Sample code for 30+ languages & platforms
PHP ActiveX

Duo Auth API - Async Auth

See more Duo Auth MFA Examples

If you enable async, then your application will be able to retrieve real-time status updates from the authentication process, rather than receiving no information until the process is complete.

Chilkat PHP ActiveX Downloads

PHP ActiveX
<?php

$success = 0;

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

$integrationKey = 'DIMS3V5QDVG9J9ABRXC4';
$secretKey = 'HWVQ46nubLBxhnRlKddTltWIi3hL0fIQF2qTvLab';

$http = new COM("Chilkat.Http");

$http->Accept = 'application/json';

// Use your own hostname here:
$url = 'https://api-a03782e1.duosecurity.com/auth/v2/auth';

// This example requires Chilkat v9.5.0.89 or greater because Chilkat will automatically
// generate and send the HMAC signature for the requires based on the integration key and secret key.
$http->Login = $integrationKey;
$http->Password = $secretKey;

$req = new COM("Chilkat.HttpRequest");
$req->AddParam('username','matt');
$req->AddParam('factor','push');
// The device ID can be obtained from the preauth response.  See Duo Preauth Example
$req->AddParam('device','DP6GYVTQ5NK82BMR851F');
// Add the async param to get an immediate response, then periodically check for updates to find out when the MFA authentication completes for fails.
$req->AddParam('async','1');

$req->HttpVerb = 'POST';
$req->ContentType = 'application/x-www-form-urlencoded';

$resp = new COM("Chilkat.HttpResponse");
$success = $http->HttpReq($url,$req,$resp);
if ($success == 0) {
    print $http->LastErrorText . "\n";
    exit;
}

print 'status code = ' . $resp->StatusCode . "\n";

$json = new COM("Chilkat.JsonObject");
$success = $json->Load($resp->BodyStr);
$json->EmitCompact = 0;
print $json->emit() . "\n";

if ($resp->StatusCode != 200) {
    exit;
}

// Sample successful output:

// status code = 200

// {
//   "stat": "OK",
//   "response": {
//     "txid": "45f7c92b-f45f-4862-8545-e0f58e78075a"
//   }
// }

$txid = $json->stringOf('response.txid');

// Use your own hostname here:
$sbUrl = new COM("Chilkat.StringBuilder");
$sbUrl->Append('https://api-a03782e1.duosecurity.com/auth/v2/auth_status?txid=');
$sbUrl->Append($txid);
$url = $sbUrl->getAsString();

print 'Auth status URL: ' . $url . "\n";

$sbResult = new COM("Chilkat.StringBuilder");

// Wait for a response...
$i = 0;
$maxWaitIterations = 100;
while ($i < $maxWaitIterations) {
    // Wait 3 seconds.
    $http->SleepMs(3000);

    print 'Polling...' . "\n";

    $success = $http->HttpNoBody('GET',$url,$resp);
    if ($success == 0) {
        print $http->LastErrorText . "\n";
        exit;
    }

    if ($resp->StatusCode != 200) {
        print 'error status code = ' . $resp->StatusCode . "\n";
        print $resp->BodyStr . "\n";
        print 'Failed.' . "\n";
        exit;
    }

    // Sample response:

    // 	{
    // 	  "stat": "OK",
    // 	  "response": {
    // 	    "result": "waiting",
    // 	    "status": "pushed",
    // 	    "status_msg": "Pushed a login request to your phone..."
    // 	  }
    // 	}

    $json->Load($resp->BodyStr);

    // The responseResult can be "allow", "deny", or "waiting"
    $sbResult->Clear();
    $json->StringOfSb('response.result',$sbResult);
    $responseStatus = $json->stringOf('response.status');
    $responseStatus_msg = $json->stringOf('response.status_msg');

    print $sbResult->getAsString() . "\n";
    print $responseStatus . "\n";
    print $responseStatus_msg . "\n";
    print '' . "\n";

    if ($sbResult->ContentsEqual('waiting',1) == 1) {
        $i = $i + 1;
    }
    else {
        // Force loop exit..
        $i = $maxWaitIterations;
    }

}

print 'Finished.' . "\n";

?>