github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-09 03:33:36 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

[BWA-187] Unable to generate codes for a URI with "%20" in it (theory). May not be properly imported to local Authenticator. #2320

New Issue
Open
opened 2025-11-26 23:15:32 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-26 23:15:32 -06:00
Owner
Copy Link

Originally created by @andbenn on GitHub (Aug 16, 2025).

Steps To Reproduce

  1. In a Bitwarden entry, for the TOTP field value, place a value like:
  2. otpauth://totp/USCIS%20myAccount:santaclaus@northpole.com?secret=OO6OMWAWMCTADIN7ZPSV7MEJFCF4X6CY&issuer=USCIS%20myAccount
  3. ^^ Note: fake email, and random character secret string. Not actual values.
  4. Sync Bitwarden on Android. Verify the URI is present in the entry
  5. Authenticator app is syncing from Bitwarden
  6. Open Authenticator
  7. Search for the entry - won't be found
  8. Return to Bitwarden. Edit the entry, leaving just the secret string of 32 characters removing the before and after parts.
  9. Sync Bitwarden
  10. Open Authenticator
  11. Search for the entry - now found!

Expected Result

My import to Bitwarden and then subsequent use of sync'd Authenticator doesn't generate this code. I have a theory it's the %20's in the supporting strings that aren't being taken account of by the Authenticator app.

This might be a problem if one exports codes from another code-only generator application to Authenticator, and this entry got dropped and isn't generating. I think that's what happened to me but difficult to prove without nuking my Authenticator local data.

Actual Result

I'd expect correct generated codes for all secret strings.

Screenshots or Videos

No response

Additional Context

No response

Build Version

Bitwarden 2025.7.2 ; Authenticator 2025.7.2

What server are you connecting to?

US

Self-host Server Version

No response

Environment Details

Pixel 9a on the August release

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Originally created by @andbenn on GitHub (Aug 16, 2025). ### Steps To Reproduce 1. In a Bitwarden entry, for the TOTP field value, place a value like: 2. otpauth://totp/USCIS%20myAccount:santaclaus@northpole.com?secret=OO6OMWAWMCTADIN7ZPSV7MEJFCF4X6CY&issuer=USCIS%20myAccount 3. ^^ Note: fake email, and random character secret string. Not actual values. 4. Sync Bitwarden on Android. Verify the URI is present in the entry 5. Authenticator app is syncing from Bitwarden 6. Open Authenticator 7. Search for the entry - won't be found 8. Return to Bitwarden. Edit the entry, leaving just the secret string of 32 characters removing the before and after parts. 9. Sync Bitwarden 10. Open Authenticator 11. Search for the entry - now found! ### Expected Result My import to Bitwarden and then subsequent use of sync'd Authenticator doesn't generate this code. I have a theory it's the %20's in the supporting strings that aren't being taken account of by the Authenticator app. This might be a problem if one exports codes from another code-only generator application to Authenticator, and this entry got dropped and isn't generating. I think that's what happened to me but difficult to prove without nuking my Authenticator local data. ### Actual Result I'd expect correct generated codes for all secret strings. ### Screenshots or Videos _No response_ ### Additional Context _No response_ ### Build Version Bitwarden 2025.7.2 ; Authenticator 2025.7.2 ### What server are you connecting to? US ### Self-host Server Version _No response_ ### Environment Details Pixel 9a on the August release ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
GiteaMirror added the app:authenticatorbug labels 2025-11-26 23:15:32 -06:00
GiteaMirror commented 2025-11-26 23:15:32 -06:00
Author
Owner
Copy Link

@bitwarden-bot commented on GitHub (Aug 16, 2025):

Thank you for your report! We've added this to our internal board for review.
ID: BWA-187

@bitwarden-bot commented on GitHub (Aug 16, 2025): Thank you for your report! We've added this to our internal board for review. ID: BWA-187
GiteaMirror commented 2025-11-26 23:15:33 -06:00
Author
Owner
Copy Link

@andbenn commented on GitHub (Aug 16, 2025):

If I recall, I think I imported TOTP codes into one of the early versions of Authenticator, but wasn't actively using it until I started to sync.

I just recently (last week) started the Sync with Bitwarden, so I have both local and Vault data showing in Authenticator

I actually had two TOTP entries that had this problem and weren't imported and weren't showing due to Sync. I'm sure others have similar string values.

@andbenn commented on GitHub (Aug 16, 2025): If I recall, I think I imported TOTP codes into one of the early versions of Authenticator, but wasn't actively using it until I started to sync. I just recently (last week) started the Sync with Bitwarden, so I have both local and Vault data showing in Authenticator I actually had two TOTP entries that had this problem and weren't imported and weren't showing due to Sync. I'm sure others have similar string values.
GiteaMirror commented 2025-11-26 23:15:33 -06:00
Author
Owner
Copy Link

@daniellbw commented on GitHub (Aug 18, 2025):

Hi there,

This has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

@daniellbw commented on GitHub (Aug 18, 2025): Hi there, This has been escalated for further investigation. If you have more information that can help us, please add it below. Thanks!
GiteaMirror commented 2025-11-26 23:15:33 -06:00
Author
Owner
Copy Link

@andbenn commented on GitHub (Aug 27, 2025):

This might be a bigger issue. Seems that if one pastes into Bitwarden a TOTP string that has metadata in it, the codes generated by Bitwarden Authenticator are different.

Three entries with similar strings generate different codes:
NOTREALLYASECRET83637
secret=NOTREALLYASECRET83637
key=NOTREALLYASECRET83637

generate different values.

I should be able to paste in a longer TOTP string such as indicated in step 2 and the same code should be generated.

@andbenn commented on GitHub (Aug 27, 2025): This might be a bigger issue. Seems that if one pastes into Bitwarden a TOTP string that has metadata in it, the codes generated by Bitwarden Authenticator are different. Three entries with similar strings generate different codes: NOTREALLYASECRET83637 secret=NOTREALLYASECRET83637 key=NOTREALLYASECRET83637 generate different values. I should be able to paste in a longer TOTP string such as indicated in step 2 and the same code should be generated.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label app:authenticator bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#2320
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?