OOS_UTIL_TOTP.FORMAT_KEY_URI creates invalid URI if label or issuer contains non-7-bit-ASCII characters

[kibeha]

TOTP URI is expected to be URL encoded UTF-8 characters.

UTL_URL.ESCAPE by default converts the characters to ISO-8859-1 before URL encoding (see documentation ).

This means that function FORMAT_KEY_URI in package OOS_UTIL_TOTP currently creates an invalid URI if the label or issuer contains non-7-bit-ASCII characters (like for example the Danish letters Æ, Ø and Å), as they will be URL encoded as ISO-8859-1 characters instead of UTF-8 characters.

The call to UTL_URL.ESCAPE in the function FORMAT_KEY_URI should set the URL_CHARSET parameter to AL32UTF8, so lines 121-124 in the file oos_util_otp.pkb should look like this:

l_url := replace(l_url, '#TYPE#', 'totp');
l_url := replace(l_url, '#LABEL#', utl_url.escape(url => l_label, url_charset => 'AL32UTF8'));
l_url := replace(l_url, '#SECRET#', p_secret);
l_url := replace(l_url, '#ISSUER#', utl_url.escape(url => l_issuer, url_charset => 'AL32UTF8'));

Thanks from a non-US user of OraOpenSource ;-)