Impossible to add GitHub 2FA

[brunvonlope]

Describe the bug
Sorry for fill this bug, but I fell dumb, I have no idea how to use this app 😅. The generated codes after configuring some TOTP aren't accepted by the secret key issuer (in this case GitHub).

To Reproduce
Steps to reproduce the behavior:

1. Go to https://github.com/settings/security?type=app#two-factor-summary
2. On OpenAuthenticator, go to Add (the plus symbol) button
3. Fill secret key with the "setup key" provided by GitHub
4. Fill the obscure name and provider section since this is mandatory(?)

Expected behavior
The 6 digit code generated by OpenAuthenticator work on GitHub

Desktop (please complete the following information):

• OS: Windows 11
• Browser: Chrome (non applicable?)
• Version: 1.4.0 (MSIX aka MS Store)

Screenshots:

Additional context

Maybe we should add support to QR Codes (otpauth://) for easier quality of life?

[Skyost]

Hello,

Maybe we should add support to QR Codes (otpauth://)

It's already supported. I have my Github account on Open Authenticator with no problem so far :

Are you sure you've entered a correct secret key ?

[brunvonlope]

It's already supported

There is some online documentation that tells how/where to add otpauth://? I don't see such option:

[Skyost]

otpauth:// is just a scheme like mailto for example. You can't just paste it in the app, you would rather click on a link that will open the app.

But the otpauth:// link should contain everything you need to setup 2FA : the secret key and the issuer.

[brunvonlope]

Ok, I scanned the QR code with the scanner provided by One UI of my Samsung, pasted the otpauth:// in the desktop browser and opened it with OpenAuthenticator. The generated 6 code are invalid too.

I noticed that the QR Code preview by OpenAuthenticator is slightly different than the one show on GitHub.

[Skyost]

Thanks for the test. And, scanning both QR codes (the one from Github and the one from Open Authenticator) with your scanner, do you notice any difference between both otpauth:// uris ?

[brunvonlope]

And, scanning both QR codes (the one from Github and the one from Open Authenticator) with your scanner, do you notice any difference between both otpauth:// uris ?

Yes. There is only one difference: the : character is replaced by the encoded %3A

The QR Code from GitHub gives:

otpauth://totp/GitHub:brunvonlope?secret=OMITTED&issuer=GitHub

The QR Code from Open Authenticator gives:

otpauth://totp/GitHub%3Abrunvonlope?secret=OMITTED&issuer=GitHub

[Skyost]

Okay, thanks. That corresponds to the issuer, and that shouldn't be a problem for generating TOTPs. Any difference in the secret (in the URI and also in the field in the app) ?

[brunvonlope]

They are the same. Well, some data is being lost and I don't know. To be clear, all the three parts (label, secret key and issuer) are needed for generating the 6 digit code?

I scanned with the Open Authenticator Android app and it worked, even the QR Code being different.

[Skyost]

To be clear, all the three parts (label, secret key and issuer) are needed for generating the 6 digit code?

In fact, only the secret matters when generating TOTPs. The rest are needed to generate a otpauth:// URI, which is needed to generate a QR code.

So, two equal secrets will generate the same TOTPs ; no matter what the issuers and the labels are.

I scanned with the Open Authenticator Android app and it worked, even the QR Code being different.

So, if I understand correctly, your problem doesn't occur on Android, but only on Windows ?

[brunvonlope]

So, if I understand correctly, your problem doesn't occur on Android, but only on Linux ?

Windows

[Skyost]

Thanks ! I was thinking about Windows, but wrote down Linux 😅

[Skyost]

Sadly, I really can't reproduce the issue you're describing. I leave it open for now, to see if there are more reports.

[brunvonlope]

Yeah, it is not actionable. I would be fine to close it but importing the backup from android. But I can't either with the MSIX version (another issue).