Several months ago Eric Peterson published the totp module, a cfml implementation of Time-based One-time Password. More on TOTP in a future post, but to summarize: TOTP is used for 2-factor authentication, using some secret your app can work together with an external authenticator on a smartphone such as Google Authenticator, MS Authenticator, LastPass authenticator and many other authenticators. Your TOTP app should be able to generate some special url, and a QR code representing this URL, so configuring your authenticator can be as simple as scanning this QR code. The URL code and QR look like this:

QR code example

So for our qr code, the TOTP module needs some code to generate the bar code. And that’s exactly where Lucee failed.

Continue reading