From 7301d721be01ece40a016e0efcf266792440df4b Mon Sep 17 00:00:00 2001
From: Jan Misker <jan@misker.nl>
Date: Fri, 18 Feb 2022 17:24:43 +0100
Subject: [PATCH] Include the otpauth url when retrieving the QR svg (#356)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Include the otpauth url when retrieving the QR svg

This small change adds the otpauth:// url to the json output when retrieving the QR code svg image.

On some devices, notably iOS 15 and macOS Monterey, it is possible to add the 2 step verification code directly in the system keychain. This allows for autofilling the verification code, so no need for switch to another app. Note that the input for the verification code has to be marked with `autocomplete="one-time-token"`.

However, this nice feature is difficult if not impossible to use when only showing the QR code image, because the camera can not see it's own screen if you know what I mean 👀.
Adding the url makes it possible to show a button 'Add on this device', that simply is a link to the otpauth url. Clicking it will open the system dialog to confirm and add it to a specific account. I tested on both iOS and macOS and it works.

See also the [Apple documentation](https://developer.apple.com/documentation/authenticationservices/securing_logins_with_icloud_keychain_verification_codes), the mention an apple specific prefix, but it works also without the prefix.

* Update TwoFactorQrCodeController.php

Co-authored-by: Taylor Otwell <taylor@laravel.com>
---
 src/Http/Controllers/TwoFactorQrCodeController.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/Http/Controllers/TwoFactorQrCodeController.php b/src/Http/Controllers/TwoFactorQrCodeController.php
index 07511d27..2bc75db7 100644
--- a/src/Http/Controllers/TwoFactorQrCodeController.php
+++ b/src/Http/Controllers/TwoFactorQrCodeController.php
@@ -19,6 +19,9 @@ public function show(Request $request)
             return [];
         }
 
-        return response()->json(['svg' => $request->user()->twoFactorQrCodeSvg()]);
+        return response()->json([
+            'svg' => $request->user()->twoFactorQrCodeSvg(), 
+            'url' => $request->user()->twoFactorQrCodeUrl(),
+        ]);
     }
 }