Difference in validation of QR codes between iOS & Android versions

google / google-authenticator

Open source version of Google Authenticator (except the Android app)

Apache License 2.0

5.18k stars 965 forks source link

Difference in validation of QR codes between iOS & Android versions #267

Open ThomasHabets opened 9 years ago

ThomasHabets commented 9 years ago

Original issue 268 created by arthurdevaan on 2013-05-07T11:28:47.000Z:

What steps will reproduce the problem?

try to add account by scanning the following QR code: https://www.google.com/chart?chs=200x200&chld=M%7C0&cht=qr&chl=otpauth://totp/myAccount%3Fsecret%3DMJUW63LFORZGSYY%253D (otp auth url: otpauth://totp/myAccount?secret=MJUW63LFORZGSYY%3D)
on Android version this works fine, iOS version however gives error that QR code is not valid; my guess is this has to do with url-encoded = sign at end of base32 encoded secret

iOS version 1.1.4.757 Android version 2.44

ThomasHabets commented 9 years ago

So why would you have an equal sign at the end?

ThomasHabets commented 9 years ago

Comment #1 originally posted by nathaniel@themccallums.org on 2013-06-07T19:20:57.000Z:

I am seeing the same with with iOS vs Android. If you generate a key with length divisible by 5 octets, the problem does not appear since no padding is required after the result of the base32 encoding. However, any other length and iOS is unable to read the URI while Android can read it just fine. This occurs both when the trailing '=' is left unencoded or is encoded as %3D.

lucaq commented 6 years ago

Because there's an equal sign in the back of the string, and I can just delete the equal sign, and that's my method.

ThomasHabets commented 6 years ago

Yes, there apparently is one, but why?