Ubuntu Manpage: Net::Duo::Auth - Perl interface for the Duo Auth API

NAME

       Net::Duo::Auth - Perl interface for the Duo Auth API

SYNOPSIS

           my $duo = Net::Duo::Auth->new({ key_file => '/path/to/keys.json' });
           my $timestamp = $duo->check;

REQUIREMENTS

       Perl 5.14 or later and the modules HTTP::Request and HTTP::Response (part of HTTP::Message), JSON, LWP
       (also known as libwww-perl), Perl6::Slurp, Sub::Install, and URI::Escape (part of URI), all of which are
       available from CPAN.

DESCRIPTION

       Net::Duo::Auth is an implementation of the Duo Auth REST API for Perl.  Method calls correspond to
       endpoints in the REST API.  Its goal is to provide a native, natural interface for all Duo operations in
       the API from inside Perl, while abstracting away as many details of the API as can be reasonably handled
       automatically.

       Currently, only a tiny number of available methods are implemented.

       For calls that return complex data structures, the return from the call will generally be an object in
       the Net::Duo::Auth namespace.  These objects all have methods matching the name of the field in the Duo
       API documentation that returns that field value.  Where it makes sense, there will also be a method with
       the same name but with "set_" prepended that changes that value.  No changes are made to the Duo record
       itself until the commit() method is called on the object, which will make the underlying Duo API call to
       update the data.

       On failure, all methods throw a Net::Duo::Exception object.  This can be interpolated into a string for a
       simple error message, or inspected with method calls for more details.  This is also true of all methods
       in all objects in the Net::Duo namespace.

CLASS METHODS

       new(ARGS)
           Create a new Net::Duo::Auth object, which is used for all subsequent calls.  This constructor is
           inherited from Net::Duo.  See Net::Duo for documentation of the possible arguments.

INSTANCE METHODS

auth(ARGS)
Perform a Duo synchronous authentication.

The user will be authenticated given the factor and additional information provided in ARGS. The
call will not return until the user has authenticated or the call has failed for some reason. To do
long-polling instead, see auth_async().

ARGS should be a reference to a hash. The following keys may always be present:

user_id
The Duo ID of the user to authenticate. Either this or "username", but only one or the other,
must be specified.

username
The username of the user to authenticate. Either this or "username", but only one or the other,
must be specified.

factor
The authentication factor to use, chosen from "push", "passcode", or "phone", or "auto" to use
whichever of "push" or "phone" appears best for this user's devices according to Duo. Required.

ipaddr
The IP address of the user, used for logging and to support sending an "allow" response without
further verification if the user is coming from a trusted network as configured in the
integration.

Additional keys may be present depending on "factor". For a "factor" value of "push":

device
The ID of the device to which to send the push notification, or "auto" to send to the first push-
capable device. Optional, defaulting to "auto".

type
This string is displayed in the Duo Mobile app before the word "request". The default is
"Login", so the phrase "Login request" appears in the push notification text and on the request
details screen. You may want to specify "Transaction", "Transfer", etc. Optional.

display_username
String to display in Duo Mobile in place of the user's Duo username. Optional.

pushinfo
A reference to a list of additional key/value pairs to display to the user as part of the
authentication request. For example:

{ pushinfo => [from => 'login portal', domain => 'example.com'] }

This is a list rather than a hash so that it preserves the order of arguments, but there should
always be an even number of members in the list.

For a "factor" value of "passcode":

passcode
The passcode to validate. Required.

For a "factor" value of "phone":

phone
The ID of the device to call, or "auto" to call the first available device. Optional and
defaults to "auto".

In a scalar context, this method returns true if the user was successfully authenticated and false if
authentication failed for any reason. In a list context, the same status argument is returned as the
first member of the list, and the second member of the list will be a reference to a hash of
additional data. Possible keys are:

status
String detailing the progress or outcome of the authentication attempt.

status_msg
A string describing the result of the authentication attempt. If the authentication attempt was
denied, it may identify a reason. This string is intended for display to the user.

trusted_device_token
If the trusted devices option is enabled for this account, returns a token for a trusted device
that can later be passed to the Duo "preauth" endpoint.

If you are looking for the Duo "sms" factor type, use the send_sms_passcodes() method instead.

auth_async(ARGS)
Perform a Duo asynchronous authentication.

An authentication attempt will be started for a user according to the information provided in ARGS.
The return value from this call will be a Net::Duo::Admin::Async object, which provides a status()
method, to get the status of the authentication, and an id() method, to recover the underlying
transaction ID. This approach allows the application to get the authentication status at each stage,
instead of receiving no information until the authentication has succeeded or failed.

ARGS should be a reference to a hash with the same parameters as were specified for the "auth()"
method.

check()
Calls the Duo "check" endpoint. This can be used as a simple check that all of the integration
arguments are correct and the client can authenticate to the Duo authentication API. On success, it
returns the current time on the Duo server in seconds since UNIX epoch.

send_sms_passcodes(USERNAME[, DEVICE])
Send a new batch of passcodes to the specified user via SMS. By default, the passcodes will be sent
to the first SMS-capable device (the Duo "auto" behavior). The optional second argument specifies a
device ID to which to send the passcodes. Any failure will result in an exception.

AUTHOR

       Russ Allbery <rra@cpan.org>

COPYRIGHT AND LICENSE

       Copyright 2014 The Board of Trustees of the Leland Stanford Junior University

       Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
       associated documentation files (the "Software"), to deal in the Software without restriction, including
       without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
       copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the
       following conditions:

       The above copyright notice and this permission notice shall be included in all copies or substantial
       portions of the Software.

       THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
       LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN
       NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
       WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
       SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.