Open mjesusext opened 1 year ago
justin-stephenson
commented
1 year ago Hi,
Could you post the OTP URI which Azure provides as a QR code image, such as:
otpauth://hotp/?secret=62tsfhk2k2gjybsk2idba3i4one2yzcj5dhwftsxk6xdwve4lram2gyq&algorithm=SHA256&digits=6&period=30&lock=false&counter=0Please use a test account which does not contain actual sensitive OTP data in the secret value.
LinusTuring
commented
1 year ago I have a similar error. With FreeOTP for Android version 2.0 (40) I get the error: "Token is invalid! The token you are attempting to add is invalid. Please alert your token provider."
I am trying to add the following account:
otpauth://totp/test.Cloud%20Service:anna@test.com?secret=LMJ4BC2EF53ZO5VVYBSKE3VDLX6RR4DXRDQ3WOKVYRVYQSYGU6PZRZPXSJWOOSQ4LKCEIY6BEQRDTB7O3XEGKSHMIBDLLN6OOQBXDCI%3D&issuer=test.Cloud%20Service&digits=6&period=30&algorithm=SHA512
I get the error when scanning the QR code, when opening the URL and also when I enter the parameters manually.
In FreeOTP version 2.3.2 for iOS I can add the account without any problems.
justin-stephenson
commented
1 year ago I have a similar error. With FreeOTP for Android version 2.0 (40) I get the error: "Token is invalid! The token you are attempting to add is invalid. Please alert your token provider."
I am trying to add the following account:
otpauth://totp/test.Cloud%20Service:anna@test.com?secret=LMJ4BC2EF53ZO5VVYBSKE3VDLX6RR4DXRDQ3WOKVYRVYQSYGU6PZRZPXSJWOOSQ4LKCEIY6BEQRDTB7O3XEGKSHMIBDLLN6OOQBXDCI%3D&issuer=test.Cloud%20Service&digits=6&period=30&algorithm=SHA512I get the error when scanning the QR code, when opening the URL and also when I enter the parameters manually.
In FreeOTP version 2.3.2 for iOS I can add the account without any problems.
Can you try removing the %3D from the end of the secret value, as mentioned in https://github.com/freeotp/freeotp-android/issues/301
The OTP URI can be edited with https://stefansundin.github.io/2fa-qr/
LinusTuring
commented
1 year ago Thank you @justin-stephenson. Yes, it works without %3D.
The shared secret is a cryptographic random value as an array of bytes. This is encoded in Base64. Since Base64 can contain characters that already have a different meaning in an URL, the Base64 value is URL encoded.
justin-stephenson
commented
1 year ago Thank you @justin-stephenson. Yes, it works without
%3D.The shared secret is a cryptographic random value as an array of bytes. This is encoded in Base64. Since Base64 can contain characters that already have a different meaning in an URL, the Base64 value is URL encoded.
FreeOTP Android codebase contains its own base32 implementation. I created https://github.com/freeotp/freeotp-android/pull/305 to remove this code and use the apache commons codec base32 library, which also handles padding properly. I don't think we need to add any test for this as we should have no need to exercise the base32 library functionality itself.
Dear deveolpers,
It's been months since I use this app succesfully for creating OTP token for Azure Accounts using OAuth Tokens feature. Despite the application argues that the algorithm allowed by Azure it is not as safe as it could be (SHA 1), it prompted a warning but still workded and offered good results.
Nowadays it has become impossible to add new tokens. The application prompts the following error: "Token is invalid! The token you are attempting to add is invalid. Please alert your token provider"
I've tried using other apps with the same TOPT parameters I was using for this setup. They worked as a charm.
May you confirm if there's any incompatibility for this kind of accounts or just a bug to be fixed?
Thank you in advance :)