This feature is currently available in Alpha for testing only
This feature is available for testing purpose only. Please try this feature on a testing and disposable environment. Since this feature is not stable yet, you could otherwise break your production environment.
Hi there,
The team is pleased to announce that since the 6th of June 2023, we have pushed version 1.14.x to both mobile stores, which allows you to store and use TOTP codes. Here are the steps you need to follow to try out this feature:
Obtain version 1.14.x or later of the mobile app from your preferred mobile store (iOS or Android)
Install the API and set up SSL (the mobile app won’t work without HTTPS)
Ensure that the mobile app and the API can communicate with each other (if you have a self-signed certificate, import it on your device)
Set up an account on your phone
To enable the TOTP feature, you need to perform the following steps based on your setup:
6.1 If you are using Docker or Kubernetes, set the following environment variable to true: PASSBOLT_PLUGINS_TOTP_RESOURCE_TYPES_ENABLED
6.2 If you are using a linux package, open the following file: /etc/passbolt/passbolt.php
6.3 If you are using the installation from source (side note: consider migrating to a package, it’s easier than you think) open the following file: /var/www/passbolt/config/passbolt.php
For steps 6.2 and 6.3, here’s what you need to add:
return [
// ...
// identify the passbolt array block
'passbolt' => [
// identify or add the plugins array block
'plugins' => [
// add the totp content type feature flag
'totpResourceTypes' => [
'enabled' => true
],
],
],
]
Restart the mobile app.
Log in again
After following these steps, you should see a new bottom link for TOTP.
That being said, here is some additional information:
This is an ALPHA feature, and the purpose is to gather feedback for the product team.
We cannot yet guarantee that the web version and the CLI version will work in all cases.
On the web, TOTP is not available yet; the TOTP will appear as incorrect passwords.
Please use this thread to share feedback or if you need any assistance. I am here to help.
Tested on Android MotoG7, LineageOS 20 (Android 13)
Feedback:
After scanning I don’t see why the blue button needs to be pressed if it’s the only option. The blue button was not intuitive to me, and I pressed back because it seemed to be done. I thought maybe with the button I could create a TOTP QR code to give to someone else…
Instead of the scanned message, maybe it could confirm with the data which one I scanned. I have a list of saved QR codes.
The blue button could be to confirm it.
Confirmed working
Countdown is nice feature
Clicking starts countdown and copies on each new cycle
Clicking it again seems to disable it momentarily, but then it starts again - any way to stop it from continuing to run?
Found: Showing the menu of the active TOTP and then closing will stop it.
I am realizing now that I’m typing with my laptop from the mobile device display but the copying will be handy on mobile sites
I’ve added a second entry
confirming only one shows at a time
clicking the other one make it enabled and the first becomes disabled
Good morning! I’m glad to test this feature.
Tested on Android Motorola One Vision, Android 11.
I was testing the TOTP feature and I have some comments.
When I try to scan QR codes, sometimes the app closes without any error message. I will paste the app log to try to help with the failure.
I tried how TOTP is working on the web and I can see the entries as passwords, but when I try to edit it goes to a waiting loop that doesn’t finishes. I suppose this is not the final behaviour, but maybe is possible to ensure that you can’t edit with a message or disabling button?
Passbolt Health Check ~ [PASS] No error found. Nice one sparky!
iPhone iOS ~ version 16.5
Passbolt iOS app ~ version 1.14.2
Passbolt CE ~ version 4.0.2
iOS log = zero errors
iPadOS is working as well
I opened your amazing TOTP gift last night and got it working today
Thank you to all the Passbolt Developers who made TOTP a reality
I might be the only user with this issue; do to my different source install setup:
I also had to change false to true, so TOTP would enable after i added the new code @max posted above
Hello, I noticed that is not possible to change the name of the TOTP entries. I tried from the browser extension but as there is no support too, it goes into an infinite loop when click the save button.
Are there plans to let us edit TOTP entries?
Normally, I have no problem with the automatic name, but I tried to set up Ubisoft and it was saved as my email only, without the name Ubisoft (so if it happens again, I will confuse it)
Hello, editing TOTP entries in the mobile apps will be available in the 1.15.0 release along with some other interesting features. Also in the meantime, we plan to release 1.14.1 next week which should fix the issue you reported (When I try to scan QR codes, sometimes the app closes without any error message. ). Just FYI the TOTP resource name is taken from the TOTP QR code - field label - if you’d like to know more here’s a link.
Maybe they are not sending the label field correctly and Passbolt just catches the email.
I noticed something similar with Facebook, where it shows only the username and not Facebook:username, showing like this screenshot:
Hello @max
Not sure if I’m posting on the correct thread here…
First, thanks for developing the TOTP feature, this is very helpful!
And it works well on the mobile app so far.
However, I hit an issue on the web interface, which I can’t solve…
Whenever I add a TOTP entry to an existing password entry (through the mobile app), it disappears in the web interface, it’s not in the list and I can’t access it directly (resource not found error).
I am self-hosting Passbolt with docker. This issue was the case with version 4.2.0 and still with 4.3.0.
I have added the env variable as described. In the database it looks like it works correctly in terms of data: the resource_type gets changed to password, description and TOTP, but the web interface and browser extensions are not able to display such a resource anymore…
Also, I can’t see standalone TOTP entries anywhere in the web interface, but not sure if that is already supported anyhow.
What am I missing?
Thanks for your help!
Hello @bgartenmann and welcome to the forum!
I was experiencing this behaviour on v4.2.0 because TOTPs were available just on the mobile app and were not supported by the web interface, but after upgrading to v4.3.0 that was solved.
Can you check if you are on v4.3.0 and if there are some errors in the logs?
As @Termindiego25 mentioned the v4.3.0 extension is required to support TOTP on the web application. As of now the chrome extension is already published while Firefox and Edge are in review.
Thank you both, that was it!
I wasn’t thinking of the connection between the browser extension and the web application…
I’m using Firefox as my main browser, so the extension was still on 4.2.0
Tested quickly with Chrome and it is working as expected.
This feature is currently available in Alpha for testing only 
Very nice!
(
I opened your amazing TOTP gift last night and got it working today 
Thank you to all the Passbolt Developers who made TOTP a reality 
