Bug on duo auth endpoint

When I send a request with the following;

POST /auth/v2/auth

  • async, 0
  • factor, passcode,
  • passcode, invalidPasscodeHere
  • userId, validUserId

it returns => stat: OK instead of stat: FAIL

This isn’t a bug! The request didn’t fail. You sent invalid information (a bad passcode) in an API request that succeeded. The information sent with the API response indicates that the passcode validation failed.

    "response": {
        "result": "deny",
        "status": "deny",
        "status_msg": "Incorrect passcode. Please try again."
    "stat": "OK"

Sorry, I should have written: validPasscode.

Hmm, why would you expect a POST to auth with a valid passcode to fail?

Either way, a correctly constructed request will return 200 and a result.

Note that userID isn’t a valid parameter, but user_id is. If you are truly sending userID then that is expected to return stat: FAIL telling you there’s a missing request parameter.

1 Like