Sample code for 30+ languages & platforms
Xojo Plugin

Duo Auth API - Async Auth

See more Duo Auth MFA Examples

If you enable async, then your application will be able to retrieve real-time status updates from the authentication process, rather than receiving no information until the process is complete.

Chilkat Xojo Plugin Downloads

Xojo Plugin
Dim success As Boolean
success = False

// This example assumes the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

Dim integrationKey As String
integrationKey = "DIMS3V5QDVG9J9ABRXC4"
Dim secretKey As String
secretKey = "HWVQ46nubLBxhnRlKddTltWIi3hL0fIQF2qTvLab"

Dim http As New Chilkat.Http

http.Accept = "application/json"

// Use your own hostname here:
Dim url As String
url = "https://api-a03782e1.duosecurity.com/auth/v2/auth"

// This example requires Chilkat v9.5.0.89 or greater because Chilkat will automatically
// generate and send the HMAC signature for the requires based on the integration key and secret key.
http.Login = integrationKey
http.Password = secretKey

Dim req As New Chilkat.HttpRequest
req.AddParam "username","matt"
req.AddParam "factor","push"
// The device ID can be obtained from the preauth response.  See Duo Preauth Example
req.AddParam "device","DP6GYVTQ5NK82BMR851F"
// Add the async param to get an immediate response, then periodically check for updates to find out when the MFA authentication completes for fails.
req.AddParam "async","1"

req.HttpVerb = "POST"
req.ContentType = "application/x-www-form-urlencoded"

Dim resp As New Chilkat.HttpResponse
success = http.HttpReq(url,req,resp)
If (success = False) Then
    System.DebugLog(http.LastErrorText)
    Return
End If

System.DebugLog("status code = " + Str(resp.StatusCode))

Dim json As New Chilkat.JsonObject
success = json.Load(resp.BodyStr)
json.EmitCompact = False
System.DebugLog(json.Emit())

If (resp.StatusCode <> 200) Then
    Return
End If

// Sample successful output:

// status code = 200

// {
//   "stat": "OK",
//   "response": {
//     "txid": "45f7c92b-f45f-4862-8545-e0f58e78075a"
//   }
// }

Dim txid As String
txid = json.StringOf("response.txid")

// Use your own hostname here:
Dim sbUrl As New Chilkat.StringBuilder
success = sbUrl.Append("https://api-a03782e1.duosecurity.com/auth/v2/auth_status?txid=")
success = sbUrl.Append(txid)
Dim url As String
url = sbUrl.GetAsString()

System.DebugLog("Auth status URL: " + url)

Dim sbResult As New Chilkat.StringBuilder
Dim responseStatus As String
Dim responseStatus_msg As String

// Wait for a response...
Dim i As Int32
i = 0
Dim maxWaitIterations As Int32
maxWaitIterations = 100
While i < maxWaitIterations
    // Wait 3 seconds.
    http.SleepMs 3000

    System.DebugLog("Polling...")

    success = http.HttpNoBody("GET",url,resp)
    If (success = False) Then
        System.DebugLog(http.LastErrorText)
        Return
    End If

    If (resp.StatusCode <> 200) Then
        System.DebugLog("error status code = " + Str(resp.StatusCode))
        System.DebugLog(resp.BodyStr)
        System.DebugLog("Failed.")
        Return
    End If

    // Sample response:

    // 	{
    // 	  "stat": "OK",
    // 	  "response": {
    // 	    "result": "waiting",
    // 	    "status": "pushed",
    // 	    "status_msg": "Pushed a login request to your phone..."
    // 	  }
    // 	}

    success = json.Load(resp.BodyStr)

    // The responseResult can be "allow", "deny", or "waiting"
    sbResult.Clear 
    success = json.StringOfSb("response.result",sbResult)
    responseStatus = json.StringOf("response.status")
    responseStatus_msg = json.StringOf("response.status_msg")

    System.DebugLog(sbResult.GetAsString())
    System.DebugLog(responseStatus)
    System.DebugLog(responseStatus_msg)
    System.DebugLog("")

    If (sbResult.ContentsEqual("waiting",True) = True) Then
        i = i + 1
    Else
        // Force loop exit..
        i = maxWaitIterations
    End If

Wend

System.DebugLog("Finished.")