justin-stephenson
commented
9 months ago Thank you for reporting this, I am okay to strip out non-URL encoded whitespace characters. PRs are welcome.
Open dlenski opened 9 months ago
justin-stephenson
commented
9 months ago Thank you for reporting this, I am okay to strip out non-URL encoded whitespace characters. PRs are welcome.
justin-stephenson
commented
9 months ago Ask: modify the parser to strip leading/trailing whitespace (e.g.
[ \t\r\n]) fromotpauth://URIs.(Many other Android barcode scanning apps already do this automatically.)
Do you propose this to be performed by the QR code library we are using? https://github.com/zxing/zxing
I'm the maintainer of python-vipaccess, which can provision Symantec/Broadcom VIPAccess soft-tokens and convert them to
otpauth://URIs, e.g.:Until recently, I was often using FreeOTP 1.x to sanity-check the generated
otpauth://URIs. When I recently, finally upgraded to FreeOTP 2.x, I was surprised to discover that QR codes generated as follows seemed not to work in FreeOTP…I'd get the dreaded "Token is invalid!" method when scanning this.
I'd played around with a bunch of changes to the URI parameters, dug around in some of the recent issues (e.g. #295), and eventually discovered that it was failing because of trailing whitespace (
echo, notecho -n). With a little more testing, I discovered that FreeOTP 2.x refuses to parse any QR codes containing trailing or leading whitespace of any kind.Ask: modify the parser to strip leading/trailing whitespace (e.g.
[ \t\r\n]) fromotpauth://URIs.(Many other Android barcode scanning apps already do this automatically.)