Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@duosecurity/duo_universal
Advanced tools
Readme
This library allows a web developer to quickly add Duo's interactive, self-service, two-factor authentication to any Node.js web login form.
See our developer documentation at https://www.duosecurity.com/docs/duoweb for guidance on integrating Duo 2FA into your web application.
Duo especially thanks Lukas Hroch for creating the initial version of this library.
This library requires Node.js v14 or later.
To use this client in your existing developing environment, install it from NPM
npm install @duosecurity/duo_universal
Once it's installed, see our developer documentation at https://duo.com/docs/duoweb and the example
folder in this repo for guidance on integrating Duo 2FA into your web application.
Duo_universal_nodejs uses the Node tls library and OpenSSL for TLS operations. All versions of Node receiving security support (14 and higher) use OpenSSL 1.1.1 which supports TLS 1.2 and 1.3.
import { Client } from '@duosecurity/duo_universal';
Creates new client instance. Provide your Duo Security application credentials and host URL. Include redirect URL to make a way back to your application.
const client = new Client({
clientId: 'yourDuoApplicationClientId',
clientSecret: 'yourDuoApplicationSecret',
apiHost: 'api-12345678.duosecurity.com',
redirectUrl: 'http://localhost:3000/redirect',
});
Determines if Duo’s servers are accessible and available to accept the 2FA request.
const status = await client.healthCheck();
Generates new state (random string) to link the with authentication attempt. Store appropriately, so you can retrieve/compare on callback.
const state = client.generateState();
Creates authentication URL to redirect user to Duo Security Universal prompt. Provide user identifier and state generated in previous step.
const authUrl = client.createAuthUrl('username', 'state');
Exchanges received duo code
from callback redirect for token result.
const token = await client.exchangeAuthorizationCodeFor2FAResult('duoCode', 'username');
A complete implementation example can be found in example/
.
It's a simple express-based application.
Please follow the example/README.md
to spin it up.
Fork the repository
Install dependencies
npm install
Make your proposed changes. Add tests if applicable, lint the code. Submit a pull request.
npm run test
npm run lint
FAQs
Node.js implementation of the Duo Universal SDK.
The npm package @duosecurity/duo_universal receives a total of 20,622 weekly downloads. As such, @duosecurity/duo_universal popularity was classified as popular.
We found that @duosecurity/duo_universal demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.