byte[] secret = SecretGenerator.generate();
TOTPGenerator totp = TOTPGenerator.withDefaultValues(secret);
URI uri = totp.getURI("Acme Co", "myuser");
System.out.println(uri);
This will throw a java.net.URISyntaxException: Illegal character in path at index 19: otpauth://totp/Acme Co:myuser?period=30&digits=6&secret=<secret>&issuer=Acme+Co&algorithm=SHA1
If I escaped the issuer myself:
byte[] secret = SecretGenerator.generate();
TOTPGenerator totp = TOTPGenerator.withDefaultValues(secret);
URI uri = totp.getURI("Acme%20Co", "myuser");
System.out.println(uri);
It outputs otpauth://totp/Acme%20Co:myuser?period=30&digits=6&secret=<secret>&issuer=Acme%2520Co&algorithm=SHA1
Notice the double escaping of issuer=Acme%2520Co in the query parameters.
The path section (both issuer and account) should be escaped when generating the URI.
Take the following code:
This will throw a
java.net.URISyntaxException: Illegal character in path at index 19: otpauth://totp/Acme Co:myuser?period=30&digits=6&secret=<secret>&issuer=Acme+Co&algorithm=SHA1
If I escaped the issuer myself:
It outputs
otpauth://totp/Acme%20Co:myuser?period=30&digits=6&secret=<secret>&issuer=Acme%2520Co&algorithm=SHA1
Notice the double escaping of issuer=Acme%2520Co in the query parameters.The path section (both issuer and account) should be escaped when generating the URI.