Add Oath::encodeKey to show secrets for manual setup without QR code

README.md

@@ -26,7 +26,10 @@ There's a [runnable demo](./examples/demo.php) contained in this repository.
 
 ```php
 $oath = new Oath;
+
+// this generates a key in binary format
 $key = $oath->generateKey();
+
 // store key for user
 ```
 
@@ -35,7 +38,12 @@ $key = $oath->generateKey();
 ```php
 $oath = new Oath;
 $key = "..."; // load user key from storage
+
+// Use the URI to provide an easy to scan QR code
 $uri = $oath->getUri($key);
+
+// Alternatively display the key for manual input
+$secret = $oath->encodeKey($key);
 ```
 
 You can use your favourite JavaScript or PHP library to generate the QR code. For a working example, we're using [`qr.js`](http://neocotic.com/qr.js/).

src/Oath.php

@@ -33,6 +33,14 @@ public function generateKey($length = 20) {
         return random_bytes($length);
     }
 
+    public function encodeKey($key) {
+        if (!is_string($key)) {
+            throw new \InvalidArgumentException("Key must be string");
+        }
+
+        return Base32::encode($key);
+    }
+
     public function generateHotp($key, $counter) {
         if (!is_string($key)) {
             throw new \InvalidArgumentException("Key must be string");
@@ -121,7 +129,7 @@ public function getUri($key, $issuer, $account) {
 
         return "otpauth://totp/" . urlencode($issuer) . ":" . urlencode($account) . "?" . http_build_query([
             "algorithm" => "SHA1",
-            "secret" => Base32::encode($key),
+            "secret" => $this->encodeKey($key),
             "digits" => $this->length,
             "period" => $this->windowSize,
             "issuer" => $issuer,
@@ -152,4 +160,4 @@ private function oathTruncate($rawHmac) {
         // And extract HOTP value according to OTP_LENGTH
         return ($p[1] & 0x7FFFFFFF) % pow(10, $this->length);
     }
-}
+}