DUO and angular

API forum Web SDK
#1

Hello,

we are developing a prototype portal using angular as front-end and django restframework as backend. Duo authentication has just been added and we successfully receive/acknowledge the duo push requests.

There is one issue though… upon the duo push acknowledge the Web SDK issue back a POST message with the sig_response but angular framework only deals with GET hence it fails with a “Cannot POST /login” error message.

How can we configure duo’s callback action to avoid POST and just load a different page instead ?

Thx,
Andrea

#2

Hello,

issue solved.

Looking at the Duo-Web-v2.js I realized that an hidden form is created upon duo push acknoledge.
If we define a submit_callback during the Duo.init this avoid the hidden’s form submit and give control back to the code.
Below you see I can dump the sig_response and based on that verify and handle 2FA consequently.

Thx.
A.

Duo.init({
  iframe: "duo_iframe",
  host: "■■■■■■■■■■■■■■■■■■■■■■■■■■■",
  sig_request: this.duo_sign_request,
  submit_callback: (data:any) => {
    var elem = document.getElementsByName('sig_response');
    var sig_response = elem[0].getAttribute('value');
    console.log(sig_response)
  },
});
1 Like
#3

fyi…

fully working example:

DevNet Code Exchange: abuzzi-cisco/angular-duo is now published

Thx,
A.

1 Like
#4

Hi Andrea,

Thank you so much for following up here in the community to share the answer you found with others! I’m glad you got the solution you were looking for. :slight_smile:

FYI I am going to relabel this to our “Web SDK” category since it’s just a bit more specific to the exact issue you describe. Although “Protecting applications” makes sense and is relevant too, this will help others find the answer too in the future!