The totpTokenProvider uses the Time-based One-time Password (TOTP) algorithm specified in RFC 6238 to verify tokens using a pre-shared secret.
The tokens consist of 6 digits.
The user's attribute secret is used as the pre-shared secret. If this attribute is missing, the login attempt fails.
Note that the server's system time is taken into account when verifying tokens.
It is possible, for example, to use the Google Authenticator App to store the pre-shared secret and generate such tokens.
<totpTokenProvider />