Ubuntu Manpage: Net::Duo::Auth - Perl interface for the Duo Auth API

NAME

       Net::Duo::Auth - Perl interface for the Duo Auth API

SYNOPSIS

           my $duo = Net::Duo::Auth->new({ key_file => '/path/to/keys.json' });
           my $timestamp = $duo->check;

REQUIREMENTS

       Perl 5.14 or later and the modules HTTP::Request and HTTP::Response (part of
       HTTP::Message), JSON, LWP (also known as libwww-perl), Perl6::Slurp, Sub::Install, and
       URI::Escape (part of URI), all of which are available from CPAN.

DESCRIPTION

       Net::Duo::Auth is an implementation of the Duo Auth REST API for Perl.  Method calls
       correspond to endpoints in the REST API.  Its goal is to provide a native, natural
       interface for all Duo operations in the API from inside Perl, while abstracting away as
       many details of the API as can be reasonably handled automatically.

       Currently, only a tiny number of available methods are implemented.

       For calls that return complex data structures, the return from the call will generally be
       an object in the Net::Duo::Auth namespace.  These objects all have methods matching the
       name of the field in the Duo API documentation that returns that field value.  Where it
       makes sense, there will also be a method with the same name but with "set_" prepended that
       changes that value.  No changes are made to the Duo record itself until the commit()
       method is called on the object, which will make the underlying Duo API call to update the
       data.

       On failure, all methods throw a Net::Duo::Exception object.  This can be interpolated into
       a string for a simple error message, or inspected with method calls for more details.
       This is also true of all methods in all objects in the Net::Duo namespace.

CLASS METHODS

       new(ARGS)
           Create a new Net::Duo::Auth object, which is used for all subsequent calls.  This
           constructor is inherited from Net::Duo.  See Net::Duo for documentation of the
           possible arguments.

INSTANCE METHODS

auth(ARGS)
Perform a Duo synchronous authentication.

The user will be authenticated given the factor and additional information provided in
ARGS. The call will not return until the user has authenticated or the call has
failed for some reason. To do long-polling instead, see auth_async().

ARGS should be a reference to a hash. The following keys may always be present:

user_id
The Duo ID of the user to authenticate. Either this or "username", but only one
or the other, must be specified.

username
The username of the user to authenticate. Either this or "username", but only one
or the other, must be specified.

factor
The authentication factor to use, chosen from "push", "passcode", or "phone", or
"auto" to use whichever of "push" or "phone" appears best for this user's devices
according to Duo. Required.

ipaddr
The IP address of the user, used for logging and to support sending an "allow"
response without further verification if the user is coming from a trusted network
as configured in the integration.

Additional keys may be present depending on "factor". For a "factor" value of "push":

device
The ID of the device to which to send the push notification, or "auto" to send to
the first push-capable device. Optional, defaulting to "auto".

type
This string is displayed in the Duo Mobile app before the word "request". The
default is "Login", so the phrase "Login request" appears in the push notification
text and on the request details screen. You may want to specify "Transaction",
"Transfer", etc. Optional.

display_username
String to display in Duo Mobile in place of the user's Duo username. Optional.

pushinfo
A reference to a list of additional key/value pairs to display to the user as part
of the authentication request. For example:

{ pushinfo => [from => 'login portal', domain => 'example.com'] }

This is a list rather than a hash so that it preserves the order of arguments, but
there should always be an even number of members in the list.

For a "factor" value of "passcode":

passcode
The passcode to validate. Required.

For a "factor" value of "phone":

phone
The ID of the device to call, or "auto" to call the first available device.
Optional and defaults to "auto".

In a scalar context, this method returns true if the user was successfully
authenticated and false if authentication failed for any reason. In a list context,
the same status argument is returned as the first member of the list, and the second
member of the list will be a reference to a hash of additional data. Possible keys
are:

status
String detailing the progress or outcome of the authentication attempt.

status_msg
A string describing the result of the authentication attempt. If the
authentication attempt was denied, it may identify a reason. This string is
intended for display to the user.

trusted_device_token
If the trusted devices option is enabled for this account, returns a token for a
trusted device that can later be passed to the Duo "preauth" endpoint.

If you are looking for the Duo "sms" factor type, use the send_sms_passcodes() method
instead.

auth_async(ARGS)
Perform a Duo asynchronous authentication.

An authentication attempt will be started for a user according to the information
provided in ARGS. The return value from this call will be a Net::Duo::Admin::Async
object, which provides a status() method, to get the status of the authentication, and
an id() method, to recover the underlying transaction ID. This approach allows the
application to get the authentication status at each stage, instead of receiving no
information until the authentication has succeeded or failed.

ARGS should be a reference to a hash with the same parameters as were specified for
the "auth()" method.

check()
Calls the Duo "check" endpoint. This can be used as a simple check that all of the
integration arguments are correct and the client can authenticate to the Duo
authentication API. On success, it returns the current time on the Duo server in
seconds since UNIX epoch.

send_sms_passcodes(USERNAME[, DEVICE])
Send a new batch of passcodes to the specified user via SMS. By default, the
passcodes will be sent to the first SMS-capable device (the Duo "auto" behavior). The
optional second argument specifies a device ID to which to send the passcodes. Any
failure will result in an exception.

AUTHOR

       Russ Allbery <rra@cpan.org>

COPYRIGHT AND LICENSE

       Copyright 2014 The Board of Trustees of the Leland Stanford Junior University

       Permission is hereby granted, free of charge, to any person obtaining a copy of this
       software and associated documentation files (the "Software"), to deal in the Software
       without restriction, including without limitation the rights to use, copy, modify, merge,
       publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons
       to whom the Software is furnished to do so, subject to the following conditions:

       The above copyright notice and this permission notice shall be included in all copies or
       substantial portions of the Software.

       THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
       INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
       PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
       FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
       OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
       DEALINGS IN THE SOFTWARE.