How should we use Duo-Web-v2.js?

I’m developing Duo functionality for my Python/Django app, and I need to make use of Duo-Web-v2.js, but I’m not sure what the best way to use it would be. I can see two possible solutions.

  1. Copy Duo-Web-v2.js out of the duo_web python package and put it into my Django project’s static files folder, so I can load it on the authentication page like a regular django static file, e.g. <script src="{% static 'duo/js/Duo-Web-v2.min.js' %}"></script>
  2. Use <script src="https://■■■■■■■■■■■■■■■■■■■/frame/hosted/Duo-Web-v2.min.js"></script> (It looks like the forum software is censoring the domain for some reason… It’s api.duosecurity. com.

The disadvantage of #1 is that if Duo-Web-v2.js gets updated with a new version of the duo_web project, I have to manually search out that update and copy it into my django app again.

The disadvantage of #2 is that I don’t know if Duo guarantees that that URL will remain valid in perpetuity, or if it will get updated and no longer be backward compatible with the version of duo_web that my app has installed.

Is there a third option I don’t know about? Or perhaps I’m worrying overmuch about #2?

Approach #1. We don’t expect people to call the hosted js directly. You can watch the repo to know when the SDK gets updated (It’s not something that happens very often).

1 Like

OK, thanks for letting me know. I’ll watch the repo.