search

google / google-authenticator

Open source version of Google Authenticator (except the Android app)
Apache License 2.0
5.19k stars 966 forks source link

When adding a token with otpauth url scheme, the app stays on the begin setup screen #686

Open ghost opened 4 years ago

ghost commented 4 years ago

When using the otpauth:// url scheme to automatically open and add a token into Google Authenticator, the token is correctly added in the background but the app stays on the "Begin setup" screen (when there is 0 token in the app). The app needs to be closed and re-opened to see the token. This is not user friendly as a user may think that the token was not added correctly. When there is already one or more tokens in the app, this issue is not present.

ThomasHabets commented 4 years ago

Could you give many more pieces of information such as your phone brand and version, app version, and exact steps to reproduce?

ghost commented 4 years ago

Sorry about that. It has been tested on iOS version 11.4.1 but on more recent versions as well, so it does not seem related to the iOS version. It has NOT been tested on Android since adding a token from an otpauth url does not work on Android anyway. I can't seem to find the Google Authenticator app version but it is up to date since it does not appear there is an update available in my app store. To reproduce it, you need to have 0 token in your app (so the "Begin setup" screen is the one that appears when opening the app). Then you can open a text editor and write a url similar to this one to generate a fake token : otpauth://totp/cedric?secret=123456789&issuer=Test&digits=6&period=30 When you click on it, it will open Google Auth app automatically (since the otpauth url scheme is associated to that app on iOS) and prompt you to add a token. When you click Yes, the token will be added in the background but not visible, the app will stay on the same Begin setup screen as if you had no token. Only when closing and re-opening it, you will see your token.

ThomasHabets commented 4 years ago

adding a token from an otpauth url does not work on Android anyway.

What do you mean?

Then you can open a text editor and write a url similar to this one to generate a fake token

Do you mean in an HTML file, which you then browse to with the phone?

ghost commented 4 years ago

On Android, the otpauth:// url scheme is not associated with the Google Auth app, so it tries to open a browser, it fails and it's normal. It is not an issue, it is juste how it is on Android. No need to try to reproduce it on Android.

For the link, you can put it anywhere as long as it is "clickable" (i.e highlighted in blue), then click on it from your phone (iOS).

ThomasHabets commented 4 years ago

Gotcha.

I've filed a bug internally: b/142391671