Display Secret with authenticator-compatible/matching-hashing-algorithm string

[charlesfouquet]

Hello and thank you very much for this library, it works like a charm! :)

I have a question though: I would like to display an authenticator configuration key below the QR Code for mobile users (it's easier for them to copy paste the key as they can't scan the QR Code with the same device they are browsing the app from), but I use SHA 256 for the QR Code generation and code verification. So:

• when I scan the QR Code and type the bare secret in the same authenticator app, the OTPs don't match
• when I 256-hash the secret and try to import it in the authenticator, it tells me it's not valid

Is there something special to implement to have an authenticator configuration key that matches the QR Code?
Thanks a lot in advance :D

(Sorry if this is not the place to discuss such matters)

[jarretttaylor]

I just confirmed that I am able to enter the app secret manually and it generates the same codes as one based on the scanned QR code. I should note that I am using SHA-1 and token/code length of 6.

What authenticator app are you testing with? Some don't support SHA 256.

[charlesfouquet]

Following your feedback, I also confirm that with SHA-1, I get synchronized OTP codes between the secret and the QR Code.
I wrongly assumed that it was a limitation from the library, but it was a limitation from Google Authenticator indeed, very sorry about that.
It would have been nice for these apps to all support the three main hashing algorithms, but as I think the vast majority of people will use Google or Microsoft Authenticator just because they know these brands more than others, I'll stick to SHA-1 for now.
Thank you for your help, and have a great week :)