How can I make a single call that will authenticate a user ,

jonelster · ‎08-10-2023

DUO Universal. How can I make a single call that will authenticate a user , 'ping' the DUO app on their phone and authenticate. The DUO Universal example uses a Page call back. I have the DUO Universal sample working fine... https://github.com/duosecurity/duo_universal_csharp

I want to make a single HTTP call pass in the DUO URL and username. I wish to create a microservice to provide this.

I have tried the following.. but does not 'call' the DUO iPhone App.

using Microsoft.AspNetCore.Mvc; using System.Net.Http; using System.Threading.Tasks;

namespace DuoAuthenticationExample.Controllers { [ApiController] [Route("api/[controller]")] public class DuoController : ControllerBase { private readonly HttpClient _httpClient;

    public DuoController(IHttpClientFactory httpClientFactory)
    {
        _httpClient = httpClientFactory.CreateClient();
    }

    [HttpPost("authenticate")]
    public async Task<IActionResult> AuthenticateUser(string username, string passcode)
    {
        // Generate a signed passcode request
        string passcodeRequestUrl = "https://api-XXXX.duosecurity.com/auth/v2/auth";
        var passcodeRequest = new
        {
            username = username,
            passcode = passcode,
            // Add other required parameters
        };

        // Send passcode request to Duo Auth API
        HttpResponseMessage response = await _httpClient.PostAsJsonAsync(passcodeRequestUrl, passcodeRequest);

// DOES NOT CALL MY DUO IPHONE APP

        // Handle Duo API response and determine authentication status
        if (response.IsSuccessStatusCode)
        {
            // Check authentication status and grant access or deny
            // ...
            return Ok("User authenticated successfully");
        }
        else
        {
            // Handle API error and deny access
            return Unauthorized("Authentication failed");
        }
    }
}

DuoKristina · ‎08-15-2023

The Duo Universal Prompt is going to let the user interact with their factor, choose a different one, etc. You can't choose a default push factor on their behalf and automatically push using this SDK or the underlying OIDC-based API.

Maybe you want to look at the Duo Auth API, where you could always submit the /auth POST with `auto` factor (which, if Duo Mobile is activated on the device, will be a Duo Push) or even `push` if you never want to give the user a choice?

https://duo.com/docs/authapi

Duo, not DUO.

DuoKristina · ‎08-15-2023

Oh, hm, I see even though you mentioned using the Universal Prompt SDK sample working you were actually trying the Auth API /auth endpoint.

To automatically send a push to Duo Mobile you'd need to POST something to /auth/v2/auth like username=lee&factor=auto&device=auto or username=lee&factor=push&device=auto.

ETA: this is the C# demo client for Auth API https://github.com/duosecurity/duo_api_csharp

Duo, not DUO.

DuoKristina · ‎08-15-2023

Ideally thought you would first post to preauth, take in what device the Duo user has available to auth, then base the factor submitted to auth on what they have i.e. don't always specify auto factor if it's possible some users won't have phones to call or have Duo Mobile activated for push.

Duo, not DUO.