I have used https://github.com/chregu/GoogleAuthenticator.php to built a 2 factor authentication for a web application i am working on. Everything works generating secret and even the code worked. Now i set up the same code in a different server and generated new secret key and added it to google authenticator mobile app now the code generated in mobile doesnt match.
I digging up by comparing results on both server and noticed the time() function returns different time (1 hr difference) then i forced my 2nd server(where google code didnt work) to have same time as first one and it worked. So i am really confused is this some sort of time zone issue? Coz i really need these servers to have their own time zone.
Is there any work around?
Also I followed https://support.google.com/accounts/answer/185834?hl=en and synced my google authenticator app still doesnt work. the code generated in mobile app works on my 2nd server after an hour. Can anyone please help me or suggest me a different approach.
here is the code i am using to connect to the above library
class googleAuthLibrary extends GoogleAuthenticator
{
public function getSecretKey()
{
$secretKey = $this->generateSecret();
return $secretKey;
}
public function getQRLink($username, $hostname, $secretKey)
{
$url = 'https://chart.googleapis.com/chart?cht=qr&chs=300x300&chl=';
$qrCode = 'otpauth://totp/'.$username.'@'.$hostname.'?secret='.$secretKey;
$url = $url.$qrCode;
return $url;
}
public function getAuthCode($secretKey)
{
$authCode =$this->getCode($secretKey);
return $authCode;
}
}
Found out that my server time was not synced with internet time. After syncing time in web server the issue got resolved. So timezone doesnt affect the authenticator as long as both mobile phone and the server have synced to have correct time (NTP servers).
If anyone having same issue check server time and mobile phone time, make sure they are showing right time even a minute slow or fast can end up generating wrong codes.