mirror of
https://github.com/bitwarden/android.git
synced 2026-03-19 13:36:39 -05:00
Invalid TOTP codes #181
Closed
opened 2025-11-07 08:30:05 -06:00 by GiteaMirror
·
20 comments
No Branch/Tag Specified
main
PM-33907-autofill-crash
PM-29829/duplicate-items-created-scanning-qrcode
sdlc/sdk-update
premium-upgrade/PM-33513-checkout-deep-link
premium-upgrade/PM-33512-premium-state-manager
sdk-folder-repo-interface
PM-25654-preview-attachment
android-collections
cx/android-architect-agent
PM-30130-remove-archive-feature-flag
llm/add-resolving-sdk-updates-skill
QA-1523/sanity-test-saucelabs
release/2026.3-rc48
PM-24380/flight-recorder-redact-hostname
PM-26577-app-links-support
PM-26896-autofill-fix
release/2026.2-rc47
PM-32714/fallback-to-web-vault-host
pr-6572
PM-28834/setting-app-layout-horizonos
release/2026.2-rc46
release/2026.1-rc45
PM-30644/added-logs-for-debug
PM-30644/quicktile-nav-not-showing-migration
minor-gradle-updates
release/2026.1-rc42
release/2026.1-rc44
release/2026.1-rc43
PM-28834/set-landscape-on-horizonos-devices
context-rules
devclarity/update-code-review-command
PM-20026/force-ltr-passwords-and-codes
release/2025.12-rc41
cmcg/testCoverage
PM-29014/talkback-support-for-passwords
release/2025.12-rc40
BRE-1305/publish_test
accept-user-certs
autofill-permissions
release/2025.11-rc39
PM-22479/check-all-certificates-validate-asset-links
release/2025.10-rc38
agalles/android-latest
optimize-test-workflows
tier2-test-sharding
retro-agent
PM-27001/skip-account-selection-only-one-exists-cxp
release/2025.10-rc37
agalles/test-1118
release/2025.10-rc36
PM-20593-token-refresh
QA-1126b/adding-native-sanity-test
release/2025.9-rc35
pm-25933/sdk-update-password
release/2025.9-rc34
release/2025.8-rc33
agalles/20250821-release
debug-release-issues
pm-24249-allow-automated-prs-for-sdk-updates
release/2025.8-rc32
release/WORKFLOW-TEST-2025.8-rc28
agalles/20250807release
release/2025.07-rc25
release/hotfix-v2025.7.0-bwa
pm-23311/export-vault-policy-bypass
release/2025.07-rc24
authenticator-pm-sync-flags-issue
ps/implement-sdk-repository-example
release/hotfix-v2025.6.0-bwpm
release/2025.06-rc21
agalles/automate-android-fastlane-patch
release/2025.05-rc20
release/2025.04-rc19
languages/basque
release/2025.03-rc19
update-readme
qrcode/feature
innovation/archive/pm-19153-archive-items
qrcode/2-ui-fields
qrcode/1-page
hold-on-biometric-prompt-alternative
release-notes-process
release/2025.02-rc16
bwa-monorepo
PM-8223/new-device-verification-ux-improvements
pm-18451/exempt-from-policies
test-bwa
cs-workaround-linked-0-copy
release/2025.01-rc15
release/2025.01-rc14
release/2024.12-rc13
pm-16670/sync-leave-notice
821
PM-16695/backport-lean-more-new-device-verification
km/15084-testing
release/hotfix-v2024.11.7
release/2024.11-rc1
pm-11304/collection-add-item-button
PM-14241/disabling-logs-app-crash
poc/offline-editing
new-version-calc
pm-11649/expired-link-services
pm-6702/add-feature-flag
pm-6702/email-verification-feature
pm-9933/marketing-copy-update
pm-6702/registration-flows
update-templates
pm-6701/email-verification-selfhost-registration
v2026.3.0-bwpm
v2026.3.0-bwa
v2026.2.1-bwpm
v2026.2.1-bwa
v2026.2.0-bwpm
v2026.2.0-bwa
v2026.1.1-bwa
v2026.1.1-bwpm
temp-test
v2026.1.0-bwpm
v2026.1.0-bwa
v2025.12.1-bwa
v2025.12.1-bwpm
v2025.12.0-bwa
v2025.12.0-bwpm
v2025.11.1-bwpm
v2025.11.1-bwa
v2025.11.0-bwpm
v2025.11.0-bwa
v2025.10.1-bwa
v2025.10.1-bwpm
v2025.10.0-bwa
v2025.10.0-bwpm
v2025.9.1-bwa
v2025.9.1-bwpm
v2025.9.0-bwa
v2025.9.0-bwpm
v2025.8.1-bwa
v2025.8.1-bwpm
v2025.8.0-bwa
v2025.8.0-bwpm
v2025.7.2-bwa
v2025.7.2-bwpm
v2025.7.1-bwa
v2025.7.1-bwpm
v2025.7.0-bwa
v2025.7.0-bwpm
v2025.6.1-bwpm
v2025.6.0-bwa
v2025.6.0-bwpm
v2025.1.0-bwa
v2025.5.0-bwa
v2025.5.0-bwpm
v2025.5.999
2025.4.0
v2025.4.0
untagged-4731eaadac73f3dfbbb8
v2025.3.0
v2025.2.0
untagged-815a165c5d70ffe75bc7
v2025.1.2
v2025.1.1
v2025.1.0
v2024.12.0
untagged-5a76b6392a4c8998c63a
v2024.11.7
v2024.11.6
v2024.11.5
v2024.11.4
v2024.11.3
v2024.11.2
v2024.11.1
v2024.11.0
v2024.10.2
v2024.10.1
v2024.10.0
v2024.9.0
v2024.8.1
v2024.8.0
v2024.7.3
v2024.7.2
v2024.7.1
v2024.7.0
v2024.6.1
v2024.6.0
v2024.5.1
v2024.4.1
v2024.4.2
v2024.4.0
v2024.3.3
v2024.3.1
v2024.3.0
v2024.2.1
v2024.2.0
v2024.1.1
v2024.1.0
v2023.12.0
v2023.10.0
v2023.9.2
maui-single-project-android
v2023.9.1
v2023.9.0
v2023.8.0
v2023.7.0
v2023.5.0
v2023.4.0
v2023.3.2
v2023.3.1
v2023.3.0
v2023.2.0
v2023.1.0
v2022.11.0
v2022.10.0
v2022.9.1
v2022.9.0
v2022.8.0
v2022.6.2
v2022.6.1
v2022.6.0
v2022.05.0
v2.18.0
v2.17.0
v2.16.4
v2.16.3
v2.16.2
v2.16.1
v2.15.0
v2.14.2
v2.14.1
v2.14.0
v2.13.0
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.0
v2.9.1
v2.9.0
v2.8.2
v2.8.1
v2.8.0
v2.7.2
v2.7.0
v2.6.1
v2.6.0
v2.5.6
v.2.5.5
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.1
v2.3.0
v2.2.8
v2.2.7
v2.2.6
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.0
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v1.22.1
v1.22.0
v1.21.0
v1.20.0
v1.19.0
v1.18.1
v1.18.0
v1.17.0
v1.16.0
v1.15.2
v1.15.1
v1.15.0
v1.14.4
v1.14.1
v1.14.0
v1.13.0
v1.12.2
v1.12.1
v1.12.0
v1.11.1
v1.11.0
v1.10.0
v1.9.0
v1.8.1
v1.8.0
v1.7.0
v1.6.5
v1.6.1
v1.6.0
v1.5.1
v1.5.0
v1.4.4
v1.4.3
v1.4.0
v1.3.0
v1.2.1
v1.2.0
v1.1.0
v1.0.0
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/android#181
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @vbtrek on GitHub (Jan 24, 2018).
Bitwarden sems to be generating invalid TOTP codes. My data was imported from 1password. The codes from 1password work correctly, I have also added the same codes to Authy and when I put Authy / 1password and bitwarden side by side Authy and 1passwords TOTP codes match and bitwarden is wrong.
Any ideas why?
@kspearrin commented on GitHub (Jan 24, 2018):
That's weird. Are you comparing on the same device?
@vbtrek commented on GitHub (Jan 24, 2018):
Authy is on my iPhone, bitwarden Vault in opera on my laptop, and 1password desktop also on my laptop. Example of the same login in 1password in the foreground and the same login in bitwarden in the background.
It's exactly the same otpauth url in both bitwarden and 1password.
@kspearrin commented on GitHub (Jan 24, 2018):
If you are comparing on different devices it could be a time sync issue. Ensure your system time is correct on each. Else it could be that the keys are being parsed differently. For example, does your key have any spaces in it? Are you sure the keys are exactly the same in both systems?
@vbtrek commented on GitHub (Jan 24, 2018):
I thought that, but both Authy and 1password on the iphone and 1password on the windows laptop all show the same TOTP at the same time, however bitwarden doesn't. bitwarden on the iphone matches the bitwarden web vault on my windows laptop. I can't see any time sync issues. I'll try rescanning the QR code using bitwarden and see if that give me a valid TOTP.
@kspearrin commented on GitHub (Jan 24, 2018):
Well, if you are re-scanning QR codes you most likely will get a different TOTP key. If the keys are different you will get different codes. You need to compare the keys in both programs and see what is different.
@vbtrek commented on GitHub (Jan 24, 2018):
The keys are currently identical, they were imported. I have also tried cutting and pasting from 1password into bitwarden and saving, but still the TOTP code is different.
@kspearrin commented on GitHub (Jan 24, 2018):
Do the keys have spaces? Are all characters valid base 32 characters?
@vbtrek commented on GitHub (Jan 24, 2018):
No spaces here's an example: "otpauth://totp/Microsoft:email@server.com?secret=1234567890ABCDEF&issuer=Microsoft" (i've changed the email address and secret!). I've got TOTP setup for a number of services: Microsoft / Google / email / Facebook and they are all wrong in bitwarden.
@kspearrin commented on GitHub (Jan 24, 2018):
That's not a valid TOTP key. They key in this case would just be "1234567890ABCDEF"
@vbtrek commented on GitHub (Jan 24, 2018):
Right, that's what was imported from 1password. Let me change it and try again.
@vbtrek commented on GitHub (Jan 24, 2018):
Awesome, that's done it, i'll go through an update them all. Maybe something to note for the 1password importer. Thanks for all your help.
@kspearrin commented on GitHub (Jan 24, 2018):
How are the values actually stored in 1Password? Are they
1234567890ABCDEForotpauth://totp/Microsoft:email@server.com?secret=1234567890ABCDEF&issuer=Microsoft?@vbtrek commented on GitHub (Jan 24, 2018):
The full URL, example in screenshot from 1password editor:
@kspearrin commented on GitHub (Jan 24, 2018):
In my experiencing that's not how most people have them stored in there. If you were to make it just
1234567890ABCDEFin 1Password does it work the same?@vbtrek commented on GitHub (Jan 24, 2018):
Yes it does work, so both the otpauth url and just the 123456789ABCDEF work the same and produce the same TOTP code. Interestingly the 1password one time password generator (the grey circle icon at the end of the texbox) generates an otpauth url for you. Also, all the TOTP's I have stored were captured using the iphone and the QR code scanner which must also store the full otpauth URL.
@kspearrin commented on GitHub (Jan 24, 2018):
Hmm. When I tested the importer for 1Password I don't recall seeing otpauth URLS for them. Is this 1Password 4 or 6?
@vbtrek commented on GitHub (Jan 24, 2018):
1password 4.
@kspearrin commented on GitHub (Jan 24, 2018):
Ok, that must be different than 1Password 6, which is what I used to test. Thanks.
@vbtrek commented on GitHub (Jan 24, 2018):
Thank you too.
@917huB commented on GitHub (Apr 8, 2018):
Ive just imported into 1.25.1 from a 1Password 6.8.8 export and found the OTP code was as reported above, i.e "otpauth://totp/Coinbase:coinbase@xyz.uk?secret=xxxxyyyyyzzzz1111&issuer=Coinbase" and not just the xxxyyyzzz1111 bit. Correcting the OTP code to just the secret resolves any issues.