I am doing a TOTP check using Node + Redis and trying to figure out how to implement clock synchronization synchronization. I use hardware devices to generate TOTP passwords / tokens, but when checking tokens you need to consider the data drift of these hardware devices. I read RFC and other blog posts, and from a high level I think I understand the clock drift tuning algorithm in terms of time steps, but I canβt understand in what cases tokens should skip checking and / or which flags should I set in the database to tell me about it. Any ideas? Or even better, could someone point me to some sample code links where people implemented this?
source
share