BlocksTokens & Crypto
Verify TOTP Code
Confirm a user's 6-digit authentication code against their stored secret.
The Verify TOTP Code block validates the 6-digit code provided by a user (from apps like Google Authenticator or Authy) against their previously stored secret key.
Configuration
| Field | Required | Description |
|---|---|---|
| User's TOTP Secret | ✅ | The base32 secret key previously saved for this user. |
| 6-Digit Code (Token) | ✅ | The current 6-digit code entered by the user. |
| Allowed Time Window | — | Number of 30-second steps before/after to accept (default is 1, which allows for slight clock drift). |
| Output Variable | ✅ | The name of the variable that will store the boolean result (true or false). |
Drift Handling
Setting a higher Allowed Time Window makes login easier for users with unsynced clocks but slightly reduces security. A value of 1 or 2 is usually recommended.
Error Handling
SECRET_MISSING— Triggered when the secret field is empty.TOKEN_MISSING— Triggered when the 6-digit code is missing.RUNTIME_ERROR— Triggered if an unexpected error occurs during verification.
Example: Verifying Login
- User's TOTP Secret: Set to
{db.users.totp_secret}. - 6-Digit Code (Token): Set to
{request.body.code}. - Output Variable: Enter
is_valid_code. - Result: The variable
{is_valid_code}will betrueif the code matches, otherwisefalse.
Follow this block with a Basic Conditional Compare block to check if {is_valid_code} is equal to true before granting access.
