Prevent the reuse of OTP #1578

sitaram-kalluri · 2023-09-25T10:25:46Z

Is your feature request related to a problem? Please describe.

When generating an OTP through the "get:otp" method for the purpose of approving or denying an enrollment, prevent the reuse of the same OTP for a different enrollment request, even if the OTP is still valid.

cpswan · 2023-09-25T10:46:06Z

This is a pattern I had to implement for the Storj token service.

When I generate a nonce (similar to an OTP) a timestamp is stored alongside it. When it comes to validation the timestamp is checked to ensure that it hasn't expired. In the case of the token service that's just 60s, but for other use cases we just need a bigger number.

srieteja · 2023-10-30T14:35:00Z

This change has been made as part of #1609

srieteja · 2023-10-30T14:35:21Z

Closing this ticket as completed

sitaram-kalluri added the enhancement New feature or request label Sep 25, 2023

sitaram-kalluri changed the title ~~Prevent the re-use of OTP~~ Prevent the reuse of OTP Sep 25, 2023

ksanty assigned sitaram-kalluri and murali-shris Oct 3, 2023

murali-shris assigned srieteja and unassigned sitaram-kalluri Oct 3, 2023

murali-shris removed their assignment Oct 16, 2023

srieteja closed this as completed Oct 30, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Prevent the reuse of OTP #1578

Prevent the reuse of OTP #1578

sitaram-kalluri commented Sep 25, 2023 •

edited

Loading

cpswan commented Sep 25, 2023

srieteja commented Oct 30, 2023

srieteja commented Oct 30, 2023

Prevent the reuse of OTP #1578

Prevent the reuse of OTP #1578

Comments

sitaram-kalluri commented Sep 25, 2023 • edited Loading

Is your feature request related to a problem? Please describe.

cpswan commented Sep 25, 2023

srieteja commented Oct 30, 2023

srieteja commented Oct 30, 2023

sitaram-kalluri commented Sep 25, 2023 •

edited

Loading