No, without a (local) "data cache" the "tech support" provided code cannot depend on "at least a user id (integer) and expiration date".
In more detail: The question asks for a (one-time) authentication, where
- the input can be easily provided by a human, through an authenticated channel (which is also not subject to eavesdropping).
- the application has no persistent/ user-specific storage.
The main issue that I see is that "the data cache is corrupted": In order to verify an input, an algorithm would have to compare the result against another input.
For example, consider an oversimplified hash-based log-in procedure:
The user provides a password. An algorithm takes as input the password, along with a string provided by a data cache; computes the hash of the password and compares it to the string.
If there is no data cache, then the algorithm can only use hard coded values, i.e. values that were shipped with the application and do not depend on user input.
Comments:
"so the current date could function as a one time pad."
Note that for a one-time pad to be perfectly secure the key has to be random. This does not add any security.
Out of scope since this is not considered secure, or with in the scope of the OPs question:
If you would want a hard coded value for a specific day, the simplest way for this would be to hard code images of a one-way function (instantiated by a cryptographic hash function) into the application.
Then the tech support could provide a human readable passphrase (Cf. Stackexchange: Long Dictionary Passphrase, Stackexchange: Why use random chars in pw? ), where the tech support has a "valid passphrase" for each day.
The passphrase can be provided as an input by the user; the image of which would be compared to the hard coded values assocaited to that day. However, this is not secure for several reasons:
(1) The hard coded values
- would be the same for all users, e.g. cannot contain the user-id
- once a passphrase is leaked, anyone with can access the app
(2) The date does not really add security, except that the adversary would have to know that different days have different passphrases.
So I would strongly recommend against this.