noggin icon indicating copy to clipboard operation
noggin copied to clipboard

Published 20 hours ago verified publisher icon fedora-infra

OTP token URI parameters order is wrong

Open mattiaverga opened this issue 2 years ago • 2 comments

The parameters order in the generated URI for the OTP token is wrong. To be correctly displayed in authenticator apps, the order should be: otpauth://<TYPE>/<ISSUER>:<ACCOUNT>?secret=<SECRET>&<OPTIONAL_PARAMS>

while Nogging generates: otpauth://<TYPE>/<username@domain>:<OTP_DESCRIPTION>?secret=<SECRET>&issuer=<username@domain> while it should be something like: otpauth://<TYPE>/Fedoraproject%20staging:[email protected]?secret=<SECRET>&issuer=Fedoraproject%20staging>

mattiaverga avatar Oct 24 '21 08:10 mattiaverga

That's what we had before, and I've been asked to change it in #607. I don't really know what's best, to be honest.

abompard avatar Oct 26 '21 06:10 abompard

Well, the standard was set by Google: https://github.com/google/google-authenticator/wiki/Key-Uri-Format see also: https://docs.yubico.com/yesdk/users-manual/application-oath/uri-string-format.html

I understand that Noggin is a special case: it is the only one service where I can have more than one 2FA token for my account enabled at the same time. But I think users can easily rename tokens as they prefer on the authenticator app (for example, Authenticator Pro allows that)

mattiaverga avatar Oct 26 '21 16:10 mattiaverga