Don't assume our secret is base32 encoded.

According to https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm
secrets are only base32 encoded in gauthenticator and gauth friendly providers.

totp.go

@@ -152,7 +152,8 @@ func totpFromURL(u *url.URL) (*TOTP, string, error) {
 
 	key, err := base32.StdEncoding.DecodeString(secret)
 	if err != nil {
-		return nil, "", err
+		// secret isn't base32 encoded
+		key = []byte(secret)
 	}
 	otp := NewTOTP(key, 0, period, digits, algo)
 	return otp, label, nil