Photo by Florian Berger
Introduction
Today 2FA is everywhere. It has made stealing accounts a bit harder than just obtaining ...
For further actions, you may consider blocking this person and/or reporting abuse
Hi. I just tested you demo if it generates the same tokens as (for example) WinAuth. WinAuth generates tokes every 30 seconds as well, but they are different from the ones generated in your demo. The tokens generated by your demo cannot be used to log into Amazon as well.
WinAuth generates time based tokens based on RCF 6238 as well and works fine for Amazon. What is the difference between your demo and WinAuth (or other Google Authenticator clones)? Can it be modified to generate the same tokens?
Hello there! Thank you for testing the demo and very sorry for such a huge delay in my response. Somehow dev.to never sends me emails about new comments :(
After some debugging and digging, I remembered the whole base32 deal. When creating this demo, for reasons I don't remember, I did not implement conversion of the input string from base32 and instead left it to be treated as plain UTF-8.
While this works for the test cases provided in RFC4226, it does not work with real world applications, which use base32.
I grabbed a base32 to ArrayBuffer conversion function from another library, put it into the demo and did a quick test against and AWS account comparing the codes to google authenticator. This way, it works!
Thanks for reporting this. I will think about how to incorporate this into article and the demo and push an update.
hi, the TOTP example is not complete because you are calling a method called getTOTPCounter() however you have not defined this method anywhere in your example. Please can you share the full example? Thank you
Hi! You can find the full example on Github in the article demo repo. The function you are looking for is defined here: github.com/khovansky-al/web-otp-de...
This article is freaking awesome! However, I see no QR code in the demo - only an icon/button and if i click it, it wants me to share my screen :-o
Thanks!
Yes, the demo only scans QR codes, not generates them. I have linked the FreeOTP tool in the article that you can use to generate the QR code. You can then use this demo to let the screen sharing API access the page with QR code and that will in turn scan the QR code and give you a OTP. Hope this helps!
Awesome! Tks for this great article.
Glad you liked it!