Don't assume our secret is base32 encoded.

According to https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm secrets are only base32 encoded in gauthenticator and gauth friendly providers.
2018-04-16 13:55:03 -06:00
parent a1452cebc9
commit acefe4a3b9
3 changed files with 4 additions and 5 deletions
--- a/hotp.go
+++ b/hotp.go
@@ -90,7 +90,8 @@ func hotpFromURL(u *url.URL) (*HOTP, string, error) {

 	key, err := base32.StdEncoding.DecodeString(secret)
 	if err != nil {
-		return nil, "", err
+		// secret isn't base32 encoded
+		key = []byte(secret)
 	}
 	otp := NewHOTP(key, counter, digits)
 	return otp, label, nil