Timeout after 20 seconds no matter the window in verifyToken

[SomeMoosery]

Thanks for providing such a great tool!

I just have one quick question / problem with my implementation: I can't seem to increase the timeout window longer than ~20seconds, regardless of how large I set the window parameter.

My code is as follows:

  getSecret(): string {
    try {
      const newSecret: Secret = twofactor.generateSecret();
      return newSecret.secret;
    } catch (e) {
      throw new Error(e);
    }
  }

  getToken(secret: string): string {
    try {
      const newToken: Token = twofactor.generateToken(secret);
      return newToken.token;
    } catch (e) {
      throw new Error(e);
    }
  }

  verify2fa(userRequest: any, token: string): boolean {
    try {
      const verified: Delta = twofactor.verifyToken(userRequest.secret, token, 10000);
      return verified !== null && verified.delta === 0;
    } catch (e) {
      throw new Error(e);
    }
  }

Even with the window set to 10,000 as you see here, I get a delta of -1 after ~20 seconds. While I'm sending / verifying tokens asynchronously, I've checked to make sure that the sent secret/token match the verifying secret/token. Am I missing something?

Thanks!

[joelrwilliams12]

The token succeeds on the verifyToken call if the response is not null. That's the only pass/fail to check. By checking that delta == 0, you're forcing a 30s window. The delta value is just extra information.

Remove the check on 'delta === 0' and then your window will work as you change it. Once the time window is exceeded, verifyToken will return null.

[maxhudson]

If you accidentally pass a string as the window arg, you'll get a timeout FYI (i.e. '60' bad, 60 good)