You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
use Authenticator or Authy and register via QR (Also tried manually). On my iPhone.
make a post to /auth/2fa/totp/confirm with this request body:
{
"code": "<CODE_FROM_APP>"
}
It fails every time (no matter which app).
I'm assuming it has to do with the logic used to generate the code (duration, secret, etc.) but not sure what the recommended way to debug/solve this is.
I confirmed from my debugger that the TOTP secret it uses to decode is the same that I registered in the authenticator app. Looking at your source code it seems the default behavior you used is supposed to be compatible, so I'm trying to understand what else might cause this to deviate.
For fun I ran your totp.GenerateCode(...) method and passed that in and it worked, so there's something about how it generates/validates codes via the default options that might be off from the three different auth apps on my iPhone:
Google Authenticator
Authy
Authenticator
Or maybe I'm missing something...
The text was updated successfully, but these errors were encountered:
Hmm, I do see that you use the pquerna/otp package (which if I did this manually, I'd have used as well), so I'm even more confused as to why the code from my app after registering via QR is not the same as what the algo generates.
(I made sure I was using the right code 😄 )
This... appears to have resolved itself so closing...
Hi there,
Was attempting to set up authboss in my golang API and did a straight-forward TOTP implementation.
I was able:
POST /auth/2fa/totp/setup
GET /auth/2fa/totp/confirm
which returnsGET /auth/2fa/totp/qr
)/auth/2fa/totp/confirm
with this request body:I'm assuming it has to do with the logic used to generate the code (duration, secret, etc.) but not sure what the recommended way to debug/solve this is.
I confirmed from my debugger that the TOTP secret it uses to decode is the same that I registered in the authenticator app. Looking at your source code it seems the default behavior you used is supposed to be compatible, so I'm trying to understand what else might cause this to deviate.
For fun I ran your
totp.GenerateCode(...)
method and passed that in and it worked, so there's something about how it generates/validates codes via the default options that might be off from the three different auth apps on my iPhone:Or maybe I'm missing something...
The text was updated successfully, but these errors were encountered: