-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Not working with Authy #95
Comments
I'm having the same problem |
I fixed the problem be changing my current code:
and adding window
This helped with my server been out of time. Hopefully it will help you too! |
@LukeXF Still doesn't work for me. |
You could try and raising it even more? |
I've compared Authy's and Google Authenticator's codes before and it didn't appear like Authy was ahead or behind but simply generating completely different codes. So I don't think that's the problem for me but I'll try it increasing the window maybe to 10 or so and update with my results when I get a chance. Either way though, I really shouldn't have to sacrifice security just to support Authy. At this point though I'm honestly considering just writing my own package. Especially since this one hasn't been updated in over two years (at least on npm). |
After building a 2FA system with speakeasy I can see that Google Auth App works but the Authy App doesn't - how odd! It's a shame if speakeasy won't support Authy because it puts it behind other 2FA systems and so far I'm really enjoying speakeasy, don't want to switch just because of this. |
@railsstudent Authy should (and was built to) work anywhere Google Authenticator works. Although I guess clearly there are some exceptions. I use Authy on tons of sites other sites that support TOTP 2FA (most of which only mention Google Auth). I originally used Google Authenticator when I first implemented speakeasy and then switched over to Authy. I was quite surprised when every site worked fine except for my own. @LukeXF Do you know of any other actively developed systems similar to this one for Node? I've tried searching around but came up empty. It seems like there are a lot of people here that want to work on this package but since no one has access to the npm account it's unlikely to happen without splitting it off onto a new one. |
Speakeasy should work with Authy if it implements the OTP RFC. If any of you have time, we would welcome a pull request.
I’m working on getting access to the NPM repository. Unfortunately, The original maintainer for speakeasy has gone AWOL. I don’t have much time outside of work to address all the issues. @railsstudent and I would welcome contributions.
libotp is an effort to fix the design downfalls in the current version of speakeasy. I would love to have more eyes on libotp. So far, there hasn’t been much interest.
https://github.com/speakeasyjs/libotp
… On Oct 5, 2017, at 10:05 AM, Mr. Xyfir ***@***.***> wrote:
@railsstudent Authy should (and was built to) work anywhere Google Authenticator works. I use Authy on tons of sites other sites that support TOTP 2FA (most of which only mention Google Auth). I originally used Google Authenticator when I first implemented speakeasy and then switched over to Authy. I was quite surprised when every site worked fine except for my own...
@LukeXF Do you know of any other actively developed systems similar to this one for Node? I've tried searching around but came up empty. It seems like there's a lot of people here that want to work on this package but since no one has access to the npm account it's unlikely to happen without splitting it off onto a new one.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
@MrXyfir I had that exact same issue! Also I've emailed the NPM owner for speakeasy, let's hope he responds! |
So
works (even WITH AUTHY haha, I'm surprised), but
doesn't. I wonder how it breaks when I built the URL myself |
Did some more research, I found out when I
I get:
Which as you can see the
Because that and the secret is clearly different from the first working example. I wonder why the secret is generated differently when I used the built in function as opposed to my own URL... |
Thanks for the findings. I am not sure about the root cause but i can take a look. |
All, sorry for the late response here. I've been busy with work and haven't been able to make plans for the next release because of the breaking changes it would introduce, but at the least I think I can help with your issue, @LukeXF. @LukeXF: Based on your latest comment, you are generating a secret that has a base32 encoding that starts with You can see this if you try to base32-encode I still need to look into why this is not working with Authy. It absolutely should support Authy and any other system that implements the spec. (Sorry for closing the issue – that was accidental.) |
Thanks for the input @markbao, I'll give it a look at later today! Also any news on updating SpeakEasy on NPM? |
@LukeXF The issue is that there are some breaking changes in the next release. I've been waiting to do an assessment of what the potential impact of the breaking changes would be, but that takes some time and I haven't been able to get around to it. |
@MrXyfir Thanks for your patience on this. I read your code but don't seem to see any issues in it. Can I ask you to try to use the See this comment for more info: #95 (comment) |
@MrXyfir Thanks for trying that. When you generate the 8-digit otpauth:// URL, do you see 8 digits or 6 digits in Authy? Could you also try:
It may be that Authy doesn’t support one of these fields. There’s a tweet from them from 2014 that said they didn’t support 8-digit codes; this may have changed by now. |
@markbao I use Authy primarily and I have a few sites that use 7 digit codes as well as 6 (fyi, I don't have any 8 digit site yet), so I know that they're not just limited to 6 digit codes. |
@markbao great news, got custom URL building working! And it works with Authy as well as Google Auth. AND it fixed my space encoding problem. Thank you, I should of really read over the docs again, but yes, adding the encoding so it's not defaulted to ASCII fixed the problem.
|
@markbao Sorry for the late response, been very busy. In response to your digits question: as @LukeXF said, yes, Authy shows the full eight digits. Anyways, I think I may have figured out the issue. For the following tests I sent the url given from
Then I decided to flip it around and use the url given from I'll do more testing tomorrow. |
So I used I'll now try passing different values to
So there are at least two major issues preventing
Then of course there is the |
Based on this documentation about the otpauth URL syntax, the recommendation seems to be that you include the We also recently discovered that Authy and Google Authenticator on iOS will reject the otpauth URL if the We had been doing this...
... but I'm about to change to the following in an attempt to fix this iOS problem (which, as a side note, I probably should have been doing all along). Note the uses of
Here is an example output from |
@forevermatt Thank you! That solves my problem with the issuer not showing in Authy! |
If you have to support Android devices, make sure you're using algorithm: sha1 |
Using this repo fixes the issue for me: |
Best response that work like a charm when specify |
Having a few issues getting this working with Authy. It works with Google Authenticator no problem. If I have Authenticator and Authy scan the same QR code they'll give me different OTPs, with Authy's being incorrect.
Using the latest npm version of speakeasy and qrcode on Node v8.6.0.
generating the secret/url
verifying the token
Only on Authy am I having two issues:
I also tried loading the latest version of speakeasy from Github but there was no change to either issues.
Any ideas what I'm doing wrong? I'm assuming somewhere there's a communication issue between my implementation of speakeasy and Authy as I have no problem with speakeasy on Google Authenticator and no problem with Authy on other sites. I don't really care about the issuer not showing on Authy but generating incorrect codes is a bit of problem...
The text was updated successfully, but these errors were encountered: