search

freeotp / freeotp.github.io

177 stars 84 forks source link

Add issuer field to the generated URL #51

Closed rophy closed 1 year ago

rophy commented 3 years ago

Google Authenticator's spec has an 'issuer' field. Add support for it.

https://github.com/google/google-authenticator/wiki/Key-Uri-Format

otpauth://totp/Example:alice@google.com?secret=JBSWY3DPEHPK3PXP&issuer=Example
npmccallum commented 3 years ago

@rophy What is the motivation for this patch? This is what the spec says:

The spec defines both an issuer label prefix and an issuer parameter. Both values should be the same. The label prefix is displayed to the user and the parameter is used for internal disambiguation. If the parameter is absent, the application should fall back to the label prefix.

It seems to me that the issuer parameter is useless. If the parameter is always the same as the label prefix and the parameter falls back to the label prefix, I see no reason to specify the parameter.

Am I missing something?

rophy commented 3 years ago

@npmccallum In the case of official "Google Authenticator" app I'm using (3.1.1, iOS), it seems to ignore the label prefix, and only display Issuer when it is specified as a parameter.

conorgil commented 2 years ago

Currently, the spec strongly recommends adding the issuer param:

Issuer

STRONGLY RECOMMENDED: The issuer parameter is a string value indicating the provider 
or service this account is associated with, URL-encoded according
to [RFC 3986](http://tools.ietf.org/html/rfc3986). If the issuer parameter is absent, issuer
information may be taken from the issuer prefix of the label. If both issuer parameter and
issuer label prefix are present, they should be equal.

Valid values corresponding to the label prefix examples above would be:
issuer=Example, issuer=Provider1, and issuer=Big%20Corporation.

Older Google Authenticator implementations ignore the issuer parameter and rely upon
the issuer label prefix to disambiguate accounts. Newer implementations will use the
issuer parameter for internal disambiguation, it will not be displayed to the user.
We recommend using both issuer label prefix and issuer parameter together to safely
support both old and new Google Authenticator versions.
Screen Shot 2022-02-23 at 4 38 39 PM