You have to set the hash algorithm to SHA256 (that’s what the URI asks for.) Apparently, Google Authenticator and anything based on that ignores the algorithm parameter, causing them to generate the wrong codes anyways.
This Firefox plugin and Bitwarden’s TOTP are some authenticators that handle the URI correctly and generate the right codes.
Meh, it’s an eggs in one basket situation for me because I’m desperately waiting for more services to adopt WebAuthn. =)