I use django-otp to generate hotp, I not yet found the docs to properly generate hotp token
so I read from the verify_token method in HOTPDevice model class, found out how to verify the token
if hotp(key, counter, self.digits) == token:
verified = True
self.counter = counter + 1
self.save()
from the above I know that I can create the token using hotp function.
So then I use hotp function to generate the token, but I notice it repeatedly returns the same token when it's not confirmed. So should I increment the counter too when generating it?
So I found quote from RFC 4226 - HOTP,
The HOTP client (hardware or software token) increments its counter and then calculates the next HOTP value HOTP client
So I should increment the counter first, save it to the object, and then returns the generated token