"invalid issuer in parameter" error with Microsoft issued provisioning URI

[dapphp]

Version(s) affected

11.3.0

Description

Today I got a QR code from Microsoft Office 365 to set up an authenticator for a new account. I decoded the QR code and called \OTPHP\Factory::loadFromProvisioningUri() to add it to an application and it threw the exception 'Invalid OTP: invalid issuer in parameter'.

The URI from the qr code is in this format:

otpauth://totp/Some+Company%3ame%40somecompany.net?secret=abcdefghijklmnop&issuer=Microsoft

The issuer in the label is the company name, and the issuer in the query string is "Microsoft", thus, they do not match as they should in the Google Key Uri Format document. This expired draft doesn't appear to require them to be the same.

For what it's worth, FreeOTP added the authenticator and used the issuer from the label and ignored "Microsoft" (though it shows up as "Some+Company" and not "Some Company" in the UI (as it does with this library after fixing the issuer query string manually :)

Not sure what the right answer is here but M$ seems to be diverging from Google's recommendation on issuer matching the issuer in the label.

Thanks again for this great library.

How to reproduce

$uri = 'otpauth://totp/Some+Company%3ame%40somecompany.net?secret=abcdefghijklmnop&issuer=Microsoft';

$otp = \OTPHP\Factory::loadFromProvisioningUri($uri);

Possible Solution

No response

Additional Context

No response