DuoCallback through API

Hi there,

hope you are doing well.I want to login with OKTA into the salesforce system of my customer.

Within python I have implemented the OKTA-Rest-API.

My python code (missing some first lines with passwords and stuff…)

auth_url = ‘https://appdynamics.okta.com/api/v1/authn

#Authorize against okta
response = post(auth_url, dataList, headerList)
dataList[‘stateToken’] = response[‘stateToken’]
dataList[‘id’] = response[‘_embedded’][‘factors’][0][‘id’]
verify_url = response[‘_embedded’][‘factors’][0][‘_links’][‘verify’][‘href’]

response = post(verify_url, dataList, headerList)
duoCallback_url = response[‘_embedded’][‘factor’][‘_embedded’][‘verification’][‘_links’][‘complete’][‘href’]
signature = response[‘_embedded’][‘factor’][‘_embedded’][‘verification’][‘signature’]
dataList[‘sig_response’] = signature

pp.pprint(dataList)
#Triggers a phone call
response = post(duoCallback_url, dataList, headerList)
pp.pprint(response)

It will produce this output:

called URL: https://MYDOMAIN.okta.com/api/v1/authn
called URL: https://MYDOMAIN.okta.com/api/v1/authn/factors/REALFACTORID/verify
{ ‘id’: ‘some-real-id’,
‘password’: ‘someCorrectPassword’,
‘sig_response’: ‘someRealSigResponse’,
‘stateToken’: ‘someRealToken’,
‘username’: ‘daniel.ross@appdynamics.com’}
called URL: https://MYDOMAIN.okta.com/api/v1/authn/factors/REALFACTORID/lifecycle/duoCallback
{ ‘errorCauses’: ,
‘errorCode’: ‘E0000028’,
‘errorId’: ‘oaeUCPbNM05TKiO7gjaB91SmQ’,
‘errorLink’: ‘E0000028’,
‘errorSummary’: ‘The request is missing a required parameter.’}

I have used chrome dev tools to find the parameters which are nessesary for /duoCallBack. However having sig_response, stateToken and the ID in the request is not working…

Do you have any idea what I am doing wrong? I was expecting to get a call on my phone to confirm - but I didn’t.

Any tips appreciated :slight_smile:

Best,
Daniel

Does anyone has an idea / hint for me? :slight_smile:

Did you ever figure out what the required parameters were for this?

You might want to check out our documentation for /authn, which talks about the iframe you would need to use to complete verification for Duo: Authentication | Okta Developer