Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid QR Codes generated #40

Closed
FredFromUmt opened this issue Mar 21, 2023 · 0 comments
Closed

Invalid QR Codes generated #40

FredFromUmt opened this issue Mar 21, 2023 · 0 comments

Comments

@FredFromUmt
Copy link

If you use
var uriString = new OtpUri(OtpType.Totp,secretBytes,userName,issuer);
the secretBytes will undergo the transformation
Base32Encoding.ToString(secret)
in the constructor.
It is entirely possible, that the resulting string ends with an equal sign '='.
In that case, should you put the resulting string in a QR Code generator and try to scan it:

  • Google Authenticator will inform you that it is not a valid uri.
  • Microsoft Authenticator will freeze the camera roll and refuse to work until restarted.
  • Tested on iOS 16.3.1

The string needs to be sanitized, if you remove the trailing '=' character(s), both apps will recognize the Code as valid.

Suggested change in the public override string ToString():
Dictionary<string, string> dictionary = new Dictionary<string, string>() { { "secret", this.Secret } };
to
Dictionary<string, string> dictionary = new Dictionary<string, string>() { { "secret", this.Secret.TrimEnd('=') } };
might be enough to fix it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@FredFromUmt