hi,

I'm using this library to generate and validate totp values. I generate a new code every 60 seconds,

long currentBucket = Math.floorDiv(new SystemTimeProvider().getTime(), 60);
System.out.println( codeGenerator.generate(secret, currentBucket) );`

However, when I validate the codes, the old codes continue to be valid even after the new codes are generated. Is this the normal case or am I doing something wrong?

timeProvider = new SystemTimeProvider();
codeGenerator = new DefaultCodeGenerator(HashingAlgorithm.SHA1);
verifier = new DefaultCodeVerifier(codeGenerator, timeProvider);
verifier.setTimePeriod(60);
verifier.setAllowedTimePeriodDiscrepancy(5);
verifier.isValidCode(secret, totp);

thank you

[samdjstevens]

Hey,

To be clear, the setAllowedTimePeriodDiscrepancy method is asking for a discrepancy in periods (or buckets), so if your time period is 60 like the above, setting a discrepancy of 5, is saying that codes that were generated 5*60 seconds ago or less are valid.

Does this help?

[charith26]

Hey, It does! Solved the issue. Thanks