Provided by: libnet-duo-perl_1.02-3_all bug

NAME

       Net::Duo::Auth - Perl interface for the Duo Auth API

SYNOPSIS

           my $duo = Net::Duo::Auth->new({ key_file => '/path/to/keys.json' });
           my $timestamp = $duo->check;

REQUIREMENTS

       Perl 5.14 or later and the modules HTTP::Request and HTTP::Response (part of
       HTTP::Message), JSON, LWP (also known as libwww-perl), Perl6::Slurp, Sub::Install, and
       URI::Escape (part of URI), all of which are available from CPAN.

DESCRIPTION

       Net::Duo::Auth is an implementation of the Duo Auth REST API for Perl.  Method calls
       correspond to endpoints in the REST API.  Its goal is to provide a native, natural
       interface for all Duo operations in the API from inside Perl, while abstracting away as
       many details of the API as can be reasonably handled automatically.

       Currently, only a tiny number of available methods are implemented.

       For calls that return complex data structures, the return from the call will generally be
       an object in the Net::Duo::Auth namespace.  These objects all have methods matching the
       name of the field in the Duo API documentation that returns that field value.  Where it
       makes sense, there will also be a method with the same name but with "set_" prepended that
       changes that value.  No changes are made to the Duo record itself until the commit()
       method is called on the object, which will make the underlying Duo API call to update the
       data.

       On failure, all methods throw a Net::Duo::Exception object.  This can be interpolated into
       a string for a simple error message, or inspected with method calls for more details.
       This is also true of all methods in all objects in the Net::Duo namespace.

CLASS METHODS

       new(ARGS)
           Create a new Net::Duo::Auth object, which is used for all subsequent calls.  This
           constructor is inherited from Net::Duo.  See Net::Duo for documentation of the
           possible arguments.

INSTANCE METHODS

       auth(ARGS)
           Perform a Duo synchronous authentication.

           The user will be authenticated given the factor and additional information provided in
           ARGS.  The call will not return until the user has authenticated or the call has
           failed for some reason.  To do long-polling instead, see auth_async().

           ARGS should be a reference to a hash.  The following keys may always be present:

           user_id
               The Duo ID of the user to authenticate.  Either this or "username", but only one
               or the other, must be specified.

           username
               The username of the user to authenticate.  Either this or "username", but only one
               or the other, must be specified.

           factor
               The authentication factor to use, chosen from "push", "passcode", or "phone", or
               "auto" to use whichever of "push" or "phone" appears best for this user's devices
               according to Duo.  Required.

           ipaddr
               The IP address of the user, used for logging and to support sending an "allow"
               response without further verification if the user is coming from a trusted network
               as configured in the integration.

           Additional keys may be present depending on "factor".  For a "factor" value of "push":

           device
               The ID of the device to which to send the push notification, or "auto" to send to
               the first push-capable device.  Optional, defaulting to "auto".

           type
               This string is displayed in the Duo Mobile app before the word "request".  The
               default is "Login", so the phrase "Login request" appears in the push notification
               text and on the request details screen.  You may want to specify "Transaction",
               "Transfer", etc.  Optional.

           display_username
               String to display in Duo Mobile in place of the user's Duo username.  Optional.

           pushinfo
               A reference to a list of additional key/value pairs to display to the user as part
               of the authentication request.  For example:

                   { pushinfo => [from => 'login portal', domain => 'example.com'] }

               This is a list rather than a hash so that it preserves the order of arguments, but
               there should always be an even number of members in the list.

           For a "factor" value of "passcode":

           passcode
               The passcode to validate.  Required.

           For a "factor" value of "phone":

           phone
               The ID of the device to call, or "auto" to call the first available device.
               Optional and defaults to "auto".

           In a scalar context, this method returns true if the user was successfully
           authenticated and false if authentication failed for any reason.  In a list context,
           the same status argument is returned as the first member of the list, and the second
           member of the list will be a reference to a hash of additional data.  Possible keys
           are:

           status
               String detailing the progress or outcome of the authentication attempt.

           status_msg
               A string describing the result of the authentication attempt.  If the
               authentication attempt was denied, it may identify a reason.  This string is
               intended for display to the user.

           trusted_device_token
               If the trusted devices option is enabled for this account, returns a token for a
               trusted device that can later be passed to the Duo "preauth" endpoint.

           If you are looking for the Duo "sms" factor type, use the send_sms_passcodes() method
           instead.

       auth_async(ARGS)
           Perform a Duo asynchronous authentication.

           An authentication attempt will be started for a user according to the information
           provided in ARGS.  The return value from this call will be a Net::Duo::Admin::Async
           object, which provides a status() method, to get the status of the authentication, and
           an id() method, to recover the underlying transaction ID.  This approach allows the
           application to get the authentication status at each stage, instead of receiving no
           information until the authentication has succeeded or failed.

           ARGS should be a reference to a hash with the same parameters as were specified for
           the "auth()" method.

       check()
           Calls the Duo "check" endpoint.  This can be used as a simple check that all of the
           integration arguments are correct and the client can authenticate to the Duo
           authentication API.  On success, it returns the current time on the Duo server in
           seconds since UNIX epoch.

       send_sms_passcodes(USERNAME[, DEVICE])
           Send a new batch of passcodes to the specified user via SMS.  By default, the
           passcodes will be sent to the first SMS-capable device (the Duo "auto" behavior).  The
           optional second argument specifies a device ID to which to send the passcodes.  Any
           failure will result in an exception.

AUTHOR

       Russ Allbery <rra@cpan.org>

COPYRIGHT AND LICENSE

       Copyright 2014 The Board of Trustees of the Leland Stanford Junior University

       Permission is hereby granted, free of charge, to any person obtaining a copy of this
       software and associated documentation files (the "Software"), to deal in the Software
       without restriction, including without limitation the rights to use, copy, modify, merge,
       publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
       to whom the Software is furnished to do so, subject to the following conditions:

       The above copyright notice and this permission notice shall be included in all copies or
       substantial portions of the Software.

       THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
       INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
       PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
       FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
       OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
       DEALINGS IN THE SOFTWARE.

SEE ALSO

       Duo Auth API <https://www.duo.com/docs/authapi>

       This module is part of the Net::Duo distribution.  The current version of Net::Duo is
       available from CPAN, or directly from its web site at
       <https://www.eyrie.org/~eagle/software/net-duo/>.