TOTP to_uri doesn't support issuer label prefix

Issue #92 resolved
Wyatt Anderson created an issue

From the TOTP key URI spec, it seems you can prefix the label field with the issuer in addition to providing the issuer parameter:

We recommend using both an issuer label prefix and an issuer parameter, described below.

The current to_uri method does not format the label this way by default if issuer is set and also actively prevents you from including a : in the label field.

Happy to submit a PR adding this capability; not sure what the best API is. Additional flag to to_uri perhaps? Or always including it if issuer is set?

Comments (3)

  1. Eli Collins repo owner

    Hi! That definitely looks like an oversight, glad you caught that. I see I added support to .from_uri(), but missed it in .to_uri().

    A PR would be great!

    The issuer prefix isn't needed much any more, and some folks might want to omit it for QR-code space reasons, so I'd like to make it optional. But the spec is pretty strongly worded, and since from_uri already supports parsing an issue prefix, there won't be any internal backward-compat breaks to enabling it by default. So I think an "legacy_issuer" flag might be useful, but have it default to True.

  2. Eli Collins repo owner

    bugfix: passlib.totp: always prepend issuer to URIs (fixes issue 92)

    For all prior releases of passlib, TOTP().to_uri() would only output an "issuer" parameter. Per the KeyURI spec, issuer should also be prepended to the label for backward compatibility.

    → <<cset 18cad8aa1507>>

  3. Log in to comment