-
-
Notifications
You must be signed in to change notification settings - Fork 149
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Decimal time window #144
Comments
Hi @blackhole997, What you are describing here looks possible with the current method arguments by passing a custom timestamp. $isVerified = $totp->verify($otp);
if (!$isVerified) {
$isVerified = $totp->verify($otp, time()-15);
}
//Now $isVerified can be true even with an OTP that expired less than 15 seconds before |
Hi @Spomky, What you suggests surely works - I didn't think about doing it in that way. So, tell me if I'm wrong:
I think that obtaining the same result using the same parameter could be more elegant, but this is my personal opinion. |
The
The
I agree with you. Such leeway seems better that a hard windows which may induce security issues. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Hi @blackhole997, This will be part of the v11. Can you tell me if this new v11 is what you expected here? Regards. |
PR #152 is now merged |
Currently, the OTP time window can only be an
integer
:public function verify(string $otp, ?int $input = null, ?int $window = null): bool;
This parameter is a multiplier for the period set while generating the OTP;
so by using an
integer
it is impossible to create a time window smaller than the period itself.Example:
Google Authenticator only accepts a period equal to 30 seconds (not less, not more).
I would like to validate the OTP in a time window which goes by
timestamp - 45s
totimestamp + 45s
.Currently this is impossible because I cannot set a time window equal to
0.5
(15 seconds).The text was updated successfully, but these errors were encountered: