With reference to other tickets (https://support.gluu.org/authentication/4426/otp/ and https://support.gluu.org/authentication/4241/hotptopt-authentication-module-invalid-barcode/) We found that the QR code could generate an error in Google Authenticator when using TOTP but that other apps (like OTP Auth) or switching to HOTP would work. We believe this to happen only when the secret includes "=" padding and that there is a simple fix: 1. Locate the toBase32 method in the otp script 2. Change: ``` return BaseEncoding.base32().encode(bytes) ``` To: ``` return BaseEncoding.base32().omitPadding().encode(bytes) ``` According to https://github.com/google/google-authenticator/wiki/Key-Uri-Format: > The secret parameter is an arbitrary key value encoded in Base32 according to RFC 3548. The padding specified in RFC 3548 section 2.2 is not required and should be omitted.