URGENT - Bug in TOTP Validation

UtsavM · Oct 6, 2022, 10:51 PM

@StocksDeveloper I can integrate python solution in any language.If you wish to do so reply me on utsav.moradiya3@gmail.com , instantaneous code fix. Before admin releases a solution in language, several algo traders have already adopted this temporary method.

Harman08 · Oct 6, 2022, 5:03 AM

@StocksDeveloper oh intermittently! Are u running transactions on seconds timeframe, or facing issue while fetching data feed due to intermittent failures

StocksDeveloper · Oct 6, 2022, 4:59 AM

@Harman08 Dude...Have you read my comments?? Did you understand them???

Do you feel I do not understand how TOTP works?

Harman08 · Oct 6, 2022, 4:57 AM

@StocksDeveloper It's not Bug, Totp is Temporarily time based OTP u need to update everytime

StocksDeveloper · Oct 6, 2022, 4:57 AM

I have used Present time, 15 second past, 15 second future...TOTPs....see logs below:

Still it fails "intermittently" ...... got no clue what is happening on your server.

===========================

Time: 16:48:36.402 (5th Octomber)

[P139064 : P139064]: Using TOTP from the PRESENT.
[P139064 : P139064]: Angel error: Error from Angel: Following error has occourred.. Angel error code: AB1050, Message: Invalid totp
[P139064 : P139064]: Angel error, retrying login operation.
[P139064 : P139064]: Using TOTP from the PAST.
[P139064 : P139064]: Angel error: Error from Angel: Following error has occourred.. Angel error code: AB1050, Message: Invalid totp
[P139064 : P139064]: Angel error, retrying login operation.
[P139064 : P139064]: Using TOTP from the FUTURE.
[P139064 : P139064]: Error from Angel: Following error has occourred.. Angel error code: AB1050, Message: Invalid totp

StocksDeveloper · Oct 5, 2022, 3:27 AM

@admin

Definitely a bug. Most likely either all or some of the servers which are involved in validation do not have their time synced with standard internet time.

Please fix this asap. It is becoming difficult to handle clients with so many issues happening with Smart API.

Our TOTP generation logic is working absolutely fine for all brokers. As the algorithm is common for all brokers, it should have worked on Smart API as well. But it is failing intermittently.

StocksDeveloper · Oct 4, 2022, 12:19 PM

Account: S774013

The user mentioned that he had correct key but still he got "Invalid otp" error "sometimes".

I think this could be most likely due to time differences on the server.

Please call or whatsapp me.....I think I might be able to help.

admin · Oct 2, 2022, 3:46 PM

HI @StocksDeveloper , Time discrepancy for small delays have been added . This should resolve the invalid totp issue for small time differences. Please let us know if you still see the issue. For the SmartAPI users who are running code on cloud solution , please make sure your server time is in correct zone. For reference one can use https://www.pool.ntp.org/zone/in to sync the server clock .

StocksDeveloper · Oct 2, 2022, 3:46 PM

https://en.wikipedia.org/wiki/Time-based_one-time_password#Algorithm

Some authenticators allow values that should have been generated "BEFORE or AFTER" the current time in order to account for slight clock skews, network latency and user delays.

StocksDeveloper · Oct 5, 2022, 3:27 AM

Server is intermittently failing totp validation even when totp is correctly generated using a computer with standard internet time.

This is going to be hard to reproduce for the server side folks. But please validate with

Previous 30 seconds totp (past)
Current 30 seconds totp (present)
Next 30 secodns totp (future)

This will safeguard you against the minor time inconsistencies between smart api clients & smart api server. Because their time may not exactly match.