-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issuer option is not passed to otpauthURL in generateSecret #86
Comments
The git repo includes issuer option in generateSecret function. Can you specify "speakeasy": "git://github.com/speakeasyjs/speakeasy.git#e63b936d562fa16c5970d0821a221cf1a59f559b" in package.json to pull the latest source code and pass issuer in generateSecret function? The wiki https://github.com/speakeasyjs/speakeasy/wiki/General-Usage-for-Time-Based-Token |
hey @railsstudent thanks for the answer I've tried the code version you've sent and it adds the issuer but there is another problem. Generated OTP auth is wrong or not correctly handled at least by Google Authenticator: Version on npm generates this and it works: Version you've sent git://github.com/speakeasyjs/speakeasy.git#e63b936d562fa16c5970d0821a221cf1a59f559b generates this: |
What do you mean by wrong? |
Verify function returns correct value but scanned QR code with Google Authenticator generates the wrong value. |
The secret values are different. Regression? |
Here's the problem: when you run the code "generateSecret()" and pass in an "issuer" as part of the options, the issuer gets dropped due to the following lines: Line 474 in index.js
As you can see, even if you pass in "issuer" the issuer won't be passed to the otpauthurl api that generates the google authenticator compatible otpauth URL. |
Ahh, this fix appears to already exist in the current branch - what can we do to get this pushed up to NPM? |
@Cheprer @BrandonCopley Have time to try https://github.com/speakeasyjs/libotp ? |
@jakelee8 as @BrandonCopley mentioned the problem is that the issuer is not passed to otpauthURL constructor so when I've modified code to something like this then it works (of course it needs some checks and defaults in the beginning): if (otpauth_url) {
SecretKey.otpauth_url = exports.otpauthURL({
secret: SecretKey.ascii,
label: name,
issuer: options.issuer
});
} works for https://github.com/speakeasyjs/speakeasy npm version 2.0.0 |
@railsstudent @jakelee8 hey guys I can see this code correctly fixed on the repository on master branch but the NPM package doesn't have it. Can you please update NPM package please and close this issue? Much appreciated, Cheprer |
+1 |
1 similar comment
+1 |
+1 it's not on NPM yet |
Also: if you take the response to generateSecret and then make your own URL you have to pre-encode the label your self as the library isn't. To answer @Cheprer Which as he reports results in: The correct function call is:
The fault when scanning the QR code only failing as the URL contains unencoded spaces For example:
|
@markbao controls the NPM package |
@BarryCarlyon thanks for wrapping it up. I hope guys will make it stable and put on NPM soon. |
I'm having the same issue. A string with a space in breaks the url from otpauthURL. |
@LukeXF I answered the problem in my solution code:
|
It still adds in %20 with |
@LukeXF That what encodeURIComponent() does, it replaces space with %20 |
@railsstudent Yes, but the %20 is showing up on Google Authenticator. |
Sounds like double escaping
… On Oct 6, 2017, at 10:11 AM, Luke Brown ***@***.***> wrote:
@railsstudent Yes, but the %20 is showing up on Google Authenticator. Project%20Name for example instead of Project Name
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@LukeXF Are you using the npm 2.0.0 version of the package, or the latest master from git? In the npm version, label is not URL-encoded: Line 644 in 4e0aa91
In the latest master from git, it is: Line 704 in e63b936
In both versions, |
@markbao I'm using NPM 2.0.0. But even with using |
Problem was with base32 encoding. Because I'm using a base32 secret, I needed to specify an encoding so that it didn't load ASCII be default. See #95 (comment) for reference.
|
I've used @LukeXF 's way and it works. Big thanks but even though the function generateSecret doesn't work properly still because it generates ASCII secret and then from it it generates the base32. Maybe there is a glitch. If I'll have time. I'll try to make a pull request with fix but not sure when. So I would keep this issue still open. |
@markbao any plans on releasing a new version where the |
Hi all, old issue but the issuer still misses in NPM on the generateSecret() method. Any plans to implement it? |
This is still in the NPM package. Please update! |
No releases i 4 years, no progress on v.3 i 3 years. Is project dead? |
Alternatively, https://www.npmjs.com/package/otplib seems to be alive and well. |
In function generateSecret, 'issuer' option is not passed to the otpauthURL function as an option.
The text was updated successfully, but these errors were encountered: