Duo PHP example returns length error for secret key


I’m trying to get a test application working with Duo in PHP. I’m following all of the instructions on GitHub, found here:

However, when I run the interactive mode example under the Using section, I get an error:

$ php -a -d auto_prepend_file=vendor/autoload.php
Interactive mode enabled

var_dump(Duo\Web::signRequest("my-IKEY-goes-here", "my-SKEY-goes-here", "my-API-host-here", "myuser"));
string(72) "ERR|The application secret key specified must be at least 40 characters."

But the secret key value is exactly 40 characters, so I don’t know why this is happening. Any help is greatly appreciated.


Looking at the Web.php source code, I found where the error originates from. It looks like the signRequest() function expects an integration key ($ikey), secret key ($skey), application secret key ($akey), and username. The problem is that I am providing an API hostname for $akey because that’s what I have.

When I look at the details for this Application in the Duo admin portal, it shows me an integration key, secret key, and API hostname. There is no 40-character “application key” that I can find anywhere.

Is there something I’m missing here?


Never mind! I found it in the Web v2 SDK documentation. Generated an akey of my own and now it all works.