spaces (%20) in issuer name causing problems?
nathanallen opened this issue · comments
I'm seeing "token format not supported" if there are spaces in the issuer
name (Authy on Android)
E.g.
# bad: Foo%20Bar
otpauth://totp/abcdefg:VSMT17814329?digits=6&secret=XXXX&period=30&algorithm=SHA1&issuer=Foo%20Bar
# good: FooBar
otpauth://totp/abcdefg:VSMT17814329?digits=6&secret=XXXX&period=30&algorithm=SHA1&issuer=FooBar
They work fine in FreeOTP. So this must be Authy's fault, for not parsing URIs according to RFC3986.
The closest thing there is to an official spec for otpauth://
URIs is https://github.com/google/google-authenticator/wiki/Key-Uri-Format . Per recent clarifications in the issuer section, the issuer in the path (ISSUER:VSMT1234982374
) should match the issuer in the query parameters (&issuer=ISSUER
). I made python-vipaccess follow this convention in 5bb3ffe.
Does putting spaces in the path (and omitting issuer
as a query parameter) work with Authy? For example, does this work?
otpauth://totp/Foo%20Bar:VSMT17814329?digits=6&secret=XXXX&period=30&algorithm=SHA1
Yes, it appears to work fine with percent-encoded spaces in the path (and issuer omitted). The authy app displays it as: "Foo Bar: VSMT17814329".
Per @beaufort2015 in #68:
Lastly, it appears you no longer add the issuer= string to the credentials... why not? I added "&issuer=Charles%20Schwab" to the string to get a recognizable icon on the Authy app and it worked.
When this issue was initially opened, it appeared that Authy cannot handle spaces in the issuer
query parameter of an otpauth://
URI , but can handle them in the equivalent portion of the URI path
, which is why I pushed acf264e as a fix.
Perhaps recent versions of Authy have fixed the spaces-in-issuer
problem?