I am creating this QR-Code URL:
otpauth://totp/TEST:asfadsf?secret=CBPhavYImNauHrVP9KuoR5eE2fO-b_7s&issuer=TEST&algorithm=SHA-1&digits=6&period=30
If i am scanning this code with the google authenticator on ios, i am getting the message:
"The Code is not a valid authentication token"
Is there anything wrong in my QR code?
I had similar problems and fixed them like the following:
1. Issuer:
I don't send the issuer and user separated with a ":" I only add the user name. The issuer information is already provided with &issuer="..."
2. Secret:
The secret needs to be a base32 (RFC 3548/4648) string. This basically means generated out of the following chars: "ABCDEDFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz234567"
Here's a function to generate a random secret as needed:
generateRandomSecretTFA(length = 32) {
let randomBytes = itf.generateRandomBytes(length); // function from node.js crypto module generating random bytes
let rfc3548chars = 'ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghijklmnopqrstuvwxyz234567';
let secret = '';
for (let i = 0, l = randomBytes.length; i < l; i++) {
secret += rfc3548chars[Math.floor(randomBytes[i] / 255.0 * (rfc3548chars.length - 1))];
}
return secret;
},
3. Algorithm:
It worked on my side for some time sending it like you did &algorithm=SHA-1 . Then somehow it wont and I had to send it like &algorithm=SHA1. But anyway SHA-1/SHA1 is the default algorithm the Google Authenticator uses so I don't send it anyhow anymore.
I now generate Google Authenticator readable otpauth's like this one:
otpauth://totp/test?secret=QePxfLm3PViiJvE2HCRNIsGxmdOJD5KP&issuer=Test&digits=6&period=30
I commented my suggestions to your example:
otpauth://totp/TEST:asfadsf?secret=CBPhavYImNauHrVP9KuoR5eE2fO-b_7s&issuer=TEST&algorithm=SHA-1&digits=6&period=30
\__________/ \______________________________/ \_____________/
| | +----------> 3.)
| +----------------------------------------------> 2.)
+------------------------------------------------------------------------------> 1.)