I can confirm my 2FA codes don't work either. Wtf?
Apparently this started happening ~week ago and affects other servers too, including ones that don't run 2.2.0 yet, so it shouldn't be a regression. Maybe a sleeper bug? 
Could this be problematic? I am not sure what ROTP expects there... https://github.com/tinfoil/devise-two-factor/blob/master/lib/devise_two_factor/models/two_factor_authenticatable.rb#L45
At the very least I can reproduce this on my development environment, so whatever the problem is, it's universal. (Send help)
Extra confusion: using the `validate_and_consume_otp!` method works fine. Wut
Never mind, I can't reproduce this problem in development at all now?
Okay, if I disable 2FA, then enable 2FA, it stops working. Under unknown to me yet conditions it can start working again, and can be reset into not working by disabling and re-enabling 2FA. Hm
No, that was a wrong lead. It just seems to be drift. Default drift is 30 seconds. Increasing it to 60 seconds allowed me to login every time, in my development environment.
@Gargron Is the clock f
on the phone that generates OTP synchronized?
@zundan Mine is an Android phone with the setting to get time from the internet enabled.
@Gargron ok, I have seen some people (including me) having a trouble in authenticating with TOTP but not on this case... 