TotpSecurityStampBasedTokenProvider defines a fixed timestep of 3 minutes

[depeter]

I'm implementing TOTP using the TotpSecurityStampBasedTokenProvider and couldn't figure out why it wasn't working with Google Authenticator.

While debugging I noticed that TotpSecurityStampBasedTokenProvider uses a fixed timestep of 3 minutes while google authenticator has a default set to 30 seconds. This difference causes the algorithm to generate different codes. It can not be modified in any way either.

The Google Authenticator documentation specifies it has the option but it is not taken into account.

How can I resolve this without creating my own provider?

If you like I can create a pull request that allows users to override the currently hardcoded timestep.

[dnxit]

It'll be nice if an option is there to give the time span as parameter
just like we have in Email Confirmation Tokens but for PhoneNumberToken its by default 3 minutes

so would it be possible to make it a parameter ?
just like

_userManager.UserTokenProvider = _userManager.GetDataProtectionProvider("EmailConfirmationToken", TimeSpan.FromDays(7));

@HaoK would it be possible to get this feature ???