URGENT - Bug in TOTP Validation
-
Technical explanation of the bug:
TOTP changes every 30 seconds. System or server time is used to calculate TOTP.
So if there is a difference in clocks of client & server, TOTP generated by client may not match with the server.
To safeguard from this, the server normally matches the TOTP entered by client with current TOTP & also with TOTP which was valid in the previous 30 seconds. This makes sure small differences (less than 30 seconds) in client & server do not affect the login.
Angel is likely only comparing it with current OTP & not comparing with OTP that has expired in previous 30 seconds.
Due to this the "Invalid otp" is coming sometimes & sometimes it is working.
We are sending this details to Angel. Hopefully they will fix it before tomorrow morning.
-
The issues seem to have been fixed.
Although we do see errors, but those are mostly for a select few accounts & likely due to invalid TOTP key.
-
Hi @StocksDeveloper , session stays valid till next day 5am.
-
@admin There's no way for us to find the cause from outside. The errors are still happening.
We have added multiple retries on our side to avoid this error. Now this is a workaround.
Another workaround would be to avoid login again and again. Our session timeout for angel is 50 mins. That means if there's 50 mins of inactivity, we will relogin to angel account. If you tell us exact time of session expiry on your side, then we will increase session timeout on our side. This will reduce login requests & the chances of error.
Now these are just workarounds, you need to check what is wrong.
One way to check this is writing a piece of code which does login every 2-3 seconds. And run this code for whole day (market hours) on any machine outside of your data centre. This code should never fail, if it does fail then it proves the issue is on server side OTP validation.
-
Hi @StocksDeveloper , all our servers are synced with standard time properly and we accept upto 3 time periods - past, current and future.
-
@admin Still errors coming. We have already provided many suggestions. Could you please help us understand what fixes you have done? Did you make sure that all your server timestamps are matching with Standard Internet Time?
Or was there no fix done?
-
Hi @StocksDeveloper , TOTP login is working without any issues.
-
@StocksDeveloper I can integrate python solution in any language.If you wish to do so reply me on utsav.moradiya3@gmail.com , instantaneous code fix. Before admin releases a solution in language, several algo traders have already adopted this temporary method.
-
@Harman08
Bro once you are logged in and refresh token is generated.Then there is no need of topt longer
I can integrate python solution in any language.If you wish to do so reply me on utsav.moradiya3@gmail.com , instantaneous code fix. Before admin releases a solution in language, several algo traders have already adopted this temporary method. -
@StocksDeveloper I can integrate python solution in any language.If you wish to do so reply me on utsav.moradiya3@gmail.com , instantaneous code fix. Before admin releases a solution in language, several algo traders have already adopted this temporary method.
-
@StocksDeveloper oh intermittently! Are u running transactions on seconds timeframe, or facing issue while fetching data feed due to intermittent failures
-
@Harman08 Dude...Have you read my comments?? Did you understand them???
Do you feel I do not understand how TOTP works?
-
@StocksDeveloper It's not Bug, Totp is Temporarily time based OTP u need to update everytime
-
I have used Present time, 15 second past, 15 second future...TOTPs....see logs below:
Still it fails "intermittently" ...... got no clue what is happening on your server.
===========================
Time: 16:48:36.402 (5th Octomber)
[P139064 : P139064]: Using TOTP from the PRESENT.
[P139064 : P139064]: Angel error: Error from Angel: Following error has occourred.. Angel error code: AB1050, Message: Invalid totp
[P139064 : P139064]: Angel error, retrying login operation.
[P139064 : P139064]: Using TOTP from the PAST.
[P139064 : P139064]: Angel error: Error from Angel: Following error has occourred.. Angel error code: AB1050, Message: Invalid totp
[P139064 : P139064]: Angel error, retrying login operation.
[P139064 : P139064]: Using TOTP from the FUTURE.
[P139064 : P139064]: Error from Angel: Following error has occourred.. Angel error code: AB1050, Message: Invalid totp -
Definitely a bug. Most likely either all or some of the servers which are involved in validation do not have their time synced with standard internet time.
Please fix this asap. It is becoming difficult to handle clients with so many issues happening with Smart API.
Our TOTP generation logic is working absolutely fine for all brokers. As the algorithm is common for all brokers, it should have worked on Smart API as well. But it is failing intermittently.
-
Account: S774013
The user mentioned that he had correct key but still he got "Invalid otp" error "sometimes".
I think this could be most likely due to time differences on the server.
Please call or whatsapp me.....I think I might be able to help.
-
HI @StocksDeveloper , Time discrepancy for small delays have been added . This should resolve the invalid totp issue for small time differences. Please let us know if you still see the issue. For the SmartAPI users who are running code on cloud solution , please make sure your server time is in correct zone. For reference one can use https://www.pool.ntp.org/zone/in to sync the server clock .
-
https://en.wikipedia.org/wiki/Time-based_one-time_password#Algorithm
Some authenticators allow values that should have been generated "BEFORE or AFTER" the current time in order to account for slight clock skews, network latency and user delays.
-
Server is intermittently failing totp validation even when totp is correctly generated using a computer with standard internet time.
This is going to be hard to reproduce for the server side folks. But please validate with
- Previous 30 seconds totp (past)
- Current 30 seconds totp (present)
- Next 30 secodns totp (future)
This will safeguard you against the minor time inconsistencies between smart api clients & smart api server. Because their time may not exactly match.