This Action can be used to verify Hardware tokens (like RSA Tokens) which come with a server-side OTP seed. This PoC stores the OTP seed in the users app_metadata (as otp_seed). As the server time can deviate from the local time on the TOTP authenticator, a window of tokens should be set to check.
Example: window: 1
will allow the previous, current and next token that would be generated by the library.