problem with issuer specified in both label and parameters

[duckworth]

I am hitting this issue with codes exported from Ente Auth that were originally imported from Authy:

pyotp/__init__.py", line 72, in parse_uri
    raise ValueError("If issuer is specified in both label and parameters, it should be equal.")

Examples all look like this: otpauth://totp/Cloudflare: user@example.com?secret=xxxxdigits=6&period=30&issuer=Cloudflare

Looking at a similar issue https://github.com/hectorm/otpauth/issues/25 it seems it may be common with some older apps otp data and since since the URI format spec says "should" and not "must" most other tools prefers label prefix.

[kislyuk]

Thanks for your interest in PyOTP. To clarify, the example that you provided is parsed by pyotp.parse_uri() without error. Only if you change one of the "Cloudflare" values without changing the other does the error occur.

Allowing the issuer parameter to diverge from the issuer label component is dangerous because it can lead implementers to undefined behavior and credential identifier collisions which may have security implications.

Because the implementation itself is fairly trivial, you are welcome to copy it and bypass the check.

PyOTP will continue to follow the guidance in the otpauth convention (which is not a formal specification).