Net::Duo - API for Duo multifactor authentication service
my $duo = Net::Duo->new({ key_file => '/path/to/keys.json' }); my $reply = $duo->call_json('GET', '/auth/v2/check');
Perl 5.14 or later and the modules HTTP::Request and HTTP::Response (part of HTTP::Message), JSON, LWP (also known as libwww-perl), Perl6::Slurp, and URI::Escape (part of URI), all of which are available from CPAN.
Net::Duo provides an object-oriented Perl interface for generic calls to one of the the Duo Security REST APIs. This module is intended primarily for use as a base class for more specialized Perl modules implementing the specific Duo APIs, but it can also be used directly to make generic API calls.
On failure, all methods throw a Net::Duo::Exception object. This can be interpolated into a string for a simple error message, or inspected with method calls for more details. This is also true of all methods in all objects in the Net::Duo namespace.
Create a new Net::Duo object. This should be used for all subsequent API calls. ARGS should be a hash reference with one or more of the following keys:
The API hostname returned by Duo when the API integration was created.
This key is required if key_file is not set.
key_file
The integration key returned by Duo when the API integration was created. This is effectively the public "username" for this integration.
The path to a file in JSON format that contains the key and hostname data for a Duo integration. This file should contain one JSON object with keys integration_key, secret_key, and api_hostname. These are the three data values that are returned when one creates a new Duo API integration.
integration_key
secret_key
api_hostname
Be aware that the secret_key value in this file is security-sensitive information equivalent to a password. Anyone in possession of that key has complete control of all data and actions to which the integration has access.
Either this key or all of integration_key, secret_key, and api_hostname must be provided. If both this key and some of those keys are provided, their values will override the values retrieved from the key_file file.
The secret key returned by Duo when the API integration was created. This is security-sensitive information equivalent to a password. Anyone in possession of that key has complete control of all data and actions to which the integration has access. Do not hard-code this into programs; instead, read it from a file with appropriate permissions or retrieve it via some other secure mechanism.
The user agent to use for all requests. This should be a Perl object that supports the same API as LWP::UserAgent.
Normally, the caller will not provide this key, in which case Net::Duo will create an LWP::UserAgent object internally to use to make Duo API calls. This argument is provided primarily so that the user agent can be overridden for unit testing.
Make a generic Duo API call, with no assumptions about the response.
This is a low-level escape hatch to make any Duo API call that this module does not know about, regardless of what format in which it returns its results. The caller will have to provide all of the details (HTTP method, URL path, and all arguments as a reference to a hash of key/value pairs). The URL path must start with a slash.
The return value is the resulting HTTP::Response object from the web API call. No error checking will be performed. The caller is responsible for examining the HTTP::Response object for any problems, including internal or HTTP errors.
Most Duo API calls return structured JSON and follow a standard pattern for indicating errors. For those calls, use call_json() instead of this method. call() is needed only for the small handful of API calls that do not return JSON in that format, such as the Auth API /logo endpoint.
/logo
Make a generic Duo API call that returns a JSON response.
This is the escape hatch to use to make any Duo API call that this module does not know about. The caller will have to provide all of the details (HTTP method, URL path, and all arguments as a reference to a hash of key/value pairs). The URL path must start with a slash.
The return value will be only the value of the response key from the returned JSON. This method still handles checking the stat value from Duo and throwing a Net::Duo::Exception object on call failure.
stat
This method cannot be used with the small handful of API calls that do not return JSON, such as the Auth API /logo endpoint.
The same as call_json(), except for endpoints that require pagination. This will make repeated calls to call_json() with increasing offsets until it has retrieved all of the objects, and then return them all as a single response. It always uses a limit setting of 500.
limit
Russ Allbery <rra@cpan.org>
Copyright 2014 The Board of Trustees of the Leland Stanford Junior University
Copyright 2019 Russ Allbery <rra@cpan.org>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Duo Auth API
Duo Admin API
This module is part of the Net::Duo distribution. The current version of Net::Duo is available from CPAN, or directly from its web site at https://www.eyrie.org/~eagle/software/net-duo/.
To install Net::Duo, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Net::Duo
CPAN shell
perl -MCPAN -e shell install Net::Duo
For more information on module installation, please visit the detailed CPAN module installation guide.