cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4602
Views
0
Helpful
5
Replies

Timeout on Duo auth API

Todd_Haddaway
Level 1
Level 1

I’m creating a “send duo push” function for our helpdesk to help with identity proofing customers over the phone (I know there is now one in the console, but thats a different story). When I call the auth API there seems to be a 10 second timeout. I would like to adjust this timeout to something more reasonable, like 30 seconds. How can I do that? I don’t see that documented, but you would think it would be a basic feature.

Thanks!

Todd

5 Replies 5

DuoKristina
Cisco Employee
Cisco Employee

If your intent is to give the user more time to approve the authentication request, try using the async parameter, and then poll /auth_status for completion.

Duo, not DUO.

I have tried that and am getting different results than I expected. My expected behavior is that I call the auth endpoint (with async) - that sends the push out. Afterwards I can call the auth_status periodically and will get “waiting” returned until such time as the user either approves or denies. Given the code below, I am still getting a timeout. See code and results below:

code

    $authConnection = getAuthConnection();
    $factorParams = array("device"=>"auto","type"=>"UMBC TSC",null,"pushinfo"=>"from=UMBC%20Technology%20Support%20Center&Purpose=Identity%20Validation");

         print "*** Sending Push: " . date('Y-m-d H:i:s') . "\n";
		$PushResult = sendAsyncPush($authConnection);		
		print_r($PushResult);
		$txid = $PushResult["response"]["response"]["txid"];
		
        print "*** Calling auth_status 1 of 2 " . date('Y-m-d H:i:s') . "\n";
		$PushResult = $authConnection->auth_status($txid);
		print_r($PushResult);

        print "*** Calling auth_status 2 of 2 " . date('Y-m-d H:i:s') . "\n";
		$PushResult = $authConnection->auth_status($txid);
		print_r($PushResult);

        print "*** done " . date('Y-m-d H:i:s') . "\n";

Executing this gives the following results:

    
*** Sending Push: 2018-10-26 11:00:59
Array
(
    [response] => Array
        (
            [response] => Array
                (
                    [txid] => 12345-12345-12345-12345-12345
                )

            [stat] => OK
        )

    [success] => 1
    [http_status_code] => 200
)
*** Calling auth_status 1 of 2 2018-10-26 11:01:00
Array
(
    [response] => Array
        (
            [response] => Array
                (
                    [result] => waiting
                    [status] => pushed
                    [status_msg] => Pushed a login request to your device...
                )

            [stat] => OK
        )

    [success] => 1
    [http_status_code] => 200
)
*** Calling auth_status 2 of 2 2018-10-26 11:01:00
Array
(
    [response] => Array
        (
            [stat] => FAIL
            [code] => 28
            [message] => Operation timed out after 10001 milliseconds with 0 out of -1 bytes received
        )

    [success] =>
    [http_status_code] =>
)
*** done 2018-10-26 11:01:10```

Any solution for this problem (after two years)?
I’m facing the exact same problem and see a couple of similar threads, but none with an actual answer.

And please note: “no” is also an answer, but leaving things open like this is pretty frustrating, specially when more people are having the same issue.

I’m using Delphi with Indy btw, but the results are exactly the same as above (and other) threads.

Thanks,

Peter

colin_medfisch
Cisco Employee
Cisco Employee

Hey @QuickFix,

I think there might be a misunderstanding with how the /auth_status endpoint is used.

When a Duo Push is initiated via the /auth endpoint and the async parameter, we will immediately send a ‘pushed/waiting’ status, which can be pulled via /auth_status right away. The status is not updated again for a particular authentication attempted until it is either answered with an approve/deny or it times out.

One recommendation is to make sure that your application has a 60-second timeout configured, as this is the defined timeout for a Duo Push. You could then use /auth_status once during the transaction to check if the request is still waiting or if the user has actioned it.

Thanks!
Colin

QuickFix
Level 1
Level 1

Thanks for your answer @cmedfischduo,

The problem with normal (single threaded) applications is that waiting on a (any) reply will stall the entire application.
I fixed my problem by putting all DUO requests into separate threads, which will keep the application responsive and can be killed in the event a user wants to cancel authenticating.

Thanks again for your reply,

Peter

Quick Links