Code review comment for lp:~roadmr/canonical-identity-provider/non-drifting-totp

18:00:30 <wgrant> nessita, roadmr: if we don't allow any drift, then a clock being even a second off will result in codes sometimes not being valid. Theres already a 30s replay window, so increasing that the 60-90s doesn't change the security significantly while also preventing a clock that's off by a few seconds (common) from being a serious problem. Pretty sure other TOTP consumers do this, but we should experiment