Can the built-in $System.Encryption.TOTP() function be used in conjunction with Authenticator Apps (e.g. Google, Microsoft, and so on)?
Providing the same secret/key to a variety of authentication apps, they all return the same synchronized value. However, passing the same secret/key to $System.Encryption.TOTP() is generating a different value (with all instances executing at the same time for comparison).
All of the reference material I have found so far mentions RFC4226 or RFC6238 or both, including the Intersystems documentation. However, it appears that these other applications are adjusting the Unix Epoch to the local time offset, while the $System.Encryption.TOTP() function is using $ZTIMESTAMP (UTC without an offset) in Horolog format. Unfortunately, forcing the use of $HOROLOG instead of $ZTIMESTAMP, though changing the output, did not synchronize the output with these other implementations of the TOTP algorithm.
Any insights or suggestions from previous experiences utilizing TOTP with InterSystems applications would be appreciated.