Yahoo Japan supports one time passwords using their own app. Their info page about it: https://id.yahoo.co.jp/security/otp.html

andOTP did not recognize their QR code. It's encoded as:

yjotp://totp/username?secret=################################

Also tried copy-paste but that resulted in wrong values; I might have done something wrong.

andOTP produces the correct values when enter

I love the library and it has been very helpful for me.

Recently, my implementation of speakeasy.totp failed a penetration test. I wrote a writeup on my findings (with a code sample to show how common this can happen with a bad implementation+configuration).

The issue: please improve the documentation (especially arou

It would be helpful to have a comprehensive documentation of the endpoints to help configure Authelia correctly in real life environments.

It might be useful to have a generic system for documenting anything within PrivacyIDEA. However that is a rather large undertaking.

See: #1814

We could have a table for documentation and then add links in this table where it links to.
But the questions would be

• where display the documentation
• to whom display the documention?
  • for users?
  • for admins?

Hi, I followed the example site and managed to get the "secret" page working with 2FA setup on my website.

However, to protect the admin site, I found this ReadTheDocs article, but it doesn't seem to work. Is this procedure still the current way to make 2FA work on the admin site ?
Using this, when I go to t

Please add some sort of indicator when a code is due to expire. Having the about-to-expire code blink would be more than sufficient.

In our environment, we auto generate a number of profiles and we use a comment

START of Generated Lines

To separate out the generated profiles from the non-generated one. Unfortunately, everytime we run the aws-mfa tool, it removes that comment.

UnhandledPromiseRejectionWarning: Unhandled promise rejection (rejection id: 742): UnableToResolveError: Unable to resolve module prop-types from /home/********/Downloads/react-native-phone-verification-master/example/node_modules/react-native-emoji/index

[Edit by @cbetta]

Add documentation on what callback actually is. For most people it's clear to be a function but even then it would be good to document what to expect exactly.

[Original issue]

Hello there,
would it be possible to add the response to all function calls ?
Otherwise I am unable to determine if for example an SMS message was sent.

Cheers.

When using TOTP the user password should -always- go to the TOTP app, even if wrong.

It should not say "wrong password" prior to the TOTP app for security reasons. This app should not let the attacker know they have the correct password!

Current behavior:

Attempt login - wrong password - error
Attempt login - correct password - totp - error | This lets the attacker know the password is c