We are working to implement a the Duo Auth API. We utalize a homegrown application to construct webservice requests. We are attmepting to use that code to construct the sample request found at Auth API | Duo Security. The issue we are having is that the HMAC we are generating does not match the HMAC that is shown in the sample.
To validate our application, we are using the HMAC generator here: https://www.freeformatter.com/hmac-generator.html#ad-output
We are then using this tool to Base64 the HMAC output: https://www.base64encode.org/
We believe that this output should match what we see as the Basic Auth key in the Duo API sample, but unfortunately it does not.
Date: Tue, 21 Aug 2012 17:29:18 -0000 Authorization: Basic RElXSjhYNkFFWU9SNU9NQzZUUTE6MmQ5N2Q2MTY2MzE5NzgxYjVhM2EwN2FmMzlkMzY2ZjQ5MTIzNGVkYw== Host: ■■■■■■■■■■■■■■■■■■■■■■■■■■■■ Content-Length: 35 Content-Type: application/x-www-form-urlencoded
Can anyone pinpoint what we are doing wrong here?