Ok Mike. Thank you for the clarification. On 12 Jul 2020 Sun at 00:45 Mike Jumper <[email protected]> wrote:
> Reading through the TOTP extension code, I see the "totp-period" property > value used only to affect code invalidation, with code generation always > using the default value of 30: > > > https://github.com/apache/guacamole-client/blob/3c4c81f0b6b9700abccaefcc695058e515b8b20b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/UserVerificationService.java#L272-L274 > < > https://github.com/apache/guacamole-client/blob/33fa0033d20d2d735f858ef0d822a7a219080c5f/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/auth/totp/user/UserVerificationService.java#L272-L274 > > > > > https://github.com/apache/guacamole-client/blob/3c4c81f0b6b9700abccaefcc695058e515b8b20b/extensions/guacamole-auth-totp/src/main/java/org/apache/guacamole/totp/TOTPGenerator.java#L278-L281 > > That behavior is likely a bug, however Google Authenticator is currently > documented as ignoring the period value and always assuming 30: > > https://github.com/google/google-authenticator/wiki/Key-Uri-Format > > Assuming this is still the case, I would expect Google Authenticator to > currently work (as the extension behavior will effectively ignore the > period), and to stop working as soon as the overridden period is taken into > account for code generation (as Google Authenticator would no longer > generate the same codes). I can confirm that Google Authenticator does > appear to assume 30 regardless of the period within the QR code, at least > on Android. > > Overall: > > 1) This is probably a bug and should be fixed. > 2) If any of your users will use Google Authenticator, you shouldn't > override the defaults. > > - Mike > > On Sat, Jul 11, 2020 at 2:08 PM Murat BÜLBÜL <[email protected]> > wrote: > > > Hi Mike, > > > > I am using MacBook Air. My test phone is Iphone8 plus. I issued QR with > > both GoogleAuthenticator and YAKey. Both generates the same result. > > > > Murat > > > > > > On 11 Jul 2020 Sat at 23:40 Mike Jumper <[email protected]> wrote: > > > > > On Sat, Jul 11, 2020, 10:56 Murat BÜLBÜL <[email protected]> > > wrote: > > > > > > > I found the reason and it is interesting. Only 30 seconds is > generating > > > > valid code. No successful result for below other cases. > > > > > > > > totp-period: 31 : not working > > > > > > > > totp-period: 60 : not working > > > > > > > > *totp-period: 30 : working* > > > > > > > > totp-period: 20 : not working > > > > > > > > > > Are you sure your authentication device supports periods other than 30? > > > > > > - Mike > > > > > -- > > Murat BÜLBÜL > > > -- Murat BÜLBÜL
