Fixed Extra space in TOTP url


Well-known member
Affected version
When generating the url for Google Authenticator (or other TOTP apps), there's an extra space before $user.

In XF\Tfa\Totp.php:
$otpUrl = GoogleAuthenticator::getKeyUri('totp', "$issuer: $user", $config['secret'], null, [
   'issuer' => $issuer

should be:
$otpUrl = GoogleAuthenticator::getKeyUri('totp', "$issuer:$user", $config['secret'], null, [
   'issuer' => $issuer

It's not normally noticeable, because Google Authenticator app cleans it up and trims it before displaying. But have noticed other apps don't trim it... notably, Yubico's Authenticator app always ends up with a leading space on the account name when adding XenForo totp.

If you look at the example section for Google Authenticator, you can see the example does not include that space:


XF Bug Bot

XenForo bug fixer bot
Staff member
Thank you for reporting this issue, it has now been resolved. We are aiming to include any changes that have been made in a future XF release (2.2.10).

Change log:
Remove extraneous space when generating a one-time password URL
There may be a delay before changes are rolled out to the XenForo Community.