Your data. Anywhere you go.

New Relic for iOS or Android


Download on the App Store    Android App on Google play


New Relic Insights App for iOS


Download on the App Store


Learn more

Close icon

Duo Auth API using Synthetics trouble on creating auth

synthetics
synthetics-script
synthetics-api

#1

We are trying to do a CHECK on Duo Auth API using Synthetics. So far We have tested the sample Python script and it is working.

Python code:

import base64, email, hmac, hashlib, urllib

def sign(method, host, path, params, skey, ikey):

# create canonical string
now = email.Utils.formatdate()
canon = [now, method.upper(), host.lower(), path]
args = []
#for key in sorted(params.keys()):
#    val = params[key]
#    if isinstance(val, unicode):
#        val = val.encode("utf-8")
#    args.append(
#        '%s=%s' % (urllib.quote(key, '~'), urllib.quote(val, '~')))
canon.append('&'.join(args))
canon = '\n'.join(canon)

# sign canonical string
sig = hmac.new(skey, canon, hashlib.sha1)
auth = '%s:%s' % (ikey, sig.hexdigest())

# return headers
return {'sig': sig, 'Date': now, 'Authorization': 'Basic %s' % base64.b64encode(auth)}

Here’s our Synthetic API Test code:

var crypto = require("crypto-js");
var CryptoJS = require("crypto-js");
var assert = require('assert');

var method = "GET";
var host = "api-xxxxxxxx.duosecurity.com";
var path = "/auth/v2/check";
var params = "";
var skey = DUO_SECRET_KEY;
var ikey = DUO_INTEGRATION_KEY;
var utcDate = new Date().toUTCString();

// To generate a RFC2822 format (Thu, 18 Jul 2019 03:08:51 -0000)
var subStrDuodate = utcDate.toString().substring(0,25) + " -0000";

var line = [subduodate, method.toString().toUpperCase(), host.toString().toLocaleLowerCase(), path];

var args = [];
var amp = args.join("&")

line.concat(line,amp)
var canon = line.join("\n");

var sig = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA1(canon, skey));
var auth = ikey + ":" + sig;

var auth64 = "Basic " + Buffer.from(auth, 'ascii').toString('base64');

var options = {
    uri: 'https://api-xxxxxxxx.duosecurity.com/auth/v2/check',
    headers: {
        'X-Duo-Date': subStrDuodate,
        'Authorization' : auth64,
        'Content-Type' : 'application/x-www-form-urlencoded'
    }};

function callback (err, response, body) {
    console.log("Status Code: " + response.statusCode);
	assert.ok(response.statusCode == 200, 'Expected 200 OK response');
    console.log('--END--');
}

$http.get(options, callback);

After validating the Synthetics, we are getting this error.
{"code": 40103, "message": "Invalid signature in request credentials", "stat": "FAIL"}

Are we missing something here? Thanks in advance!


#2

Got this to work using the DUO API Node project in GitHub found here: https://github.com/duosecurity/duo_api_nodejs/blob/master/lib/duo_sig.js

Here’s the working Synthetic code:


#3

What an awesome share! Thank you, @allan.bernardo! :blush: