GoogleAuth only supports SHA1 tokens for TOTP/HOTP. However, Authy can do SHA256.
When we use SHA256 for TOTP, the resulting token fails in Authy. Curiously, the token info appears to ambiguously mention both (conflicting?) hashlibs. (It doesn’t matter if user-selectable or enforced by totp_hashlib policy.)
What are we missing to make SHA256 tokens that work in Authy?