Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1825
Views
0
Helpful
1
Replies

/auth endpoint always returns stat OK regardless of passcode value?

sc_admin_admin
Level 1
Level 1

‎09-11-2019 09:49 AM

I am using /auth/v2/auth endpoint for my API to do 2FA.

I am doing a HTTP POST
■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■/auth/v2/auth
factor=passcode&passcode=123456&username=someuser

I get stat=Ok in the response regardless the value of passcode.
But from my Duo2FA mobile, the passcode for this user is clearly no 123456

But when I look at the administation log form Duo admin webpage it says:
Denied
Invalid passcode

Is the usage correct or there is something wrong on the Duo side?

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎09-12-2019 06:34 AM

OK means the auth request was successfully sent. Look at the result value and you shouls see it is deny. Please review the “Response Formats” table at Auth API | Duo Security.

If your post to /auth used async then you need to poll auth_status using the txid returned by /auth to see that deny result.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents