![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 73%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,217 questions
you can check the above link also but as a summary
The Microsoft Authenticator app uses the Time-based One-Time Password (TOTP) mechanism to generate OTPs. This mechanism is a common standard used in many authentication apps.
To validate a One-Time Password generated by the Microsoft Authenticator app, you need to implement a server-side system that follows the same TOTP mechanism. Here's a general process:
- The Microsoft Authenticator app can scan a QR code with an embedded URL following this pattern: otpauth://totp/UserName?secret=Some-long-secret&digits=6&issuer=CompanyName. This URL contains the user's name, the shared secret key, the number of digits in the OTP (usually 6), and the issuer's name.
Once the Microsoft Authenticator app scans the QR code, it starts generating OTPs based on the embedded details.
On the server side, you can use a library that implements the TOTP mechanism. This library can generate the shared secret and also validate the OTPs generated by the Microsoft Authenticator app.
A specific library recommended for this purpose, if you're using Java, is java-totp which is available on GitHub.
If you're using a different programming language, you should look for a TOTP library for that language. The main idea is to ensure that your server side and the Microsoft Authenticator app are using the same mechanism (TOTP) and shared secret to generate and validate the OTPs.