Solved: Bug on duo auth endpoint

Tinchito · ‎10-28-2021

When I send a request with the following;

POST /auth/v2/auth

async, 0
factor, passcode,
passcode, invalidPasscodeHere
userId, validUserId

it returns => stat: OK instead of stat: FAIL

DuoKristina · ‎10-28-2021

This isn’t a bug! The request didn’t fail. You sent invalid information (a bad passcode) in an API request that succeeded. The information sent with the API response indicates that the passcode validation failed.

{
    "response": {
        "result": "deny",
        "status": "deny",
        "status_msg": "Incorrect passcode. Please try again."
    },
    "stat": "OK"
}

Duo, not DUO.

View solution in original post

DuoKristina · ‎10-28-2021

This isn’t a bug! The request didn’t fail. You sent invalid information (a bad passcode) in an API request that succeeded. The information sent with the API response indicates that the passcode validation failed.

{
    "response": {
        "result": "deny",
        "status": "deny",
        "status_msg": "Incorrect passcode. Please try again."
    },
    "stat": "OK"
}

Duo, not DUO.

Tinchito · ‎10-28-2021

DuoKristina:

This isn’t a bug! The request didn’t fail. You sent invalid information (a bad passcode) in an API request that succeeded. The information sent with the API response indicates that the passcode validation failed.

Sorry, I should have written: validPasscode.

DuoKristina · ‎10-29-2021

Hmm, why would you expect a POST to auth with a valid passcode to fail?

Either way, a correctly constructed request will return 200 and a result.

Note that userID isn’t a valid parameter, but user_id is. If you are truly sending userID then that is expected to return stat: FAIL telling you there’s a missing request parameter.

Duo, not DUO.