Skip to content

FEATURE: Make TOTP verification window configurable #38

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
gradinarufelix wants to merge 1 commit into
base: main
Choose a base branch
from
Open

FEATURE: Make TOTP verification window configurable #38

gradinarufelix wants to merge 1 commit into from

Conversation

@gradinarufelix
Copy link

@gradinarufelix gradinarufelix commented Jan 16, 2026

Add totpVerificationWindow setting to allow operators to configure the tolerance for TOTP code verification.

  • Add optional $window parameter to TOTPService::checkIfOtpIsValid()
  • Inject configuration in LoginController and BackendController
  • Default to 0 (strict, original behavior) for backward compatibility
  • Document the new setting in README.md

Setting totpVerificationWindow to 1 is recommended as it prevents authentication failures caused by:

  • Clock drift between user device and server
  • Period boundary race conditions (code generated at end of period)
  • Network latency during code submission

@gradinarufelix
feat: make TOTP verification window configurable
2dbad29 
Add totpVerificationWindow setting to allow operators to configure
the tolerance for TOTP code verification.

- Add optional $window parameter to TOTPService::checkIfOtpIsValid()
- Inject configuration in LoginController and BackendController
- Default to 0 (strict, original behavior) for backward compatibility
- Document the new setting in README.md

Setting totpVerificationWindow to 1 is recommended as it prevents
authentication failures caused by:
- Clock drift between user device and server
- Period boundary race conditions (code generated at end of period)
- Network latency during code submission
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gradinarufelix