otphp icon indicating copy to clipboard operation
otphp copied to clipboard
verified publisher icon Spomky-Labs

Error: Label must not contain a colon

Open simonsolutions opened this issue 1 year ago • 2 comments

Version(s) affected

11.3

Description

When setting a Label like this "Provider%3Ausername%40domain.com" it throws the error "Label must not contain a colon."

How to reproduce

Setting a Label like this "Provider%3Ausername%40domain.com"

Possible Solution

Allowing URL Encoded colons.

Other implementations allow it URL encoded. (Microsoft and Google provide them e.g.)

Additional Context

The issuer prefix and account name should be separated by a literal or url-encoded colon, and optional spaces may precede the account name. Neither issuer nor account name may themselves contain a colon. Represented in ABNF according to RFC 5234:

label = accountname / issuer (“:” / “%3A”) *”%20” accountname Valid values might include Example:[email protected], Provider1:Alice%20Smith or Big%20Corporation%3A%20alice%40bigco.com.

simonsolutions avatar Jul 03 '24 13:07 simonsolutions

Hi,

Many thanks for this report. Have you considered this: https://github.com/Spomky-Labs/otphp/blob/11.4.x/doc/Customize.md#issuer

Spomky avatar Jul 03 '24 13:07 Spomky

Hi, I've seen the property. When adding for example a Microsoft365 account, the label is complete including issuer separated by a url encoded colon. So the idea would be when setting the label splitting it to label and issuer if the colon is present? That would prevent splitting the strings outside the library, maybe with a separate property "isIssuerIncludedInLabel".

simonsolutions avatar Jul 03 '24 13:07 simonsolutions