bbullock-trustquay
commented
4 years ago I'm experiencing the same issue. Did you ever manage to resolve it?
Closed Rc85 closed 4 years ago
bbullock-trustquay
commented
4 years ago I'm experiencing the same issue. Did you ever manage to resolve it?
Rc85
commented
4 years ago I'm experiencing the same issue. Did you ever manage to resolve it?
Yeah. You have to set the window of time to 2. Experiment with the number to suit your need. What this does is it will check the code within the specified window of time. 2 will check the last 2 code that was generated, so after an immediately refresh, the previous code will still be valid to authenticate.
https://www.npmjs.com/package/speakeasy#specifying-a-window-for-verifying-hotp-and-totp
bbullock-trustquay
commented
4 years ago Thanks @Rc85
After scanning QR code, if I immediately enter the 6 digit after the refresh on the Authenticator app, it does not verify.
Using the
speakeasy.totp()to generate the token and console logging it, it shows the 6 digit from before the refresh.I have 2 middleware, one is to generate the base32 and QR code. I store the secret in
req.session.user.secret. Then in my second middleware, where I do the verification, I put in the secret.base32 inspeakeasy.totp()to generate the token.The 6 digit received from client is the one shown on the Authenticator app, the token generated is shown as the one before the refresh.