duoweb
=====

An OTP library implementing the client side for Duo Security's web
based 2FA.  Two functions are exported, `sign_request/4` and
`verify_response/4`.  The latter returns an empty list on failure.

Ported this directly from [duosecurity/duo_perl](https://github.com/duosecurity/duo_perl); thanks to the original author(s).

Brief Nitrogen Example
-------

``` erlang
-module(duo).
-include_lib("nitrogen_core/include/wf.hrl").
-export([ main/0, iframe/0 ]).

main() -> 
  case wf:request_method() of
    get -> #template{ file="duo-tf.html" };
    post -> verify_response()
  end.

iframe() -> 
  Request = duoweb:sign_request(ikey(), skey(), akey(),
                                wf:session(authenticated_username)),
  Data = [{"host", api_hostname()}, {"sig-request", Request}],
  #iframe{ data_fields=Data, html_id="duo_iframe"}.

verify_response() -> 
  case duoweb:verify_response(ikey(), skey(), akey(), wf:q(sig_response) of
    [] -> 
      wf:clear_session(),
      wf:redirect("invalid_login");
    Username -> 
      wf:user(Username),
      wf:redirect("valid_login")
  end.
  
ikey() -> "xxx...",
skey() -> "yyy...",
akey() -> "zzz...",
api_hostname() -> "xyzzy.example.com"

```