Time (20 seconds validity) based google authentication code, i need to check the time before reading the 4 digit code.
- Collect the google auth code using TOTP
- Apply the code automatically in our application
Problem, while reading - code at the edge (18/19th seconds), and send the code automatically to our text box, but validity expired and authentication was failed. so i want to check the code along with validity time
a. if validity time greater than 10 seconds i can get the code and pass it to text box b. if validity time less than 10 seconds ,wait for 10 seconds
code:
public static String getTOTPCode(String secretKey) {
String normalizedBase32Key = secretKey.replace(" ", "").toUpperCase();
Base32 base32 = new Base32();
byte[] bytes = base32.decode(normalizedBase32Key);
String hexKey = Hex.encodeHexString(bytes);
return TOTP.getOTP(hexKey);
}
Jar file
commons-code1.8 jar
totp-1.0 jar
refer the above, and let me know how can get the validity time for the OTP?
See about TOTP. Server should generally allow codes from ±1 time interval anyway. So most probably you don't have to be concerned with such artificial delays.
Other than that, depending on TOTP parameters, you should know when is the tripping point of next time intervals. So you can just check how close you are to a tripping point based on current time.
P.S. I heard some servers adjust time calculations based on client previous auth attempts so that client/server time shifts do not break auth. e.g. when client machine doesn't use NTP and thus clock does off.
update: about generating timestamp TOTP : Do the seconds count?