Describe the bug
When scanning a QR code on AuthPass, the resulting URI is sent under the attribute name OTPAuth. This is non-standard and cannot be recognized by other KeePass–based password managers.
While AuthPass recognizes TOTP keys under the otp field, which other KeePass managers (namely, KeePassXC and Tusk) create, the other way around doesn't work — an OTPAuth field created by AuthPass cannot be read by these other apps that expect OTP secret keys in otp.
To Reproduce
Steps to reproduce the behavior:
- Go to a website and set up TOTP on an account without it yet
- Go to AuthPass and tap the ➕ button to create a new field
- Tap "➕ Add Field" button
- Tap the "🕔 One-Time Password (Time-Based)" option
- Scan the QR code
- Save, lock, and let AuthPass upload to cloud storage provider
- On either one of the other password managers, open the database
- Search for that website account entry
- (If KeePassXC) Notice that there is no clock icon on the entry
- (If KeePassXC) Right-click and click "Show TOTP" button
- (If KeePassXC) See error on lack of TOTP
Expected behavior
AuthPass should save the URI containing a TOTP secret key, issuer, and other details generated by platforms' TOTP setup QR codes into otp, for compatibility with older password managers.
Screenshots
See screenshots on keepassxreboot/keepassxc#12089
Desktop (please complete the following information):
- OS: Windows 11
- Firefox latest stable
- Version whatever's on the Mozilla Addons Store
Smartphone (please complete the following information):
- Device: realme C53
- OS: Android 14
- Vivaldi as latest on Google Play Store
- Version N/A
Additional context
To be honest, other password managers should be able to read the OTPAuth field consisting of TOTP details entered by AuthPass, just like AuthPass does with their preferred TOTP information field name otp.
After all, the attribute name OTPAuth is Pascal case and contains a disambiguating word to make the field's contents clearer to data consumers of the KDBX file.
I asked the KeePassXC maintainer if they could support the field name OTPAuth, but it's apparently you guys that have to bend to the long-existing standard: keepassxreboot/keepassxc#12089
Describe the bug
When scanning a QR code on AuthPass, the resulting URI is sent under the attribute name
OTPAuth. This is non-standard and cannot be recognized by other KeePass–based password managers.While AuthPass recognizes TOTP keys under the
otpfield, which other KeePass managers (namely, KeePassXC and Tusk) create, the other way around doesn't work — anOTPAuthfield created by AuthPass cannot be read by these other apps that expect OTP secret keys inotp.To Reproduce
Steps to reproduce the behavior:
Expected behavior
AuthPass should save the URI containing a TOTP secret key, issuer, and other details generated by platforms' TOTP setup QR codes into
otp, for compatibility with older password managers.Screenshots
See screenshots on keepassxreboot/keepassxc#12089
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
To be honest, other password managers should be able to read the
OTPAuthfield consisting of TOTP details entered by AuthPass, just like AuthPass does with their preferred TOTP information field nameotp.After all, the attribute name
OTPAuthis Pascal case and contains a disambiguating word to make the field's contents clearer to data consumers of the KDBX file.I asked the KeePassXC maintainer if they could support the field name
OTPAuth, but it's apparently you guys that have to bend to the long-existing standard: keepassxreboot/keepassxc#12089