I am using /auth/v2/auth endpoint for my API to do 2FA.
I am doing a HTTP POST
■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■/auth/v2/auth
factor=passcode&passcode=123456&username=someuser
I get stat=Ok in the response regardless the value of passcode.
But from my Duo2FA mobile, the passcode for this user is clearly no 123456
But when I look at the administation log form Duo admin webpage it says:
Denied
Invalid passcode
Is the usage correct or there is something wrong on the Duo side?