Problem statement
We’re planning on migrating our users to Auth0; however, as we are planning to migrate OTP tokens, we noticed that the /api/v2/users/{id}/authentication-methods does not support 64-byte TOTP secrets (as this former software used). This limitation is due to the “otp_secret” field being limited to 100 characters (a 64-byte converted to base32 would have 103-104 chars). How can we circumvent this? Can Auth0 increase the otp_secret field length to support it?
Solution
Unfortunately, the hard limit for totp_secret is 100, and this limit cannot be raised or lifted. If you would like to see this functionality in a future release of Auth0, we would encourage you to submit a feature request using this form: Auth0: Secure access for everyone. But not just anyone..