duoweb

package module
v0.0.0-...-989da53 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 15, 2018 License: MIT Imports: 14 Imported by: 0

README

You probably want to be running the official duo SDK instead: https://github.com/duosecurity/duo_api_golang

go-duoweb

Duo Security two-factor authentication for Go web applications. It uses Duo's official JavaScript widget in an iframe, and a high-level API to authenticate users with Duo’s 2FA.

Requirements

In order to use this you must have a Duo account and create a new application in your account. You will then be given keys to use for authentication.

Demo app

There is a functional demo app in this repository.

Documentation

Overview

Package duoweb provides implements Duo Security's two-factor authentication for web applications

Index

Constants

This section is empty.

Variables

View Source
var ErrAKEY = errors.New("ERR|The application secret key passed to sign_request() must be at least 40 characters.")

ErrAKEY is returned if the application secret key is invalid

View Source
var ErrIKEY = errors.New("ERR|The Duo integration key passed to sign_request() is invalid.")

ErrIKEY is returned if the integration key is invalid

View Source
var ErrSKEY = errors.New("ERR|The Duo secret key passed to sign_request() is invalid.")

ErrSKEY is returned if the Duo secret key is invalid

View Source
var ErrUSER = errors.New("ERR|The username passed to sign_request() is invalid.")

ErrUser is returned if the username is invalid

View Source
var ErrUnknown = errors.New("ERR|An unknown error has occurred.")

ErrUnknown is returned if an unknown error occurs

Functions

func SignEnrollRequest

func SignEnrollRequest(ikey, skey, akey string, username string) (string, error)

SignEnrollRequest generates a signed enrollment request for Duo authentication.

func SignRequest

func SignRequest(ikey, skey, akey string, username string) (string, error)

SignRequest generates a signed request for Duo authentication.

func VerifyEnrollResponse

func VerifyEnrollResponse(ikey, skey, akey, response string) string

VerifyEnrollResponse validates the signed enrollment response returned from Duo. Returns the username of the authenticated user.

func VerifyResponse

func VerifyResponse(ikey, skey, akey, response string) string

VerifyResponse validates the signed response returned from Duo. Returns the username of the authenticated user.

Types

type AuthResponse

type AuthResponse struct {
	Result    string `mapstructure:"result"`
	Status    string `mapstructure:"status"`
	StatusMsg string `mapstructure:"status_msg"`
	Txid      string `mapstsructure:"txid"`
}

AuthResponse is a response to an Auth request

type Client

type Client struct {
	Host string
	SKey string
	IKey string
}

Client is a Duo Security API client

func NewClient

func NewClient(host, skey, ikey string) *Client

NewClient returns a new API client with the given API host, secret key, and integration key

func (*Client) AuthPasscode

func (c *Client) AuthPasscode(userid, passcode string, async bool) (AuthResponse, error)

AuthPasscode reqeusts an authorization for the given passcode

func (*Client) AuthPush

func (c *Client) AuthPush(userid string, async bool) (AuthResponse, error)

AuthPush requests an authorization via mobile-push

func (*Client) Check

func (c *Client) Check() (PingResponse, error)

Check sends a ping response which validates the credentials

func (*Client) Enroll

func (c *Client) Enroll(username string, validSeconds int) (EnrollResponse, error)

Enroll asks to enroll the given username with a timeout of validSeconds

func (*Client) Ping

func (c *Client) Ping() (PingResponse, error)

Ping sends an Ping request without validation credentials

func (*Client) PollAuthStatus

func (c *Client) PollAuthStatus(txid string) (AuthResponse, error)

PollAuthStatus checks the status for the given authorization request. It blocks until the status changes.

func (*Client) PollEnrollStatus

func (c *Client) PollEnrollStatus(userid, activationCode string) (EnrollStatusResponse, error)

PollEnrollStatus checks the state of the enrollment for the given userid

func (*Client) Preauth

func (c *Client) Preauth(userid string) (PreauthResponse, error)

Preauth sends a preauthorization request for the given userid

type EnrollResponse

type EnrollResponse struct {
	ActivationBarcode string `mapstructure:"activation_barcode"`
	ActivationCode    string `mapstructure:"activation_code"`
	Expiration        int    `mapstructure:"expiration"`
	UserID            string `mapstructure:"user_id"`
	Username          string `mapstructure:"username"`
}

EnrollResponse is a response for an enrollment request

type EnrollStatusResponse

type EnrollStatusResponse string

EnrollStatusResponse is a response to an enrollment request

type Error

type Error struct {
	Stat          string `mapstructure:"stat"`
	Code          int    `mapstructure:"code"`
	Message       string `mapstructure:"message"`
	MessageDetail string `mapstructure:"message_detail"`
}

Error is an API endpoint error

func (*Error) Error

func (e *Error) Error() string

type PingResponse

type PingResponse struct {
	Time int
}

PingResponse is a response to a Ping request

type PreauthResponse

type PreauthResponse struct {
	Result    string `mapstructure:"result"`
	StatusMsg string `mapstructure:"status_msg"`
	Devices   []struct {
		Device       string   `mapstructure:"device"`
		Type         string   `mapstructure:"type"`
		Number       string   `mapstructure:"number"`
		Name         string   `mapstructure:"name"`
		Capabilities []string `mapstructure:"capabilities"`
	} `mapstructure:"devices"`
	EnrollPortalURL string `mapstructure:"enroll_portal_url"`
}

PreauthResponse is a response for a preauthorization request

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL