Comments (18)
You can solve this by using the following format in the first parameter of your QR code generator; 'MyApp:UserEmail', e.g.
$tfa->getQRCodeImageAsDataUri('Example App:[email protected]', $secret);
from twofactorauth.
When I scan the QR code from the demo MS Authenticator shows issuer just fine? Does the demo work for you?
from twofactorauth.
Thanks for your reply.
From the image below, the bottom bit uses your demo without changes. The one above when I change the text "Demo" to an email address on the QR code generator.
from twofactorauth.
Then I guess that's something MS Authenticator does.
Try replacing the @
with something like [at]
or -
or _@
where _
is a space for test purposes. If that worked you can try escaping the @
to something like %40
. But I'm 99.99% sure other authenticators will then show it incorrectly.
from twofactorauth.
Yes it seems the @ symbol is the one triggering this behaviour in MS authenticator.
Only strange thing is I have other accounts on my MS authenticator with both the account name and email address showing correctly.
from twofactorauth.
Then have a look at the QR codes you used for those accounts and spot the difference. Did you try my replace/escape suggestions?
from twofactorauth.
Yes I tried those and it works to display the account name although the email address will be displayed as it is (i.e. demo%40outlook.com, demo[at]outlook.com).
from twofactorauth.
I'm sorry, but it seems to me that this is an MS Authenticator issue?
from twofactorauth.
On the other hand, Google Authenticator works fine with this.
yeah I think its down to individual OTP clients, if there is one secret you have that works perfectly and you can send us the secret otpauth:// URL (redacted of course) we can probably figure it out but otherwise I don't think there is much that can be done
from twofactorauth.
On the other hand, Google Authenticator works fine with this.
yeah I think its down to individual OTP clients, if there is one secret you have that works perfectly and you can send us the secret otpauth:// URL (redacted of course) we can probably figure it out but otherwise I don't think there is much that can be done
Here's the URL, hope this is what you need?
otpauth://totp/user%40email.com?secret=NRF33J4DOV7UENM6&issuer=My%20App&period=30&algorithm=SHA1&digits=6
from twofactorauth.
only if that one displays correctly in MS Authenticator?
from twofactorauth.
This one does --
otpauth://totp/demo%5Bat%5Doutlook.com?secret=7TOJE6Q7VDULS74T&issuer=RobThree%20TwoFactorAuth&period=30&algorithm=SHA1&digits=6
But please note that I have to replace the @ sign with [at] in order for the account name (RobThree TwoFactorAuth) to show on the MS authenticator.
from twofactorauth.
I'm afraid there's not much we can do in this matter.
from twofactorauth.
Interesting, I was not aware this is part of the spec apparently
https://docs.yubico.com/yesdk/users-manual/application-oath/uri-string-format.html
https://github.com/google/google-authenticator/wiki/Key-Uri-Format
Presumably there is nothing stopping you from passing name:email
as the label when calling for the QR code, it would be a little dramatic to support an extra parameter without breaking backwards compatibility but I'll have a mess around at some point as I need to redo my implementation anyway.
from twofactorauth.
Hi Rob
Your 2FA is great. I also had problems to display the issuer. While analyzing your code of the TwoFactorAuth class I came across this link. I think the order of your values at Line 158 till 159 are not correct. If I rewrote them as follows and the issuer is shown in all 2FA apps tested (2FAS Auth, FreeOTP).
Your code is
TwoFactorAuth/lib/TwoFactorAuth.php
Lines 157 to 162 in 098dce6
Code should be acc my opinion
return 'otpauth://totp/' . rawurlencode((string)$this->issuer) . ':' . rawurlencode($label)
. '?secret=' . rawurlencode($secret)
. '&issuer=' . rawurlencode((string)$this->issuer)
. '&period=' . $this->period
. '&algorithm=' . rawurlencode(strtoupper($this->algorithm->value))
. '&digits=' . $this->digits;
from twofactorauth.
What you're proposing isn't (just) order, it changes the issuer
argument to something with a colon-separator. And that's not how it is shown in the page you linked:
otpauth://totp/ACME%20Co:[email protected]?secret=HXDMVJECJJWSRB3HWIZR4IFUGFTMXBOZ&issuer=ACME%20Co&algorithm=SHA1&digits=6&period=30
However, it is explained in the label section to provide the issuer argument as well as in the label. So then you could just add the issuer to the $label
argument in the getQRCodeImageAsDataUri() call. We COULD auto-prefix the label with the $issuer
(which comes from a constructor argument) but then we would need to add a little code to 'detect' wether the $label
argument already contains an issuer or not (and if it does - what to do: ignore the issuer from the $label
argument and use the given $issuer
OR risk a different &issuer=...
and issuer from $label
value in the TOTP uri...).
Also if order would matter then the whole 'key=value' would be pointlessless; if order actually matters for a client then the client is not... 'very smart'.
from twofactorauth.
Can we close this issue? This would bring the total number of open issues to 0 🎉 !
from twofactorauth.
You do the honors, you've worked hard enough for it 😉
from twofactorauth.
Related Issues (20)
- QR Code Expiring HOT 2
- Security Risk: using `QRServerProvider` as default provider HOT 15
- CodeIgniter 4 Integration HOT 2
- QR Code doesn't work with Dashlane HOT 12
- Incompatible with endroid/qr-code > 5.0.0 HOT 6
- Use SensitiveParameter class HOT 12
- Slimming down the lib further HOT 6
- getQRCodeImage(): Return value must be of type string, bool returned HOT 2
- minimal version HOT 2
- Fatal error: Uncaught Error: Class 'RobThree\Auth\Providers\Rng\CSRNGProvider' not found HOT 2
- Fatal error: Uncaught Error: Call to undefined function RobThree\Auth\Providers\Time\socket_create() HOT 4
- 2fa HOT 1
- Google / MS Authenticator HOT 10
- endroid/qr-code compatibility issue HOT 1
- Newly generated secrets failing to verify codes HOT 13
- How i can generate Backup 2fa after user has been activated 2fa HOT 5
- Deprecation warning in PHP8 HOT 6
- Version mismatch HOT 6
- How to migrate to new server HOT 11
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from twofactorauth.