- [/admin/v1/users/[user_id]/tokens ] hello i have to check that the token is malicious or not .
so i am thinking to use this [/admin/v1/users/[user_id]/tokens ] and get token again and compare and validate it is right thing i am doing or anyother way exists /or what i am doing is needed or not (for malicious token it is checking internally )
my code :-
String newState = request.getParameter("state");
//if newState(coming from server) is not in the stateMap then that means session is expired ("message", "Session Expired")so return error.
if (!stateMap.containsKey(newState)) {
Debug.log("state is expired so go for DuoAuth again",Module);
return "error";
}
String username = stateMap.remove(newState);
//Exchange the auth duoCode for a Token object
Token token = null;
try {
token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, username);
} catch (DuoException e) {
Debug.logError(e, Module);
return "error";
}
Debug.logInfo ("generated token" + token, Module);
// If the auth was successful, render the welcome page otherwise return an error
if (DuoUtilHelper.authWasSuccessful(token)) {
storedToken = token;
return "success";
} else {
return "error";
}```
i have a token received from exchangeAuthorizationCodeFor2FAResult(duoCode, username) i have to check that it is an valid token or it is malicious token