From 9c3ee18ff4bb63f99cea1a063c6c9497b602891a Mon Sep 17 00:00:00 2001
From: AJ ONeal <awesome@coolaj86.com>
Date: Fri, 23 Oct 2015 00:58:19 -0700
Subject: [PATCH] add otpauth

---
 test.html |  1 +
 test.js   | 15 ++++++---------
 2 files changed, 7 insertions(+), 9 deletions(-)

diff --git a/test.html b/test.html
index 38773c6..31a0467 100644
--- a/test.html
+++ b/test.html
@@ -16,6 +16,7 @@
       <img alt="qrcode" class="js-qrcode" width="166" height="166" src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" />
       <p>20-byte (160-bit) Base32 Key:</p>
       <h3 class="js-key">xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx</h3>
+      <p class="js-otpauth">otpauth://totp/company:user?secret=xxxx</p>
     </div>
 
     <br />
diff --git a/test.js b/test.js
index 1630283..5e92c4a 100644
--- a/test.js
+++ b/test.js
@@ -16,16 +16,13 @@ function generate(ke) {
     var userAccount = $('.js-user-account').value;
 
     // obviously don't use this in production, but it's not so bad for the demo
-    var src = 'https://www.google.com/chart?chs=166x166&chld=L|0&cht=qr&chl='
-      + encodeURIComponent(
-          'otpauth://totp/'
-        + encodeURIComponent(companyName)
-        + ':'
-        + encodeURIComponent(userAccount)
-        + '?secret='
-        + key.replace(/\s+/g, '').toUpperCase()
-      );
+    var otpauth = 'otpauth://totp/'
+      + encodeURIComponent(companyName) + ':' + encodeURIComponent(userAccount)
+      + '?secret=' + key.replace(/\s+/g, '').toUpperCase()
+      ;
+    var src = 'https://www.google.com/chart?chs=166x166&chld=L|0&cht=qr&chl=' + encodeURIComponent(otpauth);
 
+    $('.js-otpauth').innerHTML = otpauth; // safe to inject because I created it
     $('.js-key').innerHTML = key; // safe to inject because I created it
     $('img.js-qrcode').src = src;