before it can be changed

• when a long label/issuer is used, the window should be automatically resized (up to a certain point)
• save window and treeview sizes into the cfg file

Use https://developer.gnome.org/glib/stable/glib-Miscellaneous-Utility-Functions.html#g-get-user-config-dir

• download favicon/icon
• optional feature, disabled by default

⚠️ this would increase the db size quite a bit, thus making it more difficult to store all the data in memory. I can see only three options here:

1. don't implement this feature
2. icons are downloaded every time the app is launched
3. refactor the app to load in secure memory only the important stuff and not the icons

jansson supports custom memory allocation, meaning that gcry_calloc could be used to allocate secure memory. Right now, the data parsed by json-glib is not stored in a secure memory location.

http://jansson.readthedocs.io/en/latest/apiref.html#custom-memory-allocation

Currently, the program is trying to allocate MAX_FILE_SIZE bytes of secure memory. It can be that a system doesn't have so much secure memory available.

1. reduce sec mem size
2. use mlock on normal memory
3. erase normal memory

mlockall(MCL_CURRENT | MCL_FUTURE)

It would be handy to have a cloud backup option integrated directly into the software.
Providers that could be supported:

• webdav
• dropbox
• google drive
• ...

Feature Request:
barcode scanner

• Mac OS 10.13 works again (update installation instruction for jansson)
• new screenshots

• prevent duplicates to be added on import
• show warning when a duplicate wasn't added

On Ubuntu 16.04, the secure memory pool can only be increased by root (so only 16 KB can be used by default). This means that either the app has to run with sudo or it must be installed as "setuid(root)".

add possibility to edit issuer and label fields

• authplus support ✅
• andOTP support ✅
• add import button ✅

Implement:

• import
• export

https://github.com/winauth/winauth

The token add workflow is a bit scary for newer users (lots of text boxes without much explanation). It should be possible to make a simpler capture experience - perhaps by using a laptops webcam and a QR code parsing library - or more clearly explaining how to get the information for a series of popular services.

write a .clang-format/uncrustify file, so contributors can use it before submitting a PR

https://clang.llvm.org/docs/ClangFormatStyleOptions.html
http://uncrustify.sourceforge.net/config.txt (first draft: uncrustify.txt)

Implement:

• import
• export

encryption spec

by double-clicking or ctrl+c

use .ui files to create the ui. This will reduce the amount of code and make the codebase more maintainable

• setcap cap_ipc_lock=ep
• remove "known issues" from readme

export data to an encrypted json supported by andOTP

I have no graphic skills, so I can't create a nice icon :(

Needed icons would be:

• 32x32
• 64x64
• 128x128
• 256x256
• 512x512

• export data to authenticatorPlus supported format (https://authenticatorplus.freshdesk.com/support/solutions/articles/5000541895-technical-details-of-authenticator-plus)

To have better flexibility, the db file should be in json format and not a simple key_file

happens only when using "andOTP"

Packaging is really time expensive, thus only sources and flatpak will be available

In main.c you use org.gnome.OTPClient instead of com.github.paolostivanin.OTPClient.

I installed the OTPClient flatpak and the first thing I was presented with was a dialog window that just asked for my password twice. Now having a read into this a little bit i knew why, and wasn't too distressed but a less educated user would be somewhat disturbed. It might be nice to explain a little more about why you want a password and what it'll be used for.

When you start the application for the first time you get a fairly unfriendly blank slate experience with and empty list and a countdown above it that doesn't apply to anything.

Ideally there would be a custom blank slate experience that shows the user that they need to press the + button to add a token or use the menu to import.

• update screenshosts ✔️
• update appdata file ✔️
  • update also screenshots urls ✔️
• test on:
  • ubuntu 18.04 ✔️
  • debian 9 ✔️
  • fedora 27 and 28 ✔️
  • arch linux ✔️
  • flatpak ✔️
• update flatpak manifest on flathub with new deps and settings (dbus and webcam access) ✔️
• create detached signature (#85) ✔️

Debian 9 is using glib 2.50, and this software requires glib 2.54 just for this line:

1. replace this function with strtoul
2. test again on debian 9

Evaluate switch to GtkListBox and global ui file:

• cleaner ui
• can be used on small screen (eg, librem 5)
• accels can be easily added when using one single ui file
• codebase becomes cleaner if the ui part is taken out

change to
<id type="desktop">com.github.paolostivanin.OTPClient.desktop</id>

update also description

when a wrong password is given, the program should ask for the password again instead of exiting

Taking a screenshot is not enough because this feature needs gnome-shell. In order to facilitate the import operation on other DEs, a "select from file" option should be implemented.

Implement support for Blizzard battle.net

Add possibility to change master password

search label or issuer

https://github.com/paolostivanin/OTPClient/blob/devel/src/add-data-dialog.c#L132

when otp is selected, automatically copy it to the clipboard

typos are always behind the corner

Would be nice to have distro specific deb and rpm. Should think about setting up something

• use only a specific folder (for example, app's .config folder)
• update manifest