Authenticator icon indicating copy to clipboard operation
Authenticator copied to clipboard

Published 20 hours ago verified publisher icon ZoLArk173

Amazon TOTP cannot be added

Open gingerbeardman opened this issue 8 months ago • 5 comments
trafficstars

I am unable to even add a single URI and I'm a pro developer 😅

gingerbeardman avatar Mar 23 '25 19:03 gingerbeardman

Sorry for the late reply. The input URI must follow this format:

otpauth://totp/{ACCOUNT_NAME}?secret={SECRET}&issuer={ISSUER}

I agree it's far from ideal and could definitely be improved.

ZoLArk173 avatar Mar 25 '25 16:03 ZoLArk173

Even armed with that information I'm unable to add one.

eg. Amazon

  • {ACCOUNT_NAME} = email
  • {SECRET} = base64 string
  • {ISSUER} = Amazon

i've tried URL Encoding both the email and base64 string

gingerbeardman avatar Mar 25 '25 17:03 gingerbeardman

May I ask what happens after you add the code? Are you unable to add a new entry in the app, or does the watch just show a black screen?

I tested my program using the example URI from this page: https://github.com/google/google-authenticator/wiki/Key-Uri-Format

After adding the URI, you may need to reopen the app on the watch to receive a new code.

ZoLArk173 avatar Mar 25 '25 18:03 ZoLArk173

After some experimentation, I found that I also can't import the Amazon TOTP. I'll take a closer look at the code generation logic.

ZoLArk173 avatar Mar 25 '25 18:03 ZoLArk173

IIRC the web interface part of your apps says that the URI is invalid.

I'll try some other providers! Thanks.

gingerbeardman avatar Mar 26 '25 11:03 gingerbeardman

I have been able to add all other authenticator codes except for amazon, Amazon uses a fixed-length 52-character base32 key, and comes up invalid when we try to add it. Please re-code your program to allow for this amount of characters in a secret key.

devnero avatar Sep 15 '25 15:09 devnero

I noticed that the base32tohex function was producing a 65-character hex string, which is unusual since normally 1 byte should map to 2 hex characters. After rewriting the function, the TOTP generation for Amazon now works correctly. https://github.com/ZoLArk173/Authenticator/blob/9a0da08fb22ed17f3329a3932f7ddc46b7d55860/utils/auth.js#L7-L23

ZoLArk173 avatar Sep 18 '25 03:09 ZoLArk173

Awesome will the zepp app be updated still on version 1.0 , thanks ?

On Wed, Sep 17, 2025, 11:54 PM ZoLArk173 @.***> wrote:

ZoLArk173 left a comment (ZoLArk173/Authenticator#13) https://github.com/ZoLArk173/Authenticator/issues/13#issuecomment-3305327065

I noticed that the base32tohex function was producing a 65-character hex string, which is unusual since normally 1 byte should map to 2 hex characters. After rewriting the function, the TOTP generation for Amazon now works correctly.

https://github.com/ZoLArk173/Authenticator/blob/9a0da08fb22ed17f3329a3932f7ddc46b7d55860/utils/auth.js#L7-L23

— Reply to this email directly, view it on GitHub https://github.com/ZoLArk173/Authenticator/issues/13#issuecomment-3305327065, or unsubscribe https://github.com/notifications/unsubscribe-auth/AFLQKNGZJ5TPQMQBAPGOT433TIUGRAVCNFSM6AAAAABZTLCLGGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTGMBVGMZDOMBWGU . You are receiving this because you commented.Message ID: @.***>

devnero avatar Sep 18 '25 18:09 devnero