Support ValidateTwoFactorPIN with iterationOffset as parameter

[RomanSoloweow]

I need to allow code with iterationOffset == 1. But with the current implementation, it's non-obvious how to do this.

If set timeTolerance to 30 seconds, I get iterationOffset 0.
If set timeTolerance to 60 seconds, I get iterationOffset 2.
To obtain iterationOffset == 1, I need to set the time between 30 and 60 seconds. It's strange.

if (timeTolerance.TotalSeconds > 30)
    iterationOffset = Convert.ToInt32(timeTolerance.TotalSeconds / 30.00)

I don't want to break compatibility, so let's just allow the user to specify iterationOffset.

[RomanSoloweow]

@flytzen @ahwm What are you think about it?

[flytzen]

Thank you, will take a look 👍

[RomanSoloweow]

@flytzen I will be very grateful if we can release a new version with this fix as soon as possible

[ahwm]

This looks good to me. I am curious why ConvertSecretToBytes is now public. There are various overloads that accept a byte[] parameter for the secret. Having it public isn't a problem from what I can tell but I am curious about the motivation for the change.

[RomanSoloweow]

This looks good to me. I am curious why ConvertSecretToBytes is now public.

To support secretkey in two formats, you have many overloads. It would be much more convenient to give the user a method to translate from one format to another.

These were my thoughts in general, and I think they don't apply to the current request, so I'll revert to the previous one.