![google authenticator apple device google authenticator apple device](https://cdn.osxdaily.com/wp-content/uploads/2020/12/move-google-authenticator-to-new-iphone-5-610x505.jpg)
Sometimes they would work, but mostly not.Īfter a very long time of testing, I figured out that any string with a 0 or a 1 in the string would fail. I was generating a secret based on the first 16 chars of an upshifted md5. I had codes that would work, and codes that didn't and they looks similarly random.
#Google authenticator apple device how to
Can anyone explain this? Additional conspiracy theories on this topic are also welcome.įor the answer above, I couldn't figure out how to make the base32 thing work for me (I'm doing it in just PHP). I hate fixing a bug and not knowing why the fix worked. except that I actually gave it more than 128 bits since it was a guid-as-string.Īfter Base32 decoding, the ios app recognizes the secret string as a guid and does something else with it. My commentary/seed is enough to bump it over that limit, whatever that happens to be. The ios port requires more than 128 bits. I've got two crazy theories on why this could possibly have worked: NewAuthUrl = string.Format("otpauth://totp/myapp_user?secret=", secret) Secret = enc.Encode((Guid.NewGuid().ToString())) // Fails
![google authenticator apple device google authenticator apple device](https://images.macrumors.com/article-new/2020/11/google-authenticator-app-1.jpg)
If I add a small seed to the beginning of the guid everything works just fine: otpauth://totp/myapp_user?secret=nfygq33omvzxk圓lom3ggmzyha2tgnjnmu4gezbngqzdgyrnhbtdqzrnmeywimrwmjsgknzymi3aĮssentially it's the difference between: secret = enc.Encode32(("iphonesucks" + Guid.NewGuid().ToString())) // Works
#Google authenticator apple device verification
Why does it fail? The typical reason for this message is whitespace in the url - but there is none. Apple’s iOS 15 will add a built-in authenticator to iPhone, removing the need to download Google Authenticator or any other code-generating verification app for that matter. It meets Google/RFC 4226's minimum secret requirement (128 bits), is properly Base32 encoded, etc. The barcode '' is not a valid authentication token barcode. On ios alone, it throws a really peculiar error when trying to scan the barcode most of the time: Invalid barcode The GUID gets base-32 encoded, and put into the URL that is converted to a QR code and scanned by the user with their phone: otpauth://totp/myapp_user?secret=g5swmnddhbtggllbgi3dsljumi3tallbmuytgljtg5sdgnbxmy2dgyjwmy=Īnd all works well for all non-ios machines we have tried. While I managed to fix it, I'm not really sure why the fix works.įor our shared secret, we assigned a GUID to the user when they begin the TFA setup. We've incorporated two factor authentication into one of our applications using Google Authenticator.