Otp.NET icon indicating copy to clipboard operation
Otp.NET copied to clipboard
verified publisher icon kspearrin

Does not work with Microsoft https://mysignins.microsoft.com/security-info

Open mhoang-woolworths-com-au opened this issue 1 year ago • 8 comments

I have tried this on https://mysignins.microsoft.com/security-info choose Add new authentication method > Authenticator > not microsoft authenticator > grab the secret key, generate the 6 digits token to register but it never works tried for 30 mins (with fresh tokens)

mhoang-woolworths-com-au avatar Jun 02 '24 01:06 mhoang-woolworths-com-au

It will depend on how you are creating the QRCode. I just tested it in my implementation and everything is fine. Can you share the QRCode creation code?

joaodev7 avatar Aug 22 '24 22:08 joaodev7

I have the same issue. The QR code contains data in the following uri format:

otpauth://totp/{{ORG_NAME}}%3A{{USER_EMAIL}}?secret={{TOTP_SECRET_BASE64}}&issuer=Microsoft

I assume the secret is a base64 encoded byte array but I'm not sure but I do think that is the value that needs to be like:

var bytes = Convert.FromBase64String("XXXXXXXX");
var totp = new Totp(bytes);

I tried with different OtpHashMode but unfortunately none work.

ramonsmits avatar Oct 27 '24 18:10 ramonsmits

ok, my bad, seems the secret is not Base64 but Base32 encoded. Using Base32Encoding.ToBytes works!

ramonsmits avatar Oct 27 '24 18:10 ramonsmits

What hash were you using? I'm having issues getting Microsoft Authenticator work with 256 and 512, but google authenticator and apple passwords work fine. Microsoft Authenticator seems to generate the same code as duo, which also doesn't work. But if I go to SHA1, then all four work.

cstevenson93 avatar Nov 25 '24 20:11 cstevenson93

Are your using Base32 decode?

ramonsmits avatar Nov 25 '24 21:11 ramonsmits

Are your using Base32 decode?

I am. It seems that even though I'm passing along SHA256/SHA512 in the algorithm parameter, Microsoft and Duo are only giving back an SHA1 code. I verified them against both 512 and 1 and Google/Apple passed the 512 check and Microsoft/Duo passed the 1 check Are they not compatible with higher hashes? I'm struggling to find up to date info for Microsoft Authenticator compatibility.

cstevenson93 avatar Nov 25 '24 22:11 cstevenson93

I am. It seems that even though I'm passing along SHA256/SHA512 in the algorithm parameter, Microsoft and Duo are only giving back an SHA1 code.

What are you trying to say here? QR codes are generated by the service/application. You're getting a token.

Why are you bringing up Microsoft Authenticator? That has nothing to do with?

What are you trying to accomplish?

  1. Generate a TOTP from a hash provided by a Microsoft loging
  2. Generate a hash/QR code to store in Microsoft Authenticator?

ramonsmits avatar Nov 28 '24 12:11 ramonsmits

I am. It seems that even though I'm passing along SHA256/SHA512 in the algorithm parameter, Microsoft and Duo are only giving back an SHA1 code. I verified them against both 512 and 1 and Google/Apple passed the 512 check and Microsoft/Duo passed the 1 check Are they not compatible with higher hashes? I'm struggling to find up to date info for Microsoft Authenticator compatibility.

I stumbled on the same problem. When reading the same QR code with Google Authenticator and Microsoft Authenticator, they will give me the same code if the QR code has algorithm=SHA1. But if the QR code has algorithm=SHA512, then they will give me different codes.

This is not a problem of Otp.NET. It must be a bug/deficiency of Microsoft Authenticator (and Duo, if you have verified it).

VMM-TG avatar Mar 11 '25 13:03 VMM-TG