01-17-2023 11:51 AM
I extensively looked at various threads but does not help the problem I am facing. I am using the pre-request script (thanks to this community). Was able to get the /auth/v2/check API work properly.
function getAuthHeader(httpMethod, requestUrl, requestBody) { console.log(requestBody); //body data console.log(httpMethod); // http type: POST, GET, ETC
var CLIENT_KEY = ‘MY_INTEGRATION_KEY’;
var SECRET_KEY = ‘MY_SECRET_KEY’;
var AUTH_TYPE = ‘HMAC-SHA1’;
var moment = require(‘moment’)
/* Uncomment out lines below to use your test for getting correct formatted time and date */
var timestamp = moment().format(“ddd, DD MMM YYYY HH:mm:ss ZZ”);
pm.environment.set(“timestampHeader”,timestamp);
//var timestamp = “Tue, 21 Aug 2012 17:29:18 -0000”; /* Only for example */
pm.environment.set(“timestampHeader”,timestamp);
var hostname = “{mypresetURL}.duosecurity.com”;
var apicall = “/auth/v2/check”
var body = “”;
var requestData = timestamp +“\n”+“GET”+“\n”+hostname+“\n”+apicall+“\n”+body;
console.log(requestData);
var hmacDigest = CryptoJS.HmacSHA1(requestData, SECRET_KEY);
console.log(hmacDigest);
var prebase = CLIENT_KEY+“:”+hmacDigest;
console.log(prebase);
var baseComplete = btoa(prebase);
console.log(baseComplete);
var authHeader = "Basic "+baseComplete;
return authHeader;
}
postman.setEnvironmentVariable(‘hmacAuthHeader’, getAuthHeader(request[‘method’], request[‘url’], request[‘data’]));
Duo Response:
{
“response”: {
“time”: 1673984145
},
“stat”: “OK”
}
function getAuthHeader(httpMethod, requestUrl, requestBody) { console.log(requestBody); //body data console.log(httpMethod); // http type: POST, GET, ETC
var CLIENT_KEY = ‘MY_INTEGRATION_KEY’;
var SECRET_KEY = ‘MY_SECRET_KEY’;
var AUTH_TYPE = ‘HMAC-SHA1’;
var moment = require(‘moment’)
/* Uncomment out lines below to use your test for getting correct formatted time and date */
var timestamp = moment().format(“ddd, DD MMM YYYY HH:mm:ss ZZ”);
pm.environment.set(“timestampHeader”,timestamp);
//var timestamp = “Tue, 21 Aug 2012 17:29:18 -0000”; /* Only for example */
pm.environment.set(“timestampHeader”,timestamp);
var hostname = “{myURL}.duosecurity.com”;
var apicall = “/auth/v2/auth”;
var body = ‘{"username": "bbanner","factor": "push","async": "false"}’;
var requestData = timestamp +“\n”+“POST”+“\n”+hostname+“\n”+apicall+“\n”+body;
console.log(requestData);
var hmacDigest = CryptoJS.HmacSHA1(requestData, SECRET_KEY);
console.log(hmacDigest);
var prebase = CLIENT_KEY+“:”+hmacDigest;
console.log(prebase);
var baseComplete = btoa(prebase);
console.log(baseComplete);
var authHeader = "Basic "+baseComplete;
return authHeader;
}
Duo response:
{
“code”: 40103,
“message”: “Invalid signature in request credentials”,
“stat”: “FAIL”
}
Thank you for your help in advance.
Solved! Go to Solution.
01-19-2023 10:04 AM
Hi @Ravi_Akkiraju ,
Please note that the device
parameter is required when using Push as the factor (Duo Auth API | Duo Security).
You might try the pre-request script from this post as it does not need to be modified when using POST instead of GET requests. It works when using:
var requestData = timestamp+"\n"+httpMethod+"\n"+API_HOSTNAME+"\n"+api_call+"\n"+encoded_params;
console.log(requestData);
Then use POST https://1234abcd.duosecurity.com/auth/v2/auth?username=bbanner&factor=push&device=auto
Hope this helps!
01-17-2023 12:56 PM
I think the request data will change for the Auth POST API. Let me try that first and will update this post.
01-17-2023 01:06 PM
Updated the request data for the Auth API POST. Still the same issue.
var requestData = timestamp +“\n”+“POST”+“\n”+hostname+“\n”+apicall+“\n”+ “factor=push&username=bbanner&”;
01-19-2023 10:04 AM
Hi @Ravi_Akkiraju ,
Please note that the device
parameter is required when using Push as the factor (Duo Auth API | Duo Security).
You might try the pre-request script from this post as it does not need to be modified when using POST instead of GET requests. It works when using:
var requestData = timestamp+"\n"+httpMethod+"\n"+API_HOSTNAME+"\n"+api_call+"\n"+encoded_params;
console.log(requestData);
Then use POST https://1234abcd.duosecurity.com/auth/v2/auth?username=bbanner&factor=push&device=auto
Hope this helps!
01-20-2023 11:36 AM
Hi @DuoPablo - I was sending the post data as JSON body instead of as parameters. Sending as params resolves it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: