I've randomly generated a base32 secret and used it with my own Java program as well as the online TOTP generator https://totp.app, and https://totp.danhersam.com/ I've got the same OTP from my local Java program and the online TOTP generators
JQ4EW3KBIIZVQOKDLBKGEODRMJLEQ5TGOBZGEMSD
I've also tried to generated the QA code with this particular URL otpauth://totp/Client Pages?secret=JQ4EW3KBIIZVQOKDLBKGEODRMJLEQ5TGOBZGEMSD on https://www.qr-code-generator.com/ and I've scanned that QR code with mobile Apps on Android, both Google Authenticator and Duo Authenticator, however, they've generated totally different OTP from my local Java program and the online TOTP generators
According to https://github.com/google/google-authenticator/wiki/Key-Uri-Format, I've tried to put in an extra query param algorithm=SHA1 in that otpauth URL, and it didn't help.
It'll be really appreciated if someone could shed light on what could be the subtle root cause?