Do not include any padding in the otpauth URI

[csware]

The IETF draft-linuxgemini-otpauth-uri-02 recommends to not include the padding in Section 3.3.1. cf. https://www.ietf.org/archive/id/draft-linuxgemini-otpauth-uri-02.html#section-3.3.1

The padding specified in [RFC4648] section 3.2 is not required and SHOULD BE omitted.

(fixes issue #12540)

Type of change

• ✅ Bug fix (non-breaking change that fixes an issue)

[droidmonkey]

Why make any changes at all? This is a SHOULD not a must. I am not in favor of making s change here. It's also still in draft.

[csware]

Yes, it's only a draft, but that's the be best what we have ATM.

The draft states SHOULD and not MAY (cf. https://datatracker.ietf.org/doc/html/rfc2119):

This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.

So far there are multiple bug reports that the padding causes issues...

[droidmonkey]

There is only one and it was ios Google authenticator being dumb.

Ironically there are a few many years ago that resulted in things NOT working because padding was missing. (see here: https://github.com/keepassxreboot/keepassxc/issues?q=sort%3Aupdated-desc%20is%3Aissue%20state%3Aclosed%20totp%20padding)

[droidmonkey]

At the end of the day, padding only matters in the QRCode display of the otpauth url. There was a suggestion to add a checkbox to that display to remove padding. That should probably be the implementation we go for here. Removing padding on storage of the BASE32 is not a good idea since other KeePass compatible apps might be requiring it.

[csware]

Removing padding on storage of the BASE32 is not a good idea since other KeePass compatible apps might be requiring it.

The storage is not changed at all, the padding is just not included in the otpauth URI as recommended by the RFC draft.

[droidmonkey]

I will mull this over