Decoding secrets BASE32 encoded with padding

[wachulski]

1. When I init a QR code that was generated by code that uses secrets BASE32 encoded with padding, then I get an error.
2. This happens only on iPhone

Yes, I saw https://github.com/google/google-authenticator/wiki/Key-Uri-Format#secret and that you expressed it:

REQUIRED: The secret parameter is an arbitrary key value encoded in Base32 according to RFC 3548. The padding specified in RFC 3548 section 2.2 is not required and should be omitted.

Since it is should instead of must, RFC terminology led me into conclusion it is discouraged, but still, it would work. On the other hand, e.g. https://github.com/google/google-authenticator-android works with padding, so there is no such limitation for Android. As we want to support multiple authenticator apps on different devices, could you please consider a remediation to make it compliant with Android app?

Code analysis:

google-authenticator/mobile/ios/Classes/OTPAuthURL.m

Line 184 in 864704a

+ (NSData *)base32Decode:(NSString *)string {

uses stringEncodingWithString from
https://github.com/google/google-toolbox-for-mac/blob/640815dcd6fa74bfd103ec89bd5acce6a371bcf8/Foundation/GTMStringEncoding.m#L95
and adjusts with parameters.
You pick one of the possible encoding methods from GTMStringEncoding. In there you also have https://github.com/google/google-toolbox-for-mac/blob/640815dcd6fa74bfd103ec89bd5acce6a371bcf8/Foundation/GTMStringEncoding.m#L43, that is rfc4648Base32StringEncoding which makes use of padding explicitly. What about utilizing that other method of the toolbox for Mac project?

[ThomasHabets]

Standard disclaimer:

--

FYI: The version in Google Play Store / Apple App store is not the same as this opensource version. They've diverged. This opensource version is also unlikely to end up in the app stores. This open source version doesn't get much love, but I'll accept well-written pull requests. But don't expect this feature to be implemented by Google.