silenteh
commented
7 years ago @Shadowfaxenator The account is stored in the bytes. See here: https://github.com/sec51/twofactor/blob/master/totp.go#L332
The issuer is needed to initialise the encryption/decryption library for decrypting the bytes you stored in the database.
You should in any case store the username/email manually in a separated field in the database, index it and query the specific user's record in the table by using the username/email. I hope it helps.
Shadowfaxenator
TOTPFromBytes(encryptedMessage []byte, issuer string)Why there is no Account (username | email)?
If I store bytes in a database and then I want to retrieve them do I need to store username manually? Why issuer is only used here?