Duo Universal Node.js library

Duo Web v4 SDK - Duo Universal Prompt implementation for Node.js

• follows Duo Web v4 SDK implementation
• largely based on Duo Web v4 SDKs for other languages

⚠️ IMPORTANT ⚠️

This package is no longer maintained. Duo team has taken over the code and from now on will be maintaining official implementation of Duo Universal prompt.

New Duo Universal Node.js repository is https://github.com/duosecurity/duo_universal_nodejs.

Upgrade is a drop-in replacement.

1. Replace package

npm remove duo_universal

npm install @duosecurity/duo_universal

2. Change import statements

// from
import { Client } from 'duo_universal';

// to
import { Client } from '@duosecurity/duo_universal';

Installation

npm install duo_universal

Usage

Read official Duo Web v4 SDK - Duo Universal Prompt docs (https://duo.com/docs/duoweb) to get familiar with the implementation details.

1. Import client

import { Client } from 'duo_universal';

2. Create client

Creates new client instance. Provide your Duo Security application credentials and host URL. Include redirect URL to make a way back to your application.

const client = new Client({
    clientId: 'yourDuoApplicationClientId',
    clientSecret: 'yourDuoApplicationSecret',
    apiHost: 'api-12345678.duosecurity.com',
    redirectUrl: 'http://localhost:3000/redirect',
});

3. Heath check

Determines if Duo’s servers are accessible and available to accept the 2FA request.

const status = await client.healthCheck();

4. Generate state

Generates new state (random string) to link the with authentication attempt. Store appropriately, so you can retrieve/compare on callback.

const state = client.generateState();

5. Create authentication URL

Creates authentication URL to redirect user to Duo Security Universal prompt. Provide user identifier and state generated in previous step.

const authUrl = client.createAuthUrl('username', 'state');

6. Token & code exchange

Exchanges received duo code from callback redirect for token result.

const token = await client.exchangeAuthorizationCodeFor2FAResult('duoCode', 'username');

Example

Complete example of implementation can be found in example folder. It's a simple express-based application. Please follow the README instructions in example folder to spin it up.

Contribute

Fork the repository

Install dependencies

npm install

Make your proposed changes. Add tests if applicable, lint the code. Submit a pull request.

Tests

npm test

Lint

npm lint