I'm seeing "token format not supported" if there are spaces in the issuer name (Authy on Android)

E.g.

# bad: Foo%20Bar
otpauth://totp/abcdefg:VSMT17814329?digits=6&secret=XXXX&period=30&algorithm=SHA1&issuer=Foo%20Bar

# good: FooBar
otpauth://totp/abcdefg:VSMT17814329?digits=6&secret=XXXX&period=30&algorithm=SHA1&issuer=FooBar

They work fine in FreeOTP. So this must be Authy's fault, for not parsing URIs according to RFC3986.

The closest thing there is to an official spec for otpauth:// URIs is https://github.com/google/google-authenticator/wiki/Key-Uri-Format . Per recent clarifications in the issuer section, the issuer in the path (ISSUER:VSMT1234982374) should match the issuer in the query parameters (&issuer=ISSUER). I made python-vipaccess follow this convention in 5bb3ffe.

Does putting spaces in the path (and omitting issuer as a query parameter) work with Authy? For example, does this work?

otpauth://totp/Foo%20Bar:VSMT17814329?digits=6&secret=XXXX&period=30&algorithm=SHA1

Yes, it appears to work fine with percent-encoded spaces in the path (and issuer omitted). The authy app displays it as: "Foo Bar: VSMT17814329".

Per @beaufort2015 in #68:

Lastly, it appears you no longer add the issuer= string to the credentials... why not? I added "&issuer=Charles%20Schwab" to the string to get a recognizable icon on the Authy app and it worked.

When this issue was initially opened, it appeared that Authy cannot handle spaces in the issuer query parameter of an otpauth:// URI , but can handle them in the equivalent portion of the URI path, which is why I pushed acf264e as a fix.

Perhaps recent versions of Authy have fixed the spaces-in-issuer problem?