Matching TOTP URIs with Entries and Images Based on Issuer Field

[yazicifatihcan]

Hello, I've been reviewing the entries and images in the repository but have been unable to match them with TOTP URIs based on the issuer field.

For example, take the following URI for Electronic Arts:

otpauth://totp/Electronic%[email protected]?secret=XXXXXXXXX&issuer=Electronic%20Arts

From this URI, we can extract the following values:

• Label: Electronic Arts
• Account: [email protected]
• Secret: XXXXXXXXX
• Issuer: Electronic Arts

However, in the repository, the entry for Electronic Arts looks like this:

{
  "Electronic Arts (Origin)": {
    "domain": "ea.com",
    "additional-domains": [
      "origin.com"
    ],
    "tfa": [
      "sms",
      "email",
      "call",
      "totp"
    ],
    "documentation": "https://help.ea.com/en-us/help/account/origin-login-verification-information/",
    "categories": [
      "gaming"
    ]
  }
}

As you can see, the key is "Electronic Arts (Origin)", which doesn't exactly match the issuer value "Electronic Arts". This mismatch prevents us from easily matching TOTP URIs with their corresponding entries. Additionally, the image file name for Electronic Arts is ea.com, which is also difficult to correlate directly with the issuer.

Feature Request: I would like to propose a feature request:

• The JSON key for each entry (e.g., "Electronic Arts (Origin)") should match the issuer field in the TOTP URI exactly. This will ensure that the URIs can be matched correctly.
• Similarly, image file names should correspond directly with the issuer name or at least include a more intuitive matching process.

If there’s currently a way to achieve this, I’d appreciate guidance on how to proceed. Otherwise, I kindly request the above feature to be implemented for smoother matching.

Thank you!

[Carlgo11]

Hello @yazicifatihcan,

Thanks for your detailed message and for taking the time to explore the repository! I’ll address your points below:

Scraping the Repository Data

We highly discourage directly parsing the data from the repository, as the schema can change without notice. Instead, we recommend using our API, which is designed for external use and will offer a more stable interface. Per the README:

We welcome anyone to use our data; however, we discourage scraping the data directly from this Git repository as changes we make might break your program. Instead, we recommend using our API.

If you're working on a project that requires continuous access to the data, the API will be your best bet, and attribution is required as outlined in our license.

Labeling & Matching TOTP Issuers

The labels you see, like Electronic Arts (Origin), are intended to help users find services easily within the 2FA Directory. These labels are human-readable and are not meant for programmatic matching with TOTP issuers.

We use the primary domain (in this case, ea.com) as the key for programmatic identification. If you need to correlate TOTP issuer names with our data, you’ll need to match based on the domain name, or use additional external resources like SimilarWeb or another API service.

Logo & Image Naming

Regarding image file names, these are tied to the domain, as this is our consistent and unique identifier for services. The logos provided are for display on 2fa.directory and fall under fair use. If you're looking for company logos for other uses, services like Brandfetch or SimpleIcons might be more suitable for obtaining logos.

Using the API

We recommend using the 2FA Directory API for your integration needs. This will provide you with a structured way to access the data and make parsing TOTP issuers or other attributes easier.

Feel free to reach out if you have any further questions or need additional guidance. Thanks again for your interest!

Best regards,
Carl – Chief Maintainer, 2factorauth

[yazicifatihcan]

Hello @Carlgo11 ,

Thank you for your detailed answer. I reviewed the documentation you shared, and it provides what I needed. Thank you for the information and your amazing work.

Best regards