Reading through the TOTP extension code, I see the "totp-period" property value used only to affect code invalidation, with code generation always using the default value of 30:
https://github.com/apache/guacamole-client/blob/3c4c81f0b6b9700abccaefcc695058e515b8b20b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/UserVerificationService.java#L272-L274 <https://github.com/apache/guacamole-client/blob/33fa0033d20d2d735f858ef0d822a7a219080c5f/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/UserVerificationService.java#L272-L274> https://github.com/apache/guacamole-client/blob/3c4c81f0b6b9700abccaefcc695058e515b8b20b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/totp/TOTPGenerator.java#L278-L281 That behavior is likely a bug, however Google Authenticator is currently documented as ignoring the period value and always assuming 30: https://github.com/google/google-authenticator/wiki/Key-Uri-Format Assuming this is still the case, I would expect Google Authenticator to currently work (as the extension behavior will effectively ignore the period), and to stop working as soon as the overridden period is taken into account for code generation (as Google Authenticator would no longer generate the same codes). I can confirm that Google Authenticator does appear to assume 30 regardless of the period within the QR code, at least on Android. Overall: 1) This is probably a bug and should be fixed. 2) If any of your users will use Google Authenticator, you shouldn't override the defaults. - Mike On Sat, Jul 11, 2020 at 2:08 PM Murat BÜLBÜL <[email protected]> wrote: > Hi Mike, > > I am using MacBook Air. My test phone is Iphone8 plus. I issued QR with > both GoogleAuthenticator and YAKey. Both generates the same result. > > Murat > > > On 11 Jul 2020 Sat at 23:40 Mike Jumper <[email protected]> wrote: > > > On Sat, Jul 11, 2020, 10:56 Murat BÜLBÜL <[email protected]> > wrote: > > > > > I found the reason and it is interesting. Only 30 seconds is generating > > > valid code. No successful result for below other cases. > > > > > > totp-period: 31 : not working > > > > > > totp-period: 60 : not working > > > > > > *totp-period: 30 : working* > > > > > > totp-period: 20 : not working > > > > > > > Are you sure your authentication device supports periods other than 30? > > > > - Mike > > > -- > Murat BÜLBÜL >
