duosecurity / duo_client_java Goto Github PK
View Code? Open in Web Editor NEWLicense: Other
License: Other
Hi, using the cli without changes I'm seeing an invalid signature error with nfr or prod keys. This was working with our production keys at one point (prior to the okhttp change). I opened a support case a few days ago and am still waiting for a response.
java -jar duo-example-admin-0.4.1-SNAPSHOT-jar-with-dependencies.jar -host XXXXXXXXXXXXXXX.duosecurity.com -ikey XXXXXXXXXXXXXXXXXXXXXXXXX -skey XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Duo Admin Demo
error making request
java.lang.Exception: Duo error code (40103): Invalid signature in request credentials
I've used the python client successfully, but the java client seems to not work. Tried in code as well as the given example, both give invalid ikey error.
$ java -jar duo-example-admin-0.2-jar-with-dependencies.jar -host "api-.duosecurity.com" -ikey "DI......." -skey "8n............................"
Duo Admin Demo
error making request
java.lang.Exception: Duo error code (40102): Invalid integration key in request credentials
Done with Admin API demo.
$ java -version
java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)
In com.duosecurity.client.Http, there's a static instance of SimpleDateFormat, RFC_2822_DATE_FORMAT, that is used in method signRequest. SimpleDateFormat is not thread safe, and therefore this usage can cause serious issues when used in a multi-threaded app (like a j2ee web app). For example, see http://www.codefutures.com/weblog/andygrove/2007/10/simpledateformat-and-thread-safety.html
Hi,
It looks like latest release is v0.2.2 but the version within pom.xml for the duo-client is still v0.2.1. When I build from the source the .jar I maven creates is versioned with v0.2.1. Is this expected?
duo_client_java/duo-client/pom.xml
Line 7 in 44204bd
Thanks.
Version 0.3.0 isn't tagged, and the version in your master branch is 0.3.0, which is clearly shouldn't be as there have been changes to it since the version number was changed. It should be 0.3.1-SNAPSHOT indicating that it isn't released code. Using mvn release:prepare and mvn release:perform on the repo will do all of the pom version changing and tagging instead of having to do it manual like you did for #9.
Using the java client, I can hit the URI to retrieve the JSON object of all my users (/admin/v1/users). I then add the one line of code request.addParam("username","XXX1234")
to add a specific user so I only get back their details. When doing this, i get java.lang.Exception: Duo error code (40103): Invalid signature in request credentials.
According to the API documentation (retrieve-users), to retrieve specific users you need to specify the params like this:
usernames=cjones&usernames=mwong
On my request I've done something like this:
request.addParam("usernames", "cjones");
request.addParam("usernames", "mwong");
As a response I'm getting information about only one user. I believe the problem is that the addParam
method is adding fields to a TreeMap:
private SortedMap<String, Object> params = new TreeMap<String, Object>();
Since we can't have duplicate keys, we can't search for multiple users. I've also noticed that you can set a List as value on the addParam
method. Something like this:
request.addParam("username", Arrays.asList("cjones", "mwong"));
But that's also not working, the raw response is:
{"stat":"OK","response":[]}
I am having issues with the Authentication Logs API (/admin/v1/logs/authentication
).
It seems there is an (as far as I can tell) undocumented limit on it.
I use the SDK as follows:
import com.duosecurity.client.Http
val user = "api-xxxxx.duosecurity.com"
val integrationKey = "MYTOKEN"
val secret = "MYSECRET"
val http = new Http("GET", user, "/admin/v1/logs/authentication")
http.addParam("minTime", "0")
http.signRequest(integrationKey, secret)
val response = http.executeRequest
If I run this faster than once every 30s the API returns me
java.lang.Exception: Duo error code (42901): Too Many Requests
com.duosecurity.client.Http.executeRequest(Http.java:62)
a) Where can I find how many is "too many" requests?
b) Should the SDK not at least retry?
c) How come /admin/v1/logs/administrator
does not have this limitation?
Thank you!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.