Is there an API call I can make to confirm if the username for a particular set of Client ID and Client Secret is currently Duo-authenticated (authentication not expired)? Taken from the C# example project, the RedirectPermanent(promptUri) call actually takes the user to the prompt page of the duo api site. Is there a call that I can make just to make sure that the username is already duo-authenticated and I don't need to make the RedirectPermanent(promptUri) call again?
By design you have to send the user back to the Duo service to verify not just that they have a valid remembered device authentication session, but also to complete the device access and security posture checks required by the effective Duo policy for that application and user. Like, they may have a valid authentication session, but their Duo admin may have changed the minimum OS patch version required to access anything, and sending the user back to Duo performs that check and blocks the user from access until they update their OS.