Firstly, thanks for the app. I have it partially working but the QR code generated and displayed definitely does not work with Google Authenticator - for me at least using Android. The manual setup code provided does however provide a workaround that allows Google Authenticator to be setup and the QR code does scan correctly with Authy.
I am interested in cyber security and would like to understand whats happening better but I am currently new to piwigo and this particular topic!
In an effort to understand what was happening I fed a screenshot of the QR Code that would not scan and the URL obtained from pointing my android camera app at the QR code into Perplexity AI. For the record here is an extract of this conversation :
- The QR code you posted doesn’t contain an OTP URL at all.
- The data you see (data:image/png;base64,...) means the QR code represents another QR code image encoded as a Base64 data URI.
- In other words, your Piwigo plugin generated a QR code of a Base64‑encoded PNG, not a QR code of the “otpauth://...” URI that Google Authenticator expects.
**What’s happening**
The plugin is supposed to create a QR containing text like:
**text**
otpauth://totp/Piwigo:username?secret=E+mg7Gjs...&issuer=Piwigo
Instead, it created a data URI that embeds the image of that QR — effectively one level too deep.
My interpretation of this was that Perplexity was suggesting that scanners that interpret arbitrary data (like Authy) might extract the inner image, while Google Authenticator just sees binary data and rejects it as invalid.
This seemed odd and didn't really make sense so I decided to look into this a bit more closely.
**Diagnosis**
Upon closer inspection it became evident that the encoding of the label that included the full URL for piwigo instance might be the cause of the issue. It would seem that:
':', '/', and '?' are NOT allowed unencoded in the label portion of the URI.
According to RFC 3986 (URI Generic Syntax):
. (dot) - ✓ Allowed (unreserved character)
: (colon) - ✗ Must be encoded as %3A in path components
/ (slash) - ✗ Must be encoded as %2F in path components (it's the path separator!)
? (question mark) - ✗ Must be encoded as %3F (it marks the start of query parameters)
I hope to propose a simple PR to resolve this in the next few days.
Firstly, thanks for the app. I have it partially working but the QR code generated and displayed definitely does not work with Google Authenticator - for me at least using Android. The manual setup code provided does however provide a workaround that allows Google Authenticator to be setup and the QR code does scan correctly with Authy.
I am interested in cyber security and would like to understand whats happening better but I am currently new to piwigo and this particular topic!
In an effort to understand what was happening I fed a screenshot of the QR Code that would not scan and the URL obtained from pointing my android camera app at the QR code into Perplexity AI. For the record here is an extract of this conversation :
My interpretation of this was that Perplexity was suggesting that scanners that interpret arbitrary data (like Authy) might extract the inner image, while Google Authenticator just sees binary data and rejects it as invalid.