[5.x]: Google Authenticator app shows dashes for 2FA (Two-Factor auth issue)

[Romanavr]

What happened?

Description

Our users are experiencing issues when using 2FA for Android “Google Authenticator app”.
After scanning a QR code when setting up 2FA for any account, the Google app shows underscores instead of the real code.
However, if you enter the secret code manually, it works fine.

I did some testing and found out that it might be has something to do with the #16466.
When I convert the QR code to a URL (text), it displays something like this:
otpauth://totp/Site%20English:roman%site.com?secret=*normal secret values goes here*&issuer=Site%20English&algorithm=SHA1&digits=6&period=30

So, as you can see HTML encoded characters present in the URL
I checked it on two sites, both of them have "-" in the site name. And in both cases issue is reproduced.

Steps to reproduce

1. Create site with the dash in the name.
2. Try to scan the QR code through "Google Authenticator" app on the android.

Expected behavior

It should show you a generated code

Actual behavior

It shows dashes.

Craft CMS version

5.6.1 Pro

PHP version

8.3

Operating system and version

Ubuntu 20.x

Database type and version

MySQL

Image driver and version

Installed plugins and versions

[Romanavr]

I found out that the problem with the secretValue.
I generated a QR code without spaces within the secret value and it worked.
With spaces it is displayed dashes.

[smnedelko]

The problem exists on Android smartphones, on iPhones everything is fine.

[i-just]

Hi, thanks for reporting and providing a solution 🙂 I raised a PR for this.

[brandonkelly]

Craft 5.6.2 is out with that fix. Thanks all!