And why exactly OTP TOTP, HOTP are not suitable?
If you don't like the time and the counter - put a hash from your document on the input of the algorithm. But only it will no longer be OTP, because. one document will always have the same password.

There is an OATH OCRA algorithm (RFC 6287). The principle is this: the
user sees the server request in the browser, enters it in the OTP generator, and the one-time password is displayed on the generator. The user enters this password in the browser. The truth is not at all what you described. Here the password itself is generated on the client side. But what you want may not be safe. One-time codes that the user receives via SMS / push channels for their further direct use as passwords must be randomly generated and must not depend on the input data. Otherwise, all your security will be based on ignorance / complexity of your algorithm. Life has proven many times that "security through obscurity" is a bad defense.
Since you are considering a push channel for interacting with a client, you will look at authentication and electronic signature methods using a smartphone as a token. Only not an OTP token, but a cryptographic token with asymmetric keys. Everything is much simpler than it might seem at first glance. If it is necessary to sign a document (similarly for authentication), the user receives a push message on the smartphone, by tapping on it, the details of the transaction are opened, which the user accepts and signs in the usual way (PIN, fingerprint, FaceID).
I can answer questions about such software or, if you want, demonstrate the implementation of such authentication / signature.