TOTP check does not work on distributed systems

[rosshettel]

Describe the bug
Testing OTP login locally with one server works correctly, but when deployed to AWS with multiple containers behind a load balancer, totp.check() takes multiple tries to pass. Upon investigation, it appears that only the original container that generated the OTP successfully passes the totp.check(). I'm storing the totp secret key in the database, so all servers have access to the same secret. They're also all synced to the same time.

Expected behavior
totp.check() works with the same token and secret regardless of system

Details (please provide any relevant information):

• otplib version: 12.0.1

[rosshettel]

Just a follow up on this, I switched to this library: https://www.npmjs.com/package/notp, since it is mostly a drop in replacement API wise, and no longer run into this issue. So not sure what's going on with this library that doesn't like multiple containers, but happy to provide any more info to help debug this

[phantomAA92]

Just a follow up on this, I switched to this library: https://www.npmjs.com/package/notp, since it is mostly a drop in replacement API wise, and no longer run into this issue. So not sure what's going on with this library that doesn't like multiple containers, but happy to provide any more info to help debug this

it doesn't work. I got same error on live server.

[yeojz]

I believe OP had found success with notp .. that's good.

@phantomAA92 are you still having issues or working on it?
If you are perhaps try and update to v13 first? If you still encounter issues then, let me know.