01-17-2023 11:51 AM
I extensively looked at various threads but does not help the problem I am facing. I am using the pre-request script (thanks to this community). Was able to get the /auth/v2/check API work properly.
function getAuthHeader(httpMethod, requestUrl, requestBody) { console.log(requestBody); //body data console.log(httpMethod); // http type: POST, GET, ETC
var CLIENT_KEY = ‘MY_INTEGRATION_KEY’;
var SECRET_KEY = ‘MY_SECRET_KEY’;
var AUTH_TYPE = ‘HMAC-SHA1’;
var moment = require(‘moment’)
/* Uncomment out lines below to use your test for getting correct formatted time and date */
var timestamp = moment().format(“ddd, DD MMM YYYY HH:mm:ss ZZ”);
pm.environment.set(“timestampHeader”,timestamp);
//var timestamp = “Tue, 21 Aug 2012 17:29:18 -0000”; /* Only for example */
pm.environment.set(“timestampHeader”,timestamp);
var hostname = “{mypresetURL}.duosecurity.com”;
var apicall = “/auth/v2/check”
var body = “”;
var requestData = timestamp +“\n”+“GET”+“\n”+hostname+“\n”+apicall+“\n”+body;
console.log(requestData);
var hmacDigest = CryptoJS.HmacSHA1(requestData, SECRET_KEY);
console.log(hmacDigest);
var prebase = CLIENT_KEY+“:”+hmacDigest;
console.log(prebase);
var baseComplete = btoa(prebase);
console.log(baseComplete);
var authHeader = "Basic "+baseComplete;
return authHeader;
}
postman.setEnvironmentVariable(‘hmacAuthHeader’, getAuthHeader(request[‘method’], request[‘url’], request[‘data’]));
Duo Response:
{
“response”: {
“time”: 1673984145
},
“stat”: “OK”
}
function getAuthHeader(httpMethod, requestUrl, requestBody) { console.log(requestBody); //body data console.log(httpMethod); // http type: POST, GET, ETC
var CLIENT_KEY = ‘MY_INTEGRATION_KEY’;
var SECRET_KEY = ‘MY_SECRET_KEY’;
var AUTH_TYPE = ‘HMAC-SHA1’;
var moment = require(‘moment’)
/* Uncomment out lines below to use your test for getting correct formatted time and date */
var timestamp = moment().format(“ddd, DD MMM YYYY HH:mm:ss ZZ”);
pm.environment.set(“timestampHeader”,timestamp);
//var timestamp = “Tue, 21 Aug 2012 17:29:18 -0000”; /* Only for example */
pm.environment.set(“timestampHeader”,timestamp);
var hostname = “{myURL}.duosecurity.com”;
var apicall = “/auth/v2/auth”;
var body = ‘{"username": "bbanner","factor": "push","async": "false"}’;
var requestData = timestamp +“\n”+“POST”+“\n”+hostname+“\n”+apicall+“\n”+body;
console.log(requestData);
var hmacDigest = CryptoJS.HmacSHA1(requestData, SECRET_KEY);
console.log(hmacDigest);
var prebase = CLIENT_KEY+“:”+hmacDigest;
console.log(prebase);
var baseComplete = btoa(prebase);
console.log(baseComplete);
var authHeader = "Basic "+baseComplete;
return authHeader;
}
Duo response:
{
“code”: 40103,
“message”: “Invalid signature in request credentials”,
“stat”: “FAIL”
}
Thank you for your help in advance.
Solved! Go to Solution.
01-19-2023 10:04 AM
Hi @Ravi_Akkiraju ,
Please note that the device
parameter is required when using Push as the factor (Duo Auth API | Duo Security).
You might try the pre-request script from this post as it does not need to be modified when using POST instead of GET requests. It works when using:
var requestData = timestamp+"\n"+httpMethod+"\n"+API_HOSTNAME+"\n"+api_call+"\n"+encoded_params;
console.log(requestData);
Then use POST https://1234abcd.duosecurity.com/auth/v2/auth?username=bbanner&factor=push&device=auto
Hope this helps!
01-17-2023 12:56 PM
I think the request data will change for the Auth POST API. Let me try that first and will update this post.
01-17-2023 01:06 PM
Updated the request data for the Auth API POST. Still the same issue.
var requestData = timestamp +“\n”+“POST”+“\n”+hostname+“\n”+apicall+“\n”+ “factor=push&username=bbanner&”;
01-19-2023 10:04 AM
Hi @Ravi_Akkiraju ,
Please note that the device
parameter is required when using Push as the factor (Duo Auth API | Duo Security).
You might try the pre-request script from this post as it does not need to be modified when using POST instead of GET requests. It works when using:
var requestData = timestamp+"\n"+httpMethod+"\n"+API_HOSTNAME+"\n"+api_call+"\n"+encoded_params;
console.log(requestData);
Then use POST https://1234abcd.duosecurity.com/auth/v2/auth?username=bbanner&factor=push&device=auto
Hope this helps!
01-20-2023 11:36 AM
Hi @DuoPablo - I was sending the post data as JSON body instead of as parameters. Sending as params resolves it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide