It seems like Google Authenticator skips period parameter in QR Code image like this:
<img src="https://api.qrserver.com/v1/create-qr-code/?data=otpauth%3A%2F%2Ftotp%2FSFG%3Aspring%3Fsecret%3DKYWDNNMYH57XUPL6N4YORD6DTYD7ZDO2%26issuer%3DSFG%26algorithm%3DSHA1%26digits%3D6%26period%3D60&size=200x200&ecc=M&margin=0"/>
So if period is different from default (30s) Google Authenticator gives wrong Verification Code and our server can not verify it:
if (googleAuthenticator.authorizeUser(user.getUsername(), verifyCode)) {
User savedUser = userRepository.findById(user.getId()).orElseThrow();
savedUser.setUseGoogle2f(true);
userRepository.save(savedUser);
return "/index";
} Method googleAuthenticator.authorizeUser(user.getUsername(), verifyCode) gives false result.
But application FreeOTP from Red Hat gives correct Verification Code and has no issue in verification.
It seems like Google Authenticator skips
periodparameter in QR Code image like this:<img src="https://api.qrserver.com/v1/create-qr-code/?data=otpauth%3A%2F%2Ftotp%2FSFG%3Aspring%3Fsecret%3DKYWDNNMYH57XUPL6N4YORD6DTYD7ZDO2%26issuer%3DSFG%26algorithm%3DSHA1%26digits%3D6%26period%3D60&size=200x200&ecc=M&margin=0"/>So if period is different from default (30s) Google Authenticator gives wrong Verification Code and our server can not verify it:
Method
googleAuthenticator.authorizeUser(user.getUsername(), verifyCode)givesfalseresult.But application
FreeOTPfrom Red Hat gives correct Verification Code and has no issue in verification.