README
¶
You probably want to be running the official duo SDK instead: https://github.com/duosecurity/duo_api_golang
go-duoweb
Duo Security two-factor authentication for Go web applications. It uses Duo's official JavaScript widget in an iframe, and a high-level API to authenticate users with Duo’s 2FA.
Requirements
In order to use this you must have a Duo account and create a new application in your account. You will then be given keys to use for authentication.
Demo app
There is a functional demo app in this repository.
Documentation
¶
Overview ¶
Package duoweb provides implements Duo Security's two-factor authentication for web applications
Index ¶
- Variables
- func SignEnrollRequest(ikey, skey, akey string, username string) (string, error)
- func SignRequest(ikey, skey, akey string, username string) (string, error)
- func VerifyEnrollResponse(ikey, skey, akey, response string) string
- func VerifyResponse(ikey, skey, akey, response string) string
- type AuthResponse
- type Client
- func (c *Client) AuthPasscode(userid, passcode string, async bool) (AuthResponse, error)
- func (c *Client) AuthPush(userid string, async bool) (AuthResponse, error)
- func (c *Client) Check() (PingResponse, error)
- func (c *Client) Enroll(username string, validSeconds int) (EnrollResponse, error)
- func (c *Client) Ping() (PingResponse, error)
- func (c *Client) PollAuthStatus(txid string) (AuthResponse, error)
- func (c *Client) PollEnrollStatus(userid, activationCode string) (EnrollStatusResponse, error)
- func (c *Client) Preauth(userid string) (PreauthResponse, error)
- type EnrollResponse
- type EnrollStatusResponse
- type Error
- type PingResponse
- type PreauthResponse
Constants ¶
This section is empty.
Variables ¶
var ErrAKEY = errors.New("ERR|The application secret key passed to sign_request() must be at least 40 characters.")
ErrAKEY is returned if the application secret key is invalid
var ErrIKEY = errors.New("ERR|The Duo integration key passed to sign_request() is invalid.")
ErrIKEY is returned if the integration key is invalid
var ErrSKEY = errors.New("ERR|The Duo secret key passed to sign_request() is invalid.")
ErrSKEY is returned if the Duo secret key is invalid
var ErrUSER = errors.New("ERR|The username passed to sign_request() is invalid.")
ErrUser is returned if the username is invalid
var ErrUnknown = errors.New("ERR|An unknown error has occurred.")
ErrUnknown is returned if an unknown error occurs
Functions ¶
func SignEnrollRequest ¶
SignEnrollRequest generates a signed enrollment request for Duo authentication.
func SignRequest ¶
SignRequest generates a signed request for Duo authentication.
func VerifyEnrollResponse ¶
VerifyEnrollResponse validates the signed enrollment response returned from Duo. Returns the username of the authenticated user.
func VerifyResponse ¶
VerifyResponse validates the signed response returned from Duo. Returns the username of the authenticated user.
Types ¶
type AuthResponse ¶
type AuthResponse struct {
Result string `mapstructure:"result"`
Status string `mapstructure:"status"`
StatusMsg string `mapstructure:"status_msg"`
Txid string `mapstsructure:"txid"`
}
AuthResponse is a response to an Auth request
type Client ¶
Client is a Duo Security API client
func NewClient ¶
NewClient returns a new API client with the given API host, secret key, and integration key
func (*Client) AuthPasscode ¶
func (c *Client) AuthPasscode(userid, passcode string, async bool) (AuthResponse, error)
AuthPasscode reqeusts an authorization for the given passcode
func (*Client) AuthPush ¶
func (c *Client) AuthPush(userid string, async bool) (AuthResponse, error)
AuthPush requests an authorization via mobile-push
func (*Client) Check ¶
func (c *Client) Check() (PingResponse, error)
Check sends a ping response which validates the credentials
func (*Client) Enroll ¶
func (c *Client) Enroll(username string, validSeconds int) (EnrollResponse, error)
Enroll asks to enroll the given username with a timeout of validSeconds
func (*Client) Ping ¶
func (c *Client) Ping() (PingResponse, error)
Ping sends an Ping request without validation credentials
func (*Client) PollAuthStatus ¶
func (c *Client) PollAuthStatus(txid string) (AuthResponse, error)
PollAuthStatus checks the status for the given authorization request. It blocks until the status changes.
func (*Client) PollEnrollStatus ¶
func (c *Client) PollEnrollStatus(userid, activationCode string) (EnrollStatusResponse, error)
PollEnrollStatus checks the state of the enrollment for the given userid
type EnrollResponse ¶
type EnrollResponse struct {
ActivationBarcode string `mapstructure:"activation_barcode"`
ActivationCode string `mapstructure:"activation_code"`
Expiration int `mapstructure:"expiration"`
UserID string `mapstructure:"user_id"`
Username string `mapstructure:"username"`
}
EnrollResponse is a response for an enrollment request
type EnrollStatusResponse ¶
type EnrollStatusResponse string
EnrollStatusResponse is a response to an enrollment request
type Error ¶
type Error struct {
Stat string `mapstructure:"stat"`
Code int `mapstructure:"code"`
Message string `mapstructure:"message"`
MessageDetail string `mapstructure:"message_detail"`
}
Error is an API endpoint error
type PingResponse ¶
type PingResponse struct {
Time int
}
PingResponse is a response to a Ping request
type PreauthResponse ¶
type PreauthResponse struct {
Result string `mapstructure:"result"`
StatusMsg string `mapstructure:"status_msg"`
Devices []struct {
Device string `mapstructure:"device"`
Type string `mapstructure:"type"`
Number string `mapstructure:"number"`
Name string `mapstructure:"name"`
Capabilities []string `mapstructure:"capabilities"`
} `mapstructure:"devices"`
EnrollPortalURL string `mapstructure:"enroll_portal_url"`
}
PreauthResponse is a response for a preauthorization request
Source Files
Directories