Issuer mismatch validation causing problems despite being fully valid
Closed this issue · 2 comments
otpauth://totp/Issuer1:foo@bar.com?algorithm=SHA1&digits=6&issuer=Microsoft&period=60&secret=ABC
causes errors due to an issuer mismatch.
This happens with Microsoft external accounts so Issuer1 is not the same as Microsoft.
Running it with from_url_unchecked()
also raises the same error.
Hi!
Ah, that is not good... I guess Microsoft is using slightly different requirement for their URL... There is no clear way to disimbiguate (do we want the issuer in the path to be the one taken? Or do we want the parameter one?)
Either way, from_url_unchecked returns such an error because there is no clear way to know which one to take
From what I gather, the issuer parameter is used internally as disimbiguation for Google Authentication, and Authy will look up the logo according to the issuer parameter, but use the pat one as display
This is tricky
After spending some time on this, I think this is a wontfix. Deviating from Google's spec document would make the code more messy than it needs to be. Adding custom algorithms was a big enough leap, but I'm not confortable starting to add different URL specifications