Mismatched TOTP interval settings prevent mobile device authentication for MFA
Summary
Only one possible brand (iPhone or Android) can use phones as a second factor for Auth.
Steps to reproduce
Set the interval for TOTP to 180. Utilize your Android device to initiate the process. Navigate to the Portal and attempt to set up 2FA. Select the TOTP option and add the application to the Authenticator. Upon entering the code from the Authenticator and proceeding to finalize the registration, an error is encountered: Bad code. Additionally, previously added accounts failed to function and did not permit registration into the system. Change the interval to the default value - 30. In this case Authentificator in Android devices works perfectly, but people with iPhones can't log in or register their devices as 2FA.
Additional Notes
Essentially, the root cause of this issue stems from a singular parameter in the LemonLdap configuration, namely TOTP -> interval. By default, this interval is set to 30 seconds, which ideally suits Android devices. However, in this scenario, iOS devices encounter difficulties. Conversely, a value of 180 is optimal for iOS devices but renders Android devices non-functional.
Upon delving into the authentication protocol documentation, I discovered a pertinent detail regarding the QR code parameters. Notably, the period parameter defines the duration for which a TOTP code remains valid, measured in seconds. Regrettably, the current implementation disregards this parameter in Google Authenticator implementations.
Is it possible to use both operation systems (Android and iOS) simultaneously for TOTP purposes?