Unable to parse long totp secret

[maximbaz]

Creating a bug on behalf of @dustinwilson who will provide you with additional details if needed 😉

twofactor.FromURL("otpauth://totp/Hover:user?secret=a6mryljlbufszudtjdt42nh5by&issuer=Hover")

Returns the error error: illegal base32 data at input byte 24.

pass-otp and iOS pass reportedly support this URL just fine.

Reference: browserpass/browserpass-legacy#255

[kisom]

I think we'll have a fix here shortly, thanks to @qbit.

[gl-sergei]

I think 'a6mryljlbufszudtjdt42nh5by' is base32 encoded, it just missing padding. 'a6mryljlbufszudtjdt42nh5by======' should be decoded correctly.

[dustinwilson]

Hey thanks for this update. I've updated, and the OTPs I'm getting aren't valid. Here is a URI for Amazon:

otpauth://totp/Amazon%3Auser%40domain.tld?secret=UU3Y3AYRPU524DBAOFC5XWXCGI7R6YXWX5LEH7EGHAHEK3D6APNQ&issuer=Amazon

When using the secret with oathtool I get the correct otp:

oathtool -b --totp UU3Y3AYRPU524DBAOFC5XWXCGI7R6YXWX5LEH7EGHAHEK3D6APNQ

It looks like it is indeed base32 encoded as @gl-sergei said.

[qbit]

looks like we will have to add a check for padding. I will come up with something shortly.

[gl-sergei]

Looks like this snippet does the thing:

package main

import (
    "fmt"
    "strings"
    "encoding/base32"
)

func main() {
    secret := strings.ToUpper("a6mryljlbufszudtjdt42nh5by")
    bytes, err := base32.StdEncoding.WithPadding(base32.NoPadding).DecodeString(secret)
    if err != nil {
        fmt.Println("error: ", err)
    } else {
        fmt.Println("bytes: ", bytes)
    }
}