Royal Apps

I was thrilled to discover the new support for automatic 2FA on Royal TS (finally!!! :) but I ran into an issue while setting it up. Currently, when autofilling, instead of a generated TOTP, it simply writes $MfaCode$ (the actual variable name!) into the input field on the website.

I have attached screenshots of my configuration. Maybe I have it configured incorrectly, in which case I apologize but appreciate any pointers on how to fix this.

I've tested this with a normal Microsoft account, and I also tried adding the Secret to the credential both manually and by adding the QR code from clipboard - no difference. I also tried generating different secrets and QR codes multiple times to make sure one of them wasn't wonky.

Lastly, I noticed that when right-clicking the Credential and going to "Copy to Clipboard" -> "MFA code", nothing actually gets copied (the clipboard stays empty). So that indicates either that the copy function does not work or that no TOTP is actually generated.

Expected behavior would be:

- An error message if the secret is wrong or no TOTP can be generated (maybe a "preview" field of TOTPs being generated live with a countdown in the Credentials / MFA configuration page would help, so it can be easily verified during setup).

- Not auto-filling $MfaCode$ into the input but also creating an error message or leaving the field empty.

By the way, since the required logic is now integrated in Royal TS, can we have 2FA also for logging into Royal TS itself? This would add an extra layer of protection!

By the way, I tried googling for this error or any tutorial/guidance on MFA before posting but all that I could find was in relation to Royal Server. 

Thanks for any help on how to fix this and I want to express my gratitude to the developer for implementing this long-desired feature which will safe a ton of time (as soon as I can get it to work :)

My Royal TS Version is 7.3.50102 (Windows 11), no updates are available as of this writing.

Hi Stefan,

Thanks so much for the fast reply!

In the log, I see the following error:

 System.ArgumentException: Invalid base32 string (Parameter 'value')  
 at TwoFactorAuthNet.TwoFactorAuth.Base32.Decode(String value)  
 at TwoFactorAuthNet.TwoFactorAuth.GetCode(String secret, Int64 timestamp)  
 at (Object, String)  at yil--snip--.yik--snip--(Object, String)  
 at RoyalTS.App.TOTP.TotpGenerator.GetTotpCode(RoyalCredential sbwsl, ILogger sbwsm) in <ytc--snip--rg==>:line 38

So you were correct in saying that the code generation fails.

To troubleshoot further, I have now manually converted the TOTP Secret to Base32 using a Base 32 Encoder and then entered it again in the "Secret" input field in the MFA page of the Credential (essentially replacing the "cleartext" Secret from the QR code with a Base32 encoded version).

A TOTP now gets generated and the Autofill subsequently works - sort of.

The problem is, the generated TOTPs are incorrect. When I compare them to the ones generated by e.g. Google Authenticator, the ones from Royal TS are all different (and do not work when logging in).

Maybe I used the wrong input encoding for Base32 (I tried UTF-8 and some others, none worked)?

So now we need to find out, why Royal TS doesn't like my cleartext secrets (whether I enter them manually or through the QR code). I would think, if Royal TS wants them in Base32, it should convert them to Base32 internally after I enter them in the MFA Secret input field - but maybe I'm missing something here.

Can you shed some light on what might be going on here? If it's indeed a bug, could you let me know the correct encoding I need to use to convert my Secrets manually for the time being?

Thanks again!