When the user is presented with the prompt for a TOTP in the future, they can opt to enter one of the recovery codes instead to gain access to their account. Usually, upon registering an account for MFA, several one-time use codes will be generated and presented to the user, with instructions to keep them very safe. This is usually given as an option to the user so that in the event of losing access to the device which they have registered the MFA secret with, they are still able to log in. Recovery codes can be used to allow users to gain access to their MFA protected account without providing a TOTP, bypassing the MFA process. If the system clock cannot be used to accurately get the current time, then you can fetch it from an NTP server with the .NtpTimeProvider class, passing in the NTP server hostname you wish you use. If the system clock is reliable, it is reccomended that this provider is used. Most applications should be able to use the SystemTimeProvider class to provide the time, which gets the time from the system clock. In the example code above, a SystemTimeProvider is used, but this is not the only option. When verifying user submitted codes with a DefaultCodeVerifier, a TimeProvider is needed to get the current time (unix) time.
Once again, the number of digits must be the same as what was specified when the QR code for the secret was created. The above generator will generate codes of 4 digits, using the SHA1 algorithm. CodeGenerator codeGenerator = new DefaultCodeGenerator( HashingAlgorithm.
0 kommentar(er)
