'How do I ensure the users secret key for TOTP is valid?

I'm working on a 2FA App.
Is there a way for me the secret key a user provides that I use to generate their tokens is valid beforehand?

Edit:
For clarification: I am not providing the login server, but the token generation for the user (think authy or google authenticator)

two-factor-authentication totp

Solution 1:^[1]

The only way to validate that the secret is correct is to generate a token and submit it to the service that generated and stored the secret for the user. If the service agrees that the token is correct, then you have the correct secret.

Solution 2:^[2]

You need to store the generated key somewhere, in memory or in a database. Then when the secret key is sent back, check it with the stored value.

Solution 3:^[3]

If someone is still searching for this today I searched around little and got to an answer

The following format is a valid totp qrcode :

otpauth://totp/{CompanyName}:{Email}?secret={Secret}&issuer={CompanyName}

Email: dosen't need to really be an email, just a client name "name" or "[email protected]"
CompanyName: companyname can be in format like "example.com" or "example"
Secret: needs to be a base32 formated string

You can read more about it at : https://datatracker.ietf.org/doc/html/rfc6238#section-4

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution	Source
Solution 1	philnash
Solution 2	Floxx
Solution 3	Makusium

'How do I ensure the users secret key for TOTP is valid?

Solution 1:[1]

Solution 2:[2]

Solution 3:[3]

Sources

Related Questions

Solution 1:^[1]

Solution 2:^[2]

Solution 3:^[3]