Token image in Google Authenticator or FreeOTP - google-authenticator

For a project, I implemented an OTP 2nd factor authentification. Everything is working fine, I am able to generate a QRcode for the encryption seed, read it on an Androïd smartphone and use the 6 digits generated code to authenticate in my app.
I read that v1.5 of FreeOTP is now supporting addition of an image to each service, quote:
On Android, we released a major release which brings many new features and UI refinements. The biggest of these is image support. Images can be selected for each token. Images can also be provisioned to the device via an undocumented OTP URI query parameter.
I see that some services did succeed in adding an image for their service (for example OVH), but cannot find the proper URI syntax to do so ...
To be more precise, I am not asking for the method to manually add an image to a token in the FreeOTP app, I'm looking for the correct URI to generate the QRCode that would ideally include a link to the image to be displayed. I'm pretty sure I never manually added an image for OVH.

The correct URI to generate the QR code with reference to the image you want to use in FreeOTP includes a querystring parameter pointing to its publicly available location:
...&image=http<s>://<image-path>
The image should be a .png. Fully qualify path and protocol.
Add this to the existing string already created for the QR code. You have to UrlEncode the whole string before generating the QR code.
For clarity the format of the data before urlencoding should be:
otpauth://totp/(<issuer>:)<accountnospaces>?secret=xxxxxxxxxx(&issuer=<issuer>)(&image=<imageuri>)
Brackets denote optional elements. For example:
otpauth://totp/Google:SampleName?MQ2TQNLEGMYTMOBXGY3Q&issuer=Google&image=http://google.com/image/logo.png
Then you urlencode it:
otpauth%3A%2F%2Ftotp%2FGoogle%3ASampleName%3FMQ2TQNLEGMYTMOBXGY3Q%26issuer%3DGoogle%26image%3Dhttp%3A%2F%2Fgoogle.com%2Fimage%2Flogo.png
Then you generate a QR code however you like. For example, Google Chart API:
https://chart.googleapis.com/chart?cht=qr&chs=400x400&chl=otpauth%3A%2F%2Ftotp%2FGoogle%3ASampleName%3FMQ2TQNLEGMYTMOBXGY3Q%26issuer%3DGoogle%26image%3Dhttp%3A%2F%2Fgoogle.com%2Fimage%2Flogo.png
While this feature is supported by FreeOTP, other apps do not. It's not part of the spec for TOTP, although it should be.

Related

How long is a Google Authenticator export valid and can it be used/imported multiple times?

Title says it all. Have to put in extra characters to make it a valid post.
Thanks.
The QR code exported by Google Authenticator should be valid forever and can be imported as many times as you wish because it uses TOTP technology.
You will notice the phone doesn't need to be connected to internet to generate the QR code this is because it combines the OTP (you entered the OTP when adding the 2FA) and a secret.

How to expire Branch.io link within specific time? (Deep linking via branch metrics)

I am using link to generate deep linking. I am using their public API's endpoint to generate links.
Here is their endpoint: https://api.branch.io/v1/url
I append my branch key and data that I need to associate in this link. Everything is working fine but I need to expire this link within one hour.
Reading up here: https://github.com/BranchMetrics/branch-deep-linking-public-api#creating-a-deep-linking-url
I added "duration" key also, but it didnt expire the link.
It will be great if anyone could help me in figuring out how to expire branch.io link.
Alex from Branch.io here: the duration parameter is used for something different, so it's not going to be able to do what you want. We don't have a built-in feature to expire links, but you could create something close to it yourself:
Add a custom link parameter containing a timestamp for when the link was created.
Check for that timestamp when handling the link at the destination, and do something different if it is more than an hour old. I'm guessing this would be inside your app, and also on whatever fallback URL you have specified for when the app isn't installed or the user is on desktop.
Mail from branch.io support team suggested this answer as below:
If you found out about the $exp_date parameter from here then the
parameters in that list are only used for iOS Spotlight Indexing but
will be used by Branch in the future. A better solution than
utilizing $exp_date is to code logic into your client to determine
what to do with link data based on date. This way, your deep links
will always work and always carry data through, and you won't have to
worry about users clicking empty links.
This way, you would include date as an extra meta key/value pair, and
examine this date in your client when receiving link params to
determine if you want to honor the link's contents or not.

imgix.com downloads images instead of browsing to them

I am using the imgix.com CDN for a test project and for some reason it keeps downloading the images instead of browsing and applying the rules to to them.
So if I type in myprefix.imgix.net/myimage.png it simply downloads it and if I type https://myprefix.imgix.net/myimage.png~text?txtsize=44&txt=470%C3%97480&w=450&h=480 nothing happens.
Has anyone come across this problem?
Thanks
These are two separate issues:
1) If you request an imgix URL without adding any query parameters, imgix will just act as a passthrough to your source. If your images are being treated as a download by the browser rather than as images to display, there must be something mis-configured at the source level. Not knowing anything about your source, I really can't offer any better advice here.
2) The myimage.png~text URL isn't working because you shouldn't be using ~text at all here. Take those five characters out of your URL and it should work as you expect.
Imgix's ~text endpoint is a way to request an image where the "base image" is text rather than a real image. In trying to combine a real base image (myimage.png, in your URL above) with this text-only endpoint (~text), you're making a request that imgix doesn't know how to handle.
If you've got further questions about your imgix integration, especially if they're configuration questions that involve your specific account and settings, I'd encourage you to send your questions to support#imgix.com instead of StackOverflow. While SO is a great place to answer one-off questions, writing into our support-ticket system will allow us to answer account-specific questions a lot easier.
Once your Source has been configured and deployed, you can begin making image requests to imgix. These requests differ slightly for each imgix Source type, but they all have the same basic structure:
https:// example.imgix.net imgix domain / products/desk.jpg path ? w=600&exp=1 query string
The hostname, or domain, of the imgix URL will have the form YOUR_SOURCE_NAME.imgix.net. In the above URL, the name of the Source is example, so the hostname takes the form of example.imgix.net. Different hostnames can be set in your Source by clicking Manage under the Domains header.
The path consists of any additional directory information required to locate your image within your image storage (e.g. if you have different subfolders for your images). In this example, /products/desk.jpg completes the full path to the image.
imgix’s parameters are added to the query string of the URL. In the above example, the query string begins with ?w=600 and the additional parameters are linked with ampersands. These parameters dictate how images are processed. In the above URL, w=600 specifies the width of the image and exp=1 adjusts the exposure setting.

Using a QR code instead of a barcode to read a number into a web form

I want to use generate a QR code for a docket number in a rails web app and print it on the docket. Later, a cashier will scan the QR code from the printed docket into a web form and submit it where my app will retrieve the docket record from a database using the submitted number. Is this feasible and how can I do this? The cashier may use any device from a tablet, phone or computer.
I know how to generate the required code but unsure of the feasibility of reading the code into an input form on a web page.
You need to capture image somehow.
http://miniqr.com/reader.php - This example use Flash & Webcam to make image and read qr code.
http://f.etf.unsa.ba/redmine/projects/nwt-html5-barcode-scanner - html5 solution (needs WebRTC)

Capturing a Map to embed in a Wordpress Blog post

I originally asked this question on Super User but was told that it might be better placed here...
I have a running blog and to help me track and write about my runs I've recently bought a Garmin GPS watch. The setup works a treat and I'm able to share links to my runs in my blog such as:
http://connect.garmin.com/activity/23842182
Is there an easy way for me to capture the map itself out of the Garmin Connect site (see the link) and display it in my blog posting? I can take a screenshot but an interactive map would be heaps better. It's obviously a Google Map with the run info overlayed so there must be a way... right?
To created an embedded interactive Google Map to render your run polylines, you will need to extract the data that the Garmin site is using to render the line.
From the Garmin site, there are two Javascript files that do the work:
http://connect.garmin.com/resource/garmin-js-lib/map/MapsUtil.js - Bunch of utility functions for rendering Google maps based on data in the Garmin system
http://connect.garmin.com/api/activity/component/mapLoader.js - Uses Garmin.service.ActivityClient to grab the JSON data describing the polyline. It feeds this data into Garmin.map.MapsUtil.addEncodedPolylineToMap to render the map.
So do do this on your blog, you will need to either request the JSON data from the Garmin site (and trust that the URI format doesn't change) or grab the data and store it on your own site. The URI format is currently:
http://connect.garmin.com/proxy/activity-service-1.0/gpolyline/activity/<activity id>?full=true
Where activity ID is the last number in your original URL. So:
http://connect.garmin.com/activity/23842182
http://connect.garmin.com/proxy/activity-service-1.0/gpolyline/activity/23842182?full=true
This data request will return some JSON that you can then use to render a Google Map.
Once you have decided how you want to store the JSON data, you will need to write some Javascript to request the JSON and, in the callback, feed it into the GPolyline.fromEncoded method. Once you have a GPolyline object (that is populated from the encoded JSON data), you can add it to a Google Maps GMap2 with the addOverlay method.
I realize that this answer is fairly technically involved and might be overwhelming if you haven't played with Google Maps before. If this is the case, I suggest heading over to the Google Maps API intro page for some hints on getting started.
Since this question was first posted, Garmin Connect has since added a quick code snippet to embed in your WordPress site to display your maps and course data. If you're having issues getting the code snippet to stay in the post after saving - check out these instructions for embedding Garmin Connect activities in WordPress.

Resources