Duo: no library to generate passcodes
shahidmuzaffar98 opened this issue · 4 comments
Hi,
I'm trying to automate 2FA using duo, but seems like there is no method to generate a passcode from the skey or anything. I don't want to rely on the part where I have to check passcode on phone. Any solution?
@shahidmuzaffar98 It would be unusual for the API client to generate passcodes - usually those are generated by Duo, and the user enters them at some kind of prompt. Can you elaborate a bit on what your use case is?
The closest thing I can think of is using the Admin API to assign bypass codes to a user (https://duo.com/docs/adminapi#create-bypass-codes-for-user) but even then, the client is not creating the codes, just assigning them; and the user still has to enter then when prompted.
@AaronAtDuo The use case is similar to pyotp generating a TOTP, if we look at how pyotp library works, we can generate a totp using the secret key for that. I was thinking maybe we have something like that for DUO. But it seems like we dob't have it.
I am aware about the Amin API (https://duo.com/docs/adminapi#create-bypass-codes-for-user) which creates bypass codes for a user and returns them. But aren't bypass codes different than passcodes?
@shahidmuzaffar98 Ok, I understand; and yes, that's not functionality this client would provide. It is intended only as a convenient way to call existing Duo API methods. Other authentication utilities like passcode generation are outside the scope of the library.
(Yes, bypass codes are different from passcodes, and are not suitable for your use case.)
Thanks for the question and thanks for using Duo!
@AaronAtDuo Yeah that's what I intended. Anyways thanks for helping me out.