OTP verification failed

I enabled token TOTP to user ldap with script python, but test OTP only and resync token not work. When i created the token through to site. The OTP code work. Why?


from flask import Flask
from privacyidea.lib.token import init_token, get_tokens
from privacyidea.lib.user import User
import argparse
from flask_sqlalchemy import SQLAlchemy
from privacyidea.lib.utils import BASE58
from privacyidea.lib.crypto import generate_password
from privacyidea.app import create_app
import requests
import re
import sys
import urllib3
# Se o certificado está invalido do site, desabilita a mensagem de warning.

__doc__ = """
     Script alterado para habilitar token para o usuario. 

# You may change this
LOCAL_TOKEN = "totp"
API_USER = "admin"
API_PASSWORD = "12345678"
# List of regex of users to exclude
EXCLUCDE_USERS = [".*@.*"]

def create_token(username, realm, descricao):
    app = create_app(config_name="production",
    with app.app_context():
        # Set global values
        params = {"type": LOCAL_TOKEN}
        if username:
            user = User(username, realm)
            user = User()
        if LOCAL_TOKEN == "totp":
            # For other tokens, we need genkey=1
            params["genkey"] = 1
            print("Tipo de token está errado. Só funciona para totp ")
            params["user"] = username
            params["realm"] = realm
            params["description"] = descricao
            params["hashlib"] = LOCAL_TOKENLIBSHA
            r = requests.post('https://localhost/auth', verify=False,
                              data={"username": API_USER, "password": API_PASSWORD})
            authorization = r.json().get("result").get("value").get("token")
            r = requests.post('https://localhost/token/init', verify=False,
                              headers={"Authorization": authorization})
            serial = r.json().get("detail").get("serial")
            tok = init_token(params, user)
            serial = tok.token.serial
        return serial
parser = argparse.ArgumentParser()
parser.add_argument('--user', dest='username')
parser.add_argument('--realm', dest='realm')
parser.add_argument('--descricao', dest='descricao')
args = parser.parse_args()

for exclude_re in EXCLUCDE_USERS:
    if re.match(exclude_re, args.username):
        print("We do not enroll token for user {0!s}.".format(args.username))

serial = create_token(args.username, args.realm, args.descricao)
print('Token criado e habilitado para usuario:', args.username, serial

I am sorry. It is not clear what you want.

Screenshot from 2022-03-04 22-20-52
When I create token with script.

Yes, the OTP value is wrong.

When o create token with script, but when i created the token through to site. The OTP code work. Why?

The script seems fine.
So it could be the configuration of your server or pin or so many other things.

I’m not that good at English. Token Wizard create correct CID_IMAGE “QR” in email, but “API REST” is not creating correct QR. There is difference in creating google code. The script not send CID_IMAGE correct.

How enable user token LDAP with CID TOKEN_IMAGE correct through script?