I'm using the following library to implement two-factor authentication:
https://github.com/speakeasyjs/speakeasy
The library produces the following QR Code:
When I scan the code in Google Authenticator and Duo, both apps produce different tokens.
The speakeasy library only recognises the Google Authenticator token as valid.
Why does the same QR Code produce different tokens in the two different apps?
I've not looked into Speakeasy and how it works, but looking at the QR code and the URL it has encoded says a couple of things. The algorithm in the URL says it's SHA256, however I believe Google Authenticator only supports SHA1 as the algorithm. So, it's possible that the URL is saying one thing and the apps are doing another.
The weird thing is that Authenticator is working and Duo isn't, whereas I'd assume the opposite for this situation.
Also, Google Authenticator expects the secret to be encoded in base32. I haven't used Duo, but perhaps that is causing difficulty too.
Sorry this isn't a great answer, but it might give you some direction for testing what is happening.