Description
The docs contain 2 examples of using a webservice QR code generator (but no local one), Google Charts is noted as deprecated since 2019 and the whole section warns "online services may be unsecured" so the very concept of using them for 2FA URIs doesn't seem like its best security practice.
I propose that the Google Charts example is replaced with a local one using BaconQrCode so the docs contain a minimal working example which ends up with a secure offline 2FA implementation.
composer require bacon/bacon-qr-code:3.*
$renderer = new \BaconQrCode\Renderer\GDLibRenderer(250);
$writer = new \BaconQrCode\Writer($renderer);
$qr = $writer->writeString($totp->getProvisioningUri());
echo '<img src="data:image/png;base64,'.base64_encode($qr).'">';
Description
The docs contain 2 examples of using a webservice QR code generator (but no local one), Google Charts is noted as deprecated since 2019 and the whole section warns "online services may be unsecured" so the very concept of using them for 2FA URIs doesn't seem like its best security practice.
I propose that the Google Charts example is replaced with a local one using
BaconQrCodeso the docs contain a minimal working example which ends up with a secure offline 2FA implementation.composer require bacon/bacon-qr-code:3.*