Sample code for 30+ languages & platforms
Delphi DLL

Duo Auth API - Async Auth

See more Duo Auth MFA Examples

If you enable async, then your application will be able to retrieve real-time status updates from the authentication process, rather than receiving no information until the process is complete.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, HttpRequest, StringBuilder, HttpResponse, JsonObject;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
integrationKey: PWideChar;
secretKey: PWideChar;
http: HCkHttp;
url: PWideChar;
req: HCkHttpRequest;
resp: HCkHttpResponse;
json: HCkJsonObject;
txid: PWideChar;
sbUrl: HCkStringBuilder;
url: PWideChar;
sbResult: HCkStringBuilder;
responseStatus: PWideChar;
responseStatus_msg: PWideChar;
i: Integer;
maxWaitIterations: Integer;

begin
success := False;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

integrationKey := 'DIMS3V5QDVG9J9ABRXC4';
secretKey := 'HWVQ46nubLBxhnRlKddTltWIi3hL0fIQF2qTvLab';

http := CkHttp_Create();

CkHttp_putAccept(http,'application/json');

// Use your own hostname here:
url := 'https://api-a03782e1.duosecurity.com/auth/v2/auth';

// This example requires Chilkat v9.5.0.89 or greater because Chilkat will automatically
// generate and send the HMAC signature for the requires based on the integration key and secret key.
CkHttp_putLogin(http,integrationKey);
CkHttp_putPassword(http,secretKey);

req := CkHttpRequest_Create();
CkHttpRequest_AddParam(req,'username','matt');
CkHttpRequest_AddParam(req,'factor','push');
// The device ID can be obtained from the preauth response.  See Duo Preauth Example
CkHttpRequest_AddParam(req,'device','DP6GYVTQ5NK82BMR851F');
// Add the async param to get an immediate response, then periodically check for updates to find out when the MFA authentication completes for fails.
CkHttpRequest_AddParam(req,'async','1');

CkHttpRequest_putHttpVerb(req,'POST');
CkHttpRequest_putContentType(req,'application/x-www-form-urlencoded');

resp := CkHttpResponse_Create();
success := CkHttp_HttpReq(http,url,req,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

Memo1.Lines.Add('status code = ' + IntToStr(CkHttpResponse_getStatusCode(resp)));

json := CkJsonObject_Create();
success := CkJsonObject_Load(json,CkHttpResponse__bodyStr(resp));
CkJsonObject_putEmitCompact(json,False);
Memo1.Lines.Add(CkJsonObject__emit(json));

if (CkHttpResponse_getStatusCode(resp) <> 200) then
  begin
    Exit;
  end;

// Sample successful output:

// status code = 200

// {
//   "stat": "OK",
//   "response": {
//     "txid": "45f7c92b-f45f-4862-8545-e0f58e78075a"
//   }
// }

txid := CkJsonObject__stringOf(json,'response.txid');

// Use your own hostname here:
sbUrl := CkStringBuilder_Create();
CkStringBuilder_Append(sbUrl,'https://api-a03782e1.duosecurity.com/auth/v2/auth_status?txid=');
CkStringBuilder_Append(sbUrl,txid);
url := CkStringBuilder__getAsString(sbUrl);

Memo1.Lines.Add('Auth status URL: ' + url);

sbResult := CkStringBuilder_Create();

// Wait for a response...
i := 0;
maxWaitIterations := 100;
while i < maxWaitIterations do
  begin
    // Wait 3 seconds.
    CkHttp_SleepMs(http,3000);

    Memo1.Lines.Add('Polling...');

    success := CkHttp_HttpNoBody(http,'GET',url,resp);
    if (success = False) then
      begin
        Memo1.Lines.Add(CkHttp__lastErrorText(http));
        Exit;
      end;

    if (CkHttpResponse_getStatusCode(resp) <> 200) then
      begin
        Memo1.Lines.Add('error status code = ' + IntToStr(CkHttpResponse_getStatusCode(resp)));
        Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));
        Memo1.Lines.Add('Failed.');
        Exit;
      end;

    // Sample response:

    // 	{
    // 	  "stat": "OK",
    // 	  "response": {
    // 	    "result": "waiting",
    // 	    "status": "pushed",
    // 	    "status_msg": "Pushed a login request to your phone..."
    // 	  }
    // 	}

    CkJsonObject_Load(json,CkHttpResponse__bodyStr(resp));

    // The responseResult can be "allow", "deny", or "waiting"
    CkStringBuilder_Clear(sbResult);
    CkJsonObject_StringOfSb(json,'response.result',sbResult);
    responseStatus := CkJsonObject__stringOf(json,'response.status');
    responseStatus_msg := CkJsonObject__stringOf(json,'response.status_msg');

    Memo1.Lines.Add(CkStringBuilder__getAsString(sbResult));
    Memo1.Lines.Add(responseStatus);
    Memo1.Lines.Add(responseStatus_msg);
    Memo1.Lines.Add('');

    if (CkStringBuilder_ContentsEqual(sbResult,'waiting',True) = True) then
      begin
        i := i + 1;
      end
    else
      begin
        // Force loop exit..
        i := maxWaitIterations;
      end;
  end;

Memo1.Lines.Add('Finished.');

CkHttp_Dispose(http);
CkHttpRequest_Dispose(req);
CkHttpResponse_Dispose(resp);
CkJsonObject_Dispose(json);
CkStringBuilder_Dispose(sbUrl);
CkStringBuilder_Dispose(sbResult);

end;