Ah, there isn't a good way to check this. When the user _completes_ Duo auth the `auth_context` information in the access token provides details about factor success, but when a user doesn't complete Duo authentication in the Universal Prompt it just sits there to let them try again and doesn't return any info to the authenticating application.

You could specify a timeout for the full Duo auth in your application, and if that timeout is reached without the redirect back happening you can log it as timed out or failed.

https://duo.com/docs/oauthapi#authorization-request

In the event that multi-factor authentication is unsuccessful, we will not redirect the end-user to the specified redirect URI. A failed authentication will appear in the Authentication Log (found in the Admin Panel) associated with the end-user.

After a successful authentication, Duo redirects the user to the redirect URI specified in the redirect_uri field as described below.