You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Expected outcome. When the same six digit code is submitted a second time - even if its but a moment later than the first time - it will be rejected as invalid.
Implementation Thoughts
Record used TOTP token or hash in database
Delete stale TOTP tokens because they expire after a few minutes anyway
When interacting with table, issue a delete statement that purges records older than 5 minutes
Definition of Done
Sign in with TOTP and get success
Try to sign in again with same TOTP and get 401 unauthorized error
Expected outcome. When the same six digit code is submitted a second time - even if its but a moment later than the first time - it will be rejected as invalid.
Implementation Thoughts
Definition of Done