I'm working on a 2FA App.
Is there a way for me the secret key a user provides that I use to generate their tokens is valid beforehand?
Edit:
For clarification: I am not providing the login server, but the token generation for the user (think authy or google authenticator)
The only way to validate that the secret is correct is to generate a token and submit it to the service that generated and stored the secret for the user. If the service agrees that the token is correct, then you have the correct secret.