Skip to content

Add id="totp" to TOTP input field for password manager auto-detection #321

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add id="totp" to TOTP input field for password manager auto-detection #321

wants to merge 1 commit into from

Conversation

@CGHoussem
Copy link

@CGHoussem CGHoussem commented Nov 9, 2025

This change adds an id="totp" attribute to the TOTP input field on the login page.

This helps password managers (such as Bitwarden, 1Password, and others) automatically detect and eventually fill the TOTP code field when using saved logins that include a 2FA token.

Why

Without a clear identifier, most password managers fail to recognize the TOTP input automatically, forcing users to manually copy/paste the 2FA code.
This small change improves usability and accessibility for users who rely on password managers.

Testing

  • Verified that the TOTP field still works correctly for manual input.
  • Confirmed that Bitwarden now correctly auto-fills the TOTP field when a matching entry is present.

@CLAassistant
Copy link

CLAassistant commented Nov 9, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 9, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@DeepDiver1975
Copy link
Member

DeepDiver1975 commented Nov 10, 2025

autofill=one-time-code

This should be the way to go from my understanding.

https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Attributes/autocomplete

@CGHoussem
Copy link
Author

CGHoussem commented Nov 11, 2025
edited
Loading

autofill=one-time-code

This should be the way to go from my understanding.

https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Attributes/autocomplete

I have first tested to set the autocomplete field to "one-time-code", but that alone didn't work for the password manager Bitwarden (haven't tested other password managers).

What worked for me either adding the field id and setting it to "totp" or changing the name field from "challenge" to "totp" (at least that's how Bitwarden figures out the one time code field).

I suggest updating the value of the name field to "totp-challenge" (which also works). This change resolves the issue with Bitwarden (and possibly other password managers) and, as a bonus, aligns the name field’s value with the one used for similar inputs in the settings page:

twofactor_totp/js/settingsview.js

Line 23 in c14776b

+ ' <input type="text" id="totp-challenge" required="required" type="tel" minlength="6" maxlength="6" autocomplete="off" placeholder="' + t('twofactor_totp', 'Authentication code') + '">'

If you are okay with the idea, I'll update the PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DeepDiver1975 DeepDiver1975 Awaiting requested review from DeepDiver1975

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CGHoussem @CLAassistant @DeepDiver1975