Hello,
I’m attempting to hit the auth/v2/auth route using parameters supplied from the preauth route.
Once I get device details I start a new call to /auth/v2/auth.
In all my calls to DUO I use my own Auth header generation logic, and this logic generates the correct Basic Auth header to make successful calls to /auth/v2/preauth, but for some reason when I’m attempting to hit the auth route it gives me this error:
{
“code”: 40103,
“message”: “Invalid signature in request credentials”,
“stat”: “FAIL”
}
The canonical string I’m generating for use in the HMAC looks like this for the auth route:
Tue, 15 Dec 2020 13:27:23 -0500
POST
■■■■■■■■■■■■■■■■■■■■■■■■■■■■
/auth/v2/auth
username=fake&factor=push&device=XXXXXXXXXXXXXXXXXXXX
And the endpoint I’m hitting ends up looking like this:
https://■■■■■■■■■■■■■■■■■■■■■■■■■■■■/auth/v2/auth?username=fake&factor=push&device=XXXXXXXXXXXXXXXXXXXX
I’m still getting this error, and I’m failing to see why, despite getting a valid signature for preauth and following the documentation as necessary.
Any help would be great.