Vault TOTP: Cannot have '%40' (@ symbol) in the path

[jzarnett]

Describe the bug
I am trying to use TOTP for two-factor authentication. I would like usernames to be the user's e-mail address and put them in . But trying to use %40 (the URL-safe replacement for @) in the URL results in an unsupported path exception.

To Reproduce
Steps to reproduce the behavior:

1. Enable totp
2. Try to create a key /totp/keys/jzarnett%40example.com (with the %40 intended to replace the @ symbol)
3. See error: org.springframework.vault.VaultException: Status 404 /totp/keys/jzarnett%40example.com: 1 error occurred:
   * unsupported path

Expected behavior
Successful setup of TOTP key under jzarnett%40example.com

Environment:

• Vault Server Version (retrieve with vault status): 0.11.4
• Vault CLI Version (retrieve with vault version): Vault v0.11.4 ('612120e76de651ef669c9af5e77b27a749b0dba3')
• Server Operating System/Architecture: Mac OS 10.14, x86

Other Notes
It is possible that this is intended behaviour? If it is I did not find that noted anywhere in the documentation, nor any recommendations about what the correct substitution for the @ symbol should be.

[vishalnayak]

This is an intended behavior. The regular expression that accepts the value only allows for alphanumeric characters and/or an underscore. This is applicable to many API endpoints in Vault.

Closing this as it is unlikely that the regular expression for just the TOTP key name changes. Changing the regular expression will need a separate broader discussion, and that is not going to be here.

[vishalnayak]

@jzarnett We discussed this use case internally and reached a consensus on accepting the @ character as part of the key name to allow email address as key names.