After doing some testing with the iOS apps OTP Auth and LastPass Authenticator I've come to notice these (and likely more) interpret the issuer string Hello+World to be Hello+World when they should be rendering as Hello World. pyotp currently encodes with the urllib.quote() method which uses the plus sign to encode spaces. When I changed the issuer string from Hello+World to Hello%20World all tested apps correctly understood this to be a space.

It should be noticed that the plus sign is only interpreted as a space in application/x-www-form-encoded content, while the true HTML encoding (as referenced by current TOTP standards) to be used with the issuer name uses %20 as a space character.

Let me know if you have any questions regarding the matter.