Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4185
Views
0
Helpful
5
Replies

Timeout on Duo auth API

Todd_Haddaway
Level 1
Level 1

‎10-25-2018 12:28 PM

I’m creating a “send duo push” function for our helpdesk to help with identity proofing customers over the phone (I know there is now one in the console, but thats a different story). When I call the auth API there seems to be a 10 second timeout. I would like to adjust this timeout to something more reasonable, like 30 seconds. How can I do that? I don’t see that documented, but you would think it would be a basic feature.

Thanks!

Todd

Labels:
0 Helpful
5 Replies 5

DuoKristina
Cisco Employee
Cisco Employee

‎10-25-2018 01:32 PM

If your intent is to give the user more time to approve the authentication request, try using the async parameter, and then poll /auth_status for completion.

Duo, not DUO.
0 Helpful

Todd_Haddaway
Level 1
Level 1
In response to DuoKristina

‎10-25-2018 05:01 PM

I have tried that and am getting different results than I expected. My expected behavior is that I call the auth endpoint (with async) - that sends the push out. Afterwards I can call the auth_status periodically and will get “waiting” returned until such time as the user either approves or denies. Given the code below, I am still getting a timeout. See code and results below:

code

    $authConnection = getAuthConnection();
    $factorParams = array("device"=>"auto","type"=>"UMBC TSC",null,"pushinfo"=>"from=UMBC%20Technology%20Support%20Center&Purpose=Identity%20Validation");

         print "*** Sending Push: " . date('Y-m-d H:i:s') . "\n";
		$PushResult = sendAsyncPush($authConnection);		
		print_r($PushResult);
		$txid = $PushResult["response"]["response"]["txid"];
		
        print "*** Calling auth_status 1 of 2 " . date('Y-m-d H:i:s') . "\n";
		$PushResult = $authConnection->auth_status($txid);
		print_r($PushResult);

        print "*** Calling auth_status 2 of 2 " . date('Y-m-d H:i:s') . "\n";
		$PushResult = $authConnection->auth_status($txid);
		print_r($PushResult);

        print "*** done " . date('Y-m-d H:i:s') . "\n";

Executing this gives the following results:

    
*** Sending Push: 2018-10-26 11:00:59
Array
(
    [response] => Array
        (
            [response] => Array
                (
                    [txid] => 12345-12345-12345-12345-12345
                )

            [stat] => OK
        )

    [success] => 1
    [http_status_code] => 200
)
*** Calling auth_status 1 of 2 2018-10-26 11:01:00
Array
(
    [response] => Array
        (
            [response] => Array
                (
                    [result] => waiting
                    [status] => pushed
                    [status_msg] => Pushed a login request to your device...
                )

            [stat] => OK
        )

    [success] => 1
    [http_status_code] => 200
)
*** Calling auth_status 2 of 2 2018-10-26 11:01:00
Array
(
    [response] => Array
        (
            [stat] => FAIL
            [code] => 28
            [message] => Operation timed out after 10001 milliseconds with 0 out of -1 bytes received
        )

    [success] =>
    [http_status_code] =>
)
*** done 2018-10-26 11:01:10```
0 Helpful

QuickFix
Level 1
Level 1
In response to Todd_Haddaway

‎12-04-2020 06:11 AM

Any solution for this problem (after two years)?
I’m facing the exact same problem and see a couple of similar threads, but none with an actual answer.

And please note: “no” is also an answer, but leaving things open like this is pretty frustrating, specially when more people are having the same issue.

I’m using Delphi with Indy btw, but the results are exactly the same as above (and other) threads.

Thanks,

Peter

0 Helpful

colin_medfisch
Cisco Employee
Cisco Employee

‎12-16-2020 01:29 PM

Hey @QuickFix,

I think there might be a misunderstanding with how the /auth_status endpoint is used.

When a Duo Push is initiated via the /auth endpoint and the async parameter, we will immediately send a ‘pushed/waiting’ status, which can be pulled via /auth_status right away. The status is not updated again for a particular authentication attempted until it is either answered with an approve/deny or it times out.

One recommendation is to make sure that your application has a 60-second timeout configured, as this is the defined timeout for a Duo Push. You could then use /auth_status once during the transaction to check if the request is still waiting or if the user has actioned it.

Thanks!
Colin

0 Helpful

QuickFix
Level 1
Level 1

‎12-16-2020 11:56 PM

Thanks for your answer @cmedfischduo,

The problem with normal (single threaded) applications is that waiting on a (any) reply will stall the entire application.
I fixed my problem by putting all DUO requests into separate threads, which will keep the application responsive and can be killed in the event a user wants to cancel authenticating.

Thanks again for your reply,

Peter

0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents