Read about OpenEMR's Response to the COVID-19 Pandemic at

Invalid barcode when trying to use MFA


When I try to add a new TOTP key to enable MFA for my user and then scan the barcode with Google Authenticator, I get an “Invalid barcode” message.

It’s otpauth://totp/admin?secret=xxxx, etc

There are 4 %3D in the URL. So secret=xxx%3D%3D%3D%3D&issuer=OpenEMR&digits=6&period=30

Any idea what’s going on here? Why do we have the encoded equal signs there? Are there supposed to be additional parameters?

Edit: Looks like it worked fine with Microsoft Authenticator.