Hi. I just tested you demo if it generates the same tokens as (for example) WinAuth. WinAuth generates tokes every 30 seconds as well, but they are different from the ones generated in your demo. The tokens generated by your demo cannot be used to log into Amazon as well.
WinAuth generates time based tokens based on RCF 6238 as well and works fine for Amazon. What is the difference between your demo and WinAuth (or other Google Authenticator clones)? Can it be modified to generate the same tokens?
Hello there! Thank you for testing the demo and very sorry for such a huge delay in my response. Somehow dev.to never sends me emails about new comments :(
After some debugging and digging, I remembered the whole base32 deal. When creating this demo, for reasons I don't remember, I did not implement conversion of the input string from base32 and instead left it to be treated as plain UTF-8.
While this works for the test cases provided in RFC4226, it does not work with real world applications, which use base32.
I grabbed a base32 to ArrayBuffer conversion function from another library, put it into the demo and did a quick test against and AWS account comparing the codes to google authenticator. This way, it works!
Thanks for reporting this. I will think about how to incorporate this into article and the demo and push an update.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hi. I just tested you demo if it generates the same tokens as (for example) WinAuth. WinAuth generates tokes every 30 seconds as well, but they are different from the ones generated in your demo. The tokens generated by your demo cannot be used to log into Amazon as well.
WinAuth generates time based tokens based on RCF 6238 as well and works fine for Amazon. What is the difference between your demo and WinAuth (or other Google Authenticator clones)? Can it be modified to generate the same tokens?
Hello there! Thank you for testing the demo and very sorry for such a huge delay in my response. Somehow dev.to never sends me emails about new comments :(
After some debugging and digging, I remembered the whole base32 deal. When creating this demo, for reasons I don't remember, I did not implement conversion of the input string from base32 and instead left it to be treated as plain UTF-8.
While this works for the test cases provided in RFC4226, it does not work with real world applications, which use base32.
I grabbed a base32 to ArrayBuffer conversion function from another library, put it into the demo and did a quick test against and AWS account comparing the codes to google authenticator. This way, it works!
Thanks for reporting this. I will think about how to incorporate this into article and the demo and push an update.