I think this one (c130fc8) breaks the login flow, although the issue is not with node.js implementation. From this point it starts to verify the username in incoming token payload.

But if you have two or more usernames / aliases defined in admin section, different username is returned.

E.g. user logs in with username1, which is stored for verification, user goes through prompt successfully. Second exchange then returns payload with token signed with subject having username2 -> which then mismatch and rejected.

May I know how to modify the script that support DUO Authentication Proxy?

For example the DUO Authentication Proxy IP: 10.0.0.1 with port 8080

Thanks!

I was installing the universal client in a repository, and I got this runtime error as I was starting the node app:

Error: ENOENT: no such file or directory, open 'package.json'
    at Object.openSync (node:fs:585:3)
    at Object.readFileSync (node:fs:453:35)
    at Object.<anonymous> (<path_to_my_project>/node_modules/@duosecurity/duo_universal/dist/constants.js:12:37)

It seems in the constants.ts file, the code is attempting to read the package.json of the library (?) in order to craft a UserAgent header with the library's current version in it.
However, the only reason that this is working in your demo project is because the built constants.js file in example/node_modules is reading example/package.json, not package.json. You can see this by adding

const { Client, constants } = require('@duosecurity/duo_universal');

const startApp = async () => {
  // Express
  const app = express();

  console.log(constants.USER_AGENT)

to index.js of the example app, update the example app's version in example/package.json, and see that it logs the user agent with the demo apps version. For our webpack-based node project, this fails to work entirely.

As for a solution, I have two thoughts, and I'm happy to help implement either, or a third that the Duo team prefers:

• Have some pre-build script which reads package.json and generates a ts/js constants file which can be read from at runtime.
• Maintain a separate variable in constants.ts tracking the version and have a unit test which reads package.json and fails if they aren't compatible

When attempting to instantiate a Client object in a Vite/Vue3 app, the error Uncaught TypeError: util.inherits is not a function is thrown.

Environment

• Node 18.16

Steps to Reproduce

1. Create a new Vite/Vue3 app, install dependencies, and launch app

npm create vite@latest duo-vite-test -- --template vue
cd duo-vite-test
npm install
npm install @duosecurity/duo_universal
npm run dev

2. Instantiate Client in App.vue <script setup> block

import { Client } from '@duosecurity/duo_universal'

const client = new Client({
  clientId: 'theclientid',
  clientSecret: 'theclientsecret',
  apiHost: 'theapihost',
  redirectUrl: 'http://localhost:5173',
})

3. When the app reloads, the following error is thrown:

Uncaught TypeError: util.inherits is not a function
    at node_modules/jws/lib/data-stream.js (data-stream.js:39:6)
    at __require (chunk-OL3AADLO.js?v=606a3168:9:50)
    at node_modules/jws/lib/sign-stream.js (sign-stream.js:3:18)
    at __require (chunk-OL3AADLO.js?v=606a3168:9:50)
    at node_modules/jws/index.js (index.js:2:18)
    at __require (chunk-OL3AADLO.js?v=606a3168:9:50)
    at node_modules/jsonwebtoken/decode.js (decode.js:1:11)
    at __require (chunk-OL3AADLO.js?v=606a3168:9:50)
    at node_modules/jsonwebtoken/verify.js (verify.js:4:16)
    at __require (chunk-OL3AADLO.js?v=606a3168:9:50)
triggerError @ vue-router.mjs:3451
(anonymous) @ vue-router.mjs:3173
Promise.catch (async)
pushWithRedirect @ vue-router.mjs:3167
push @ vue-router.mjs:3099
install @ vue-router.mjs:3530
use @ runtime-core.esm-bundler.js:4381
start @ client-entry.js?t=1686682252177:120
await in start (async)
(anonymous) @ client-entry.js?t=1686682252177:165
Promise.then (async)
(anonymous) @ client-entry.js?t=1686682252177:163
Promise.then (async)
(anonymous) @ client-entry.js?t=1686682252177:139