Sample code for 30+ languages & platforms
Go

Duo Auth API - Async Auth

See more Duo Auth MFA Examples

If you enable async, then your application will be able to retrieve real-time status updates from the authentication process, rather than receiving no information until the process is complete.

Chilkat Go Downloads

Go
    success := false

    // This example assumes the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    integrationKey := "DIMS3V5QDVG9J9ABRXC4"
    secretKey := "HWVQ46nubLBxhnRlKddTltWIi3hL0fIQF2qTvLab"

    http := chilkat.NewHttp()

    http.SetAccept("application/json")

    // Use your own hostname here:


    // This example requires Chilkat v9.5.0.89 or greater because Chilkat will automatically
    // generate and send the HMAC signature for the requires based on the integration key and secret key.
    http.SetLogin(integrationKey)
    http.SetPassword(secretKey)

    req := chilkat.NewHttpRequest()
    req.AddParam("username","matt")
    req.AddParam("factor","push")
    // The device ID can be obtained from the preauth response.  See Duo Preauth Example
    req.AddParam("device","DP6GYVTQ5NK82BMR851F")
    // Add the async param to get an immediate response, then periodically check for updates to find out when the MFA authentication completes for fails.
    req.AddParam("async","1")

    req.SetHttpVerb("POST")
    req.SetContentType("application/x-www-form-urlencoded")

    resp := chilkat.NewHttpResponse()
    success = http.HttpReq(*url,req,resp)
    if success == false {
        fmt.Println(http.LastErrorText())
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        return
    }

    fmt.Println("status code = ", resp.StatusCode())

    json := chilkat.NewJsonObject()
    success = json.Load(resp.BodyStr())
    json.SetEmitCompact(false)
    fmt.Println(*json.Emit())

    if resp.StatusCode() != 200 {
        http.DisposeHttp()
        req.DisposeHttpRequest()
        resp.DisposeHttpResponse()
        json.DisposeJsonObject()
        return
    }

    // Sample successful output:

    // status code = 200

    // {
    //   "stat": "OK",
    //   "response": {
    //     "txid": "45f7c92b-f45f-4862-8545-e0f58e78075a"
    //   }
    // }

    txid := json.StringOf("response.txid")

    // Use your own hostname here:
    sbUrl := chilkat.NewStringBuilder()
    sbUrl.Append("https://api-a03782e1.duosecurity.com/auth/v2/auth_status?txid=")
    sbUrl.Append(*txid)
    url := sbUrl.GetAsString()

    fmt.Println("Auth status URL: ", *url)

    sbResult := chilkat.NewStringBuilder()
    var responseStatus *string = new(string)
    var responseStatus_msg *string = new(string)

    // Wait for a response...
    i := 0
    maxWaitIterations := 100
    for i < maxWaitIterations {
        // Wait 3 seconds.
        http.SleepMs(3000)

        fmt.Println("Polling...")

        success = http.HttpNoBody("GET",*url,resp)
        if success == false {
            fmt.Println(http.LastErrorText())
            http.DisposeHttp()
            req.DisposeHttpRequest()
            resp.DisposeHttpResponse()
            json.DisposeJsonObject()
            sbUrl.DisposeStringBuilder()
            sbResult.DisposeStringBuilder()
            return
        }

        if resp.StatusCode() != 200 {
            fmt.Println("error status code = ", resp.StatusCode())
            fmt.Println(resp.BodyStr())
            fmt.Println("Failed.")
            http.DisposeHttp()
            req.DisposeHttpRequest()
            resp.DisposeHttpResponse()
            json.DisposeJsonObject()
            sbUrl.DisposeStringBuilder()
            sbResult.DisposeStringBuilder()
            return
        }

        // Sample response:

        // 	{
        // 	  "stat": "OK",
        // 	  "response": {
        // 	    "result": "waiting",
        // 	    "status": "pushed",
        // 	    "status_msg": "Pushed a login request to your phone..."
        // 	  }
        // 	}

        json.Load(resp.BodyStr())

        // The responseResult can be "allow", "deny", or "waiting"
        sbResult.Clear()
        json.StringOfSb("response.result",sbResult)
        responseStatus = json.StringOf("response.status")
        responseStatus_msg = json.StringOf("response.status_msg")

        fmt.Println(*sbResult.GetAsString())
        fmt.Println(*responseStatus)
        fmt.Println(*responseStatus_msg)
        fmt.Println("")

        if sbResult.ContentsEqual("waiting",true) == true {
            i = i + 1
        } else {
            // Force loop exit..
            i = maxWaitIterations
        }

    }

    fmt.Println("Finished.")

    http.DisposeHttp()
    req.DisposeHttpRequest()
    resp.DisposeHttpResponse()
    json.DisposeJsonObject()
    sbUrl.DisposeStringBuilder()
    sbResult.DisposeStringBuilder()