Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Don't transmit the secret key to google #1
In this piece of code, you generate a URL that generates a QR-Code. The user will load this URL and is effectively transmitting their secret key to Google.
I think this is not ideal.
I believe the QR-Code should either be generated onthe ESP or the client (there are JS implementatations which could be included), but not by a third party.