Bug on duo auth endpoint

When I send a request with the following;

POST /auth/v2/auth

  • async, 0
  • factor, passcode,
  • passcode, invalidPasscodeHere
  • userId, validUserId

it returns => stat: OK instead of stat: FAIL

This isn’t a bug! The request didn’t fail. You sent invalid information (a bad passcode) in an API request that succeeded. The information sent with the API response indicates that the passcode validation failed.

{
    "response": {
        "result": "deny",
        "status": "deny",
        "status_msg": "Incorrect passcode. Please try again."
    },
    "stat": "OK"
}

Sorry, I should have written: validPasscode.

Hmm, why would you expect a POST to auth with a valid passcode to fail?

Either way, a correctly constructed request will return 200 and a result.

Note that userID isn’t a valid parameter, but user_id is. If you are truly sending userID then that is expected to return stat: FAIL telling you there’s a missing request parameter.

1 Like