Admin API Token Question

ROHIT_Pawar — Thu, 04 Aug 2022 12:33:02 GMT

[/admin/v1/users/[user_id]/tokens ] hello i have to check that the token is malicious or not .

so i am thinking to use this [/admin/v1/users/[user_id]/tokens ] and get token again and compare and validate it is right thing i am doing or anyother way exists /or what i am doing is needed or not (for malicious token it is checking internally )
my code :-

        String newState = request.getParameter("state");
        //if newState(coming from server) is not in the stateMap then that means session is expired ("message", "Session Expired")so return error.
        if (!stateMap.containsKey(newState)) {
            Debug.log("state is expired so go for DuoAuth again",Module);
            return "error";
        }
        String username = stateMap.remove(newState);
        //Exchange the auth duoCode for a Token object
        Token token = null;
        try {
            token = duoClient.exchangeAuthorizationCodeFor2FAResult(duoCode, username);
        } catch (DuoException e) {
            Debug.logError(e, Module);
            return "error";
        }
        Debug.logInfo ("generated token" + token, Module);
        // If the auth was successful, render the welcome page otherwise return an error
        if (DuoUtilHelper.authWasSuccessful(token)) {
            storedToken = token;
            return "success";
        } else {
            return "error";
        }```
i have a token received from exchangeAuthorizationCodeFor2FAResult(duoCode, username) i have to check that it is an valid token or it is malicious  token

Re: Admin API Token Question

TabBerger — Fri, 05 Aug 2022 18:07:32 GMT

Hi there @ROHIT_Pawar ! I noticed your question on one of our old Release Notes threads. I’ve moved the post over to the API forum so it doesn’t get missed Cheers! -Tab

topic Re: Admin API Token Question in APIs

Admin API Token Question

Re: Admin API Token Question