TL;DR : RFC 6238, TOTP (Time based one time password)

Used in:

1. Google Authenticator.
2. Twillio Authy e.t.c

// n digits 
TOTP = TRUCATE(HMAC(secret_key, counter))%10^n

Where;

1. secret_key = shared between client and server
2. counter = floor(unix-time/time step)

Hash will be truncated, converted to decimal divided by 10^n (where n is the number of otp digits), the result of the remainder will give you an n length integer, which is our OTP code