Sample code for 30+ languages & platforms
PHP Extension

Duo Auth API - Async Auth

See more Duo Auth MFA Examples

If you enable async, then your application will be able to retrieve real-time status updates from the authentication process, rather than receiving no information until the process is complete.

Chilkat PHP Extension Downloads

PHP Extension
<?php

include("chilkat.php");

$success = false;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

$integrationKey = 'DIMS3V5QDVG9J9ABRXC4';
$secretKey = 'HWVQ46nubLBxhnRlKddTltWIi3hL0fIQF2qTvLab';

$http = new CkHttp();

$http->put_Accept('application/json');

// Use your own hostname here:
$url = 'https://api-a03782e1.duosecurity.com/auth/v2/auth';

// This example requires Chilkat v9.5.0.89 or greater because Chilkat will automatically
// generate and send the HMAC signature for the requires based on the integration key and secret key.
$http->put_Login($integrationKey);
$http->put_Password($secretKey);

$req = new CkHttpRequest();
$req->AddParam('username','matt');
$req->AddParam('factor','push');
// The device ID can be obtained from the preauth response.  See Duo Preauth Example
$req->AddParam('device','DP6GYVTQ5NK82BMR851F');
// Add the async param to get an immediate response, then periodically check for updates to find out when the MFA authentication completes for fails.
$req->AddParam('async','1');

$req->put_HttpVerb('POST');
$req->put_ContentType('application/x-www-form-urlencoded');

$resp = new CkHttpResponse();
$success = $http->HttpReq($url,$req,$resp);
if ($success == false) {
    print $http->lastErrorText() . "\n";
    exit;
}

print 'status code = ' . $resp->get_StatusCode() . "\n";

$json = new CkJsonObject();
$success = $json->Load($resp->bodyStr());
$json->put_EmitCompact(false);
print $json->emit() . "\n";

if ($resp->get_StatusCode() != 200) {
    exit;
}

// Sample successful output:

// status code = 200

// {
//   "stat": "OK",
//   "response": {
//     "txid": "45f7c92b-f45f-4862-8545-e0f58e78075a"
//   }
// }

$txid = $json->stringOf('response.txid');

// Use your own hostname here:
$sbUrl = new CkStringBuilder();
$sbUrl->Append('https://api-a03782e1.duosecurity.com/auth/v2/auth_status?txid=');
$sbUrl->Append($txid);
$url = $sbUrl->getAsString();

print 'Auth status URL: ' . $url . "\n";

$sbResult = new CkStringBuilder();

// Wait for a response...
$i = 0;
$maxWaitIterations = 100;
while ($i < $maxWaitIterations) {
    // Wait 3 seconds.
    $http->SleepMs(3000);

    print 'Polling...' . "\n";

    $success = $http->HttpNoBody('GET',$url,$resp);
    if ($success == false) {
        print $http->lastErrorText() . "\n";
        exit;
    }

    if ($resp->get_StatusCode() != 200) {
        print 'error status code = ' . $resp->get_StatusCode() . "\n";
        print $resp->bodyStr() . "\n";
        print 'Failed.' . "\n";
        exit;
    }

    // Sample response:

    // 	{
    // 	  "stat": "OK",
    // 	  "response": {
    // 	    "result": "waiting",
    // 	    "status": "pushed",
    // 	    "status_msg": "Pushed a login request to your phone..."
    // 	  }
    // 	}

    $json->Load($resp->bodyStr());

    // The responseResult can be "allow", "deny", or "waiting"
    $sbResult->Clear();
    $json->StringOfSb('response.result',$sbResult);
    $responseStatus = $json->stringOf('response.status');
    $responseStatus_msg = $json->stringOf('response.status_msg');

    print $sbResult->getAsString() . "\n";
    print $responseStatus . "\n";
    print $responseStatus_msg . "\n";
    print '' . "\n";

    if ($sbResult->ContentsEqual('waiting',true) == true) {
        $i = $i + 1;
    }
    else {
        // Force loop exit..
        $i = $maxWaitIterations;
    }

}

print 'Finished.' . "\n";

?>