Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid token. Please make sure you have entered it correctly #261

Open
olivierbufalini opened this issue Mar 9, 2018 · 17 comments
Open

Invalid token. Please make sure you have entered it correctly #261

olivierbufalini opened this issue Mar 9, 2018 · 17 comments
Labels
question

Comments

@olivierbufalini
Copy link

After a while token are not accepted anymore even so that I am using the right code generated on Google Auth App. Whenever I enter the code I keep getting the same message : Invalid token. Please make sure you have entered it correctly

The only way to solve it, is to remove the token in the DB and re do the setup.

Your Environment

  • Browser and version: Any
  • Python version: 2.7
  • Django version: 1.10.5
  • django-otp version: 0.3.8
  • django-two-factor-auth version: 1.5.0
  • Link to your project:
@Bouke
Copy link
Collaborator

Bouke commented Apr 15, 2018

Without additional information, there's nothing much to look at here. I think the clock skew (drift) is stored somewhere on the OTP device, and I'm guessing here, maybe the clock of your phone and the server have drifted too much?

@Bouke Bouke added the question label Apr 15, 2018
@marojenka
Copy link

hi there.
I got similar problem and can't figure this out. Checking the time is the first thing to do clearly and sadly doesn't help.
In a desperate hope I tried to clear cache and a session, no luck there. I didn't checked the inside of application yet so if there is some ideas what to look for next time it happened it might help.

@lucawen
Copy link

lucawen commented Nov 6, 2018

you figure out how to resolve this ?

@marojenka
Copy link

since my message I had this problem only few times on development server and wasn't able to narrow it down before it disappears, sorry.

@lucawen
Copy link

lucawen commented Nov 23, 2018

I having this problem in production with large scale users problens... My timezone is in Seoul, maybe is this ??

@marojenka
Copy link

I'm not able to reproduce this anymore.
Chances are it was tied to a custom middleware that enforced login-required policy. Never happened after I added /favocon.ico (!) to exceptions list. My bad /shrug

@claudep
Copy link
Contributor

claudep commented Feb 18, 2019

With bitten by this too, a warning could be added in the docs that inadvertent redirections might interfere with the process.

@moggers87
Copy link
Collaborator

moggers87 commented Feb 19, 2019
edited
Loading

That might be worth doing as it's not the only issue reported that was caused by this sort of misconfiguration: #291

@ronnievdc
Copy link

I also stumbled on it.

It could be caused by django_otp. The TOTPDevice Model has a ThrottlingMixin. After entering a wrong code the ThrottlingMixin could throw the error: VerifyNotAllowed.N_FAILED_ATTEMPTS. django_otp ignores the error message and only returns False as the error status. django-two-factor-auth handles the False by showing the Invalid token message.

@moggers87
Copy link
Collaborator

@ronnievdc that's by design and this bug pre-dates that feature by about a year.

@moggers87
Copy link
Collaborator

Are there any other URLs that might be loaded that could be causing this issue for you?

@kirubasankar2006
Copy link

The TOTP generated from the forms.py code (totp(key, self.step, t0, self.digits, self.drift + offset)) is diffrent from code google authenticator is showing me. Any suggestions?

@moggers87
Copy link
Collaborator

Some more information would be helpful!

@kirubasankar2006
Copy link

Hi. Below is my detail on what I have done so far.
https://stackoverflow.com/questions/65540983/django-two-factor-authentication-not-working.

steps followed.

  1. Installed the packages two_factor install Django-two-factor-auth.
  2. opened the URL /account/login
  3. after entering the user name and password redirected to the QR setup page
  4. scanned QR on both Google Authenticator/ Authy (both shows
  5. when I enter the token generated by google authenticator I get the error Invalid token.

When I debug I can see that the token generated from the two_factor\forms.py is different from what I see in the google authenticator.
Any help is appreciated.

@moggers87
Copy link
Collaborator

Are the clocks on your device and your server correct? TOTP is very sensitive to clock drift and it's been my personal experience that this sort of issue is usually a case of "oh, NTP crashed on my server" 😸

@Chuchundr
Copy link

Chuchundr commented Jan 7, 2021
edited
Loading

The TOTP generated from the forms.py code (totp(key, self.step, t0, self.digits, self.drift + offset)) is diffrent from code google authenticator is showing me. Any suggestions?

You can increase the tolerance value, the token will be usable for some more time. It helped me with the same issue.

@kirubasankar2006
Copy link

Thank you for the reply I am trying only in the localhost now so the clock in my PC and my mobile have the same time. I have even tried to set the TIME_ZONE = 'Asia/Kolkata' which is my local time.

The TOTP generated from the forms.py code (totp(key, self.step, t0, self.digits, self.drift + offset)) is diffrent from code google authenticator is showing me. Any suggestions?

You can increase the tolerance value, the token will be usable for some more time. It helped me with the same issue.
I tried this also bro. No luck.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@claudep @Bouke @lucawen @moggers87 @olivierbufalini @marojenka @ronnievdc @kirubasankar2006 @Chuchundr