Home > Software design >  Google Authenticator 2FA returning True always
Google Authenticator 2FA returning True always

Time:12-17

I'm using the GoogleAuthenticator nuget package for 2FA authentication in an ASP.NET application. The issue being that the function ValidateTwoFactorPIN always returns true even when the authenticator app has already changed TOTP code. TwoFactorSetupRequest printed in console

public TwoFactorSetupResponse Enable(string email)
        {
            var accountSecretKey = $"{SecretCode}-{email}";
            var setupInfo = _twoFactorAuthenticator.GenerateSetupCode("App", email, Encoding.ASCII.GetBytes(accountSecretKey));

            return new TwoFactorSetupResponse()
            {
                Account = setupInfo.Account,
                ManualEntryKey = setupInfo.ManualEntryKey,
                QrCodeSetupImageUrl = setupInfo.QrCodeSetupImageUrl,
            };
        }

        public bool IsCodeValid(string email, string code)
        {
            var accountSecretKey = $"{SecretCode}-{email}";
            return _twoFactorAuthenticator.ValidateTwoFactorPIN(accountSecretKey, code);
        }

CodePudding user response:

That package's default drift tolerance is five minutes, so either test with smaller tolerance or wait until the tolerance window has passed.

  • Related