-
-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support resync in TOTP validation #11
Comments
Looking at the implementation, I think I can answer this. The Wikipedia article on TOTP notes, emphasis mine,
pyotp, simply, does not (see here). It would be great if this could be an option, I think. |
the only totp python package that have time skew support is SpookyOTP, |
I am repurposing this issue for skew support, and changing the title accordingly. If anyone has a preferred API for how this would work, please comment here. |
From https://tools.ietf.org/html/rfc6238#section-6:
It seems unambiguous that a "max_skew" parameter is needed, in number of time steps. The questions I have are:
|
Was this resolved in a commit? |
There is a new parameter, |
Why would there need to be resync capabilities? Your computer isn't going to jump a second ahead or a second behind. The reason why it initially failed was because such a reason and TOTP implementation requests that there is a TTL component. Is this really necessary for the library to have (especially since you have to take latency into account and have the user give you the ms delay and fix and yada yada) |
Please read the RFC, it explains the use case for clock skew support and resynchronization. |
Still have similar issue in 2023, always my first probe fails even my keys are the same and interval is setup on 30. |
Clock skew is supported via the Because resync is stateful, I don't think this library will fully support resync functionality directly. I think what we need in PyOTP to support resync is the ability to return where in the valid window the code was accepted, and documentation on how to use that. |
Consider this test:
Sample output is:
I have seen this in production. I don't know why it fails sometimes. Any idea why? And how I can go about fixing it?
Thank you,
Joseph
The text was updated successfully, but these errors were encountered: