Login/Register
Google authenticator invalid barcode on scan
Asked Answered
phpqr-codegoogle-authenticator
W

4

6

here's my code in generating the qr code

public function getUrl($user, $hostname, $secret) {
      $encoder = "https://chart.googleapis.com/chart?chs=200x200&chld=M%70&cht=qr&chl=";
      $encoderURL = sprintf( "%sotpauth://totp/%s@%s",$encoder, $user, $hostname);
      $finalEncodorURL = $encoderURL . "%26secret=". urlencode($secret);
      return $finalEncodorURL;
}

supposedly this will generate a qr code, and it does. but when i scan this code using google authenticator app, it will generate an error

The barcode 'otpauth://totp/[email protected]&secret=UOPKN6QFW3J6PW74' is not a valid authentication barcode.

but when "manual entry" using the secret key, it'll work and i can login just fine using the generated key.

i found stuffs in the internet saying i should urlencode the data, i did, but still it wont work.

here's a sample url generated by the function above:

https://chart.googleapis.com/chart?chs=200x200&chld=M%70&cht=qr&chl=otpauth://totp/[email protected]%26secret=UOPKN6QFW3J6PW74

am i missing something or did something wrong?

Woald answered 17/6, 2014 at 8:49 Comment(0)
P
9

Just replace &secret= with ?secret= (don't forget to url-encode).

Also I don't know if this is the case here but the account name cannot have a space. It would work if you scan with Androids, but not with iPhones (go figure!)

Pirogue answered 22/1, 2015 at 9:24 Comment(1)
Confirmed... the iOS app does not like spaces. :(Hermaphrodite
H
9

It appears that both Google and IOS Authenticator apps don't like spaces in the 'Account Name' in OTP QR Codes. Replace them with something like - or _ or remove them.

The Windows phone app allows spaces and a version I installed on a Android Phone 6 months ago worked. I didn't get chance to test IOS but it looks like IOS has an issue. Entering the key manually works just fine but not scanning a QR Code with a SPACE in it.

Hairraising answered 7/12, 2016 at 11:44 Comment(1)
The above example does not contain spaces. I'm having the same problem and so do I.Esther
P
2

You should fully URL encode the data that you pass to the charts API.

otpauth%3A%2F%2Ftotp%2Fuser4%40noemail.com%26secret%3DUOPKN6QFW3J6PW74

That should ensure that the data is encoded properly.

Philippi answered 18/6, 2014 at 9:19 Comment(1)
I did fully url encode the data, but it doesn't work. here's the full url of the qr code chart.googleapis.com/…Woald
P
1

Replace the spaces by %20 in QR code URL. This issue occurs only in Google Authenticator iOS App. In Android, it works without replacing spaces.

Pogrom answered 6/1, 2017 at 8:59 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.