MVC 2FA sometimes generates the same OTP (I have set to 6 numericals) and when you generate multiple OTPs, one can use the previous OTP. Is there a way to generate unique OTPs and disable the previous generated OTP?
string code = await UserManager.GenerateTwoFactorTokenAsync(user.Id, provider);
This is the time set before the OTP expires
app.UseTwoFactorSignInCookie(DefaultAuthenticationTypes.TwoFactorCookie, TimeSpan.FromMinutes(2));
OTP are time based and not recorded anywhere. If you generate 2 OTPs within a short period of time, you'll get identical strings. And this is how algorithm is working and there is no easy way around it.