Considering the head start I had this took longer than it should have done, but it is working now. Here are some test codes being generated and being compared to the Google Authenticator app on my phone. Apologise for the bad framing. I did not want to show and real codes although they expire after 30 seconds.
Also full credit to...
- https://github.com/maniacbug/Cryptosuite (and the original work at https://github.com/Cathedrow/Cryptosuite) for the SHA1 library
Also thank you to https://github.com/damico/ARDUINO-OATH-TOKEN for the useful documentation in their project.