DUO Auth
This gem provides the ability to create HMAC login verification requests with the DUO 2-factor server. The code is taken from https://github.com/duosecurity/duo_ruby with some minor refactorings and gemification.
Compatibilty
This gem is up-to-date with bb77567c838d77bce4f501b475d28dade300edcd from https://github.com/duosecurity/duo_ruby.
This covers DUO-PSA-2015-001.
Installation
Add this line to your application's Gemfile:
gem 'duo-auth'
And then execute:
$ bundle
Or install it yourself as:
$ gem install duo-auth
Usage
Create a Signed Request
To create a signed request to be passed to the DUO servers use the follow singleton method:
Duo::Auth.sign_request(ENV[:duo_ikey], ENV[:duo_skey], Rails::Application.config.secret_token, @user.id)
The sign request method takes 4 arguments:
- Your DUO Integration Key.
- Your DUO Secret Key.
- An application secret token. Any secret token with a minimum of 40 characters will do, but if you're using rails, the default secret token will work great.
- Your user identifier. This is whatever you are using on DUO to track your users. This is also returned from the verify request step.
Verify a DUO Response
To verify the returned DUO response after 2-factor has been verified use the following singleton:
Duo::Auth.verify_response(ENV[:duo_ikey], ENV[:duo_skey], Rails::Application.config.secret_token, params[:sig_response])
The verify response method takes 4 arguments:
- Your DUO Integration Key.
- Your DUO Secret Key.
- An application secret token..
- The response from DUO. This is typically posted back to your application after authentication is complete.
The verify_response method will return the user identifier that was passed to the sign_request method if the verification was successful.
Contributing
- Fork it ( https://github.com/TheKidCoder/duo-auth/fork )
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create a new Pull Request