Open samdjstevens opened 4 years ago
I just wanted to give you a heads up that after testing, Google Authenticator on Android doesn't support SHA256 or SHA512. I also believe that Duo Security on iOS doesn't support SHA256 or SHA512, but I am not 100% sure on that.
It seems Authy and 2FAS Authenticator also don't support SHA256 and SHA512
Copied across from - https://github.com/samdjstevens/java-totp/issues/27#issuecomment-591537004
Apps that work with SHA-256 and SHA-512 Android
iOS
And apps that appear to not support SHA-256
I'd like to add that Aegis on Android, also works with SHA256 and SHA512.
Hey, I tried to use this library but no success.
I ended up using Keycloak implementations, adapting it a little bit.
Just in case this helps somebody, the URL that made it work with Google Authenticator and Microsoft Authenticator is something like this (used for creating the QR code):
otpauth://<type>/<issuer>:<username>?secret=<secret>&digits=6&algorithm=SHA1&issuer=<issuer>&period=30
Where type is "totp" or "hotp". (in my case "totp" because it's based on time)
Issuer and username will be displayed at the app and secret is just you secret in plain text.
Add some warnings in the README about using SHA256 and SHA512, with a list of known apps that do and don't support them.