Skip to content

duosecurity/duo_hmac_debugger

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
modules
modules
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CLAUDE.md
CLAUDE.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
app-utils.js
app-utils.js
 
 
favicon.ico
favicon.ico
 
 
index.html
index.html
 
 
logic.js
logic.js
 
 
style.css
style.css
 
 

Repository files navigation

Duo HMAC Debugger

A browser-based debugging tool for testing and validating Duo Security's HMAC-based API authentication. This tool helps developers verify their HMAC signature implementations by displaying each step of the canonicalization and signing process.

Overview

The Duo HMAC Debugger is a single-page web application that:

  • Shows intermediate canonicalization steps for parameters, body, and headers
  • Computes HMAC-SHA512 signatures for Duo API requests
  • Helps debug authentication issues by comparing expected vs. actual values
  • Runs entirely client-side with no external dependencies

Requirements

  • Modern web browser with JavaScript enabled
  • No build tools or package managers required

Usage

The application uses ES6 modules which require serving files over HTTP. Start a local web server in the project directory:

# Using Python 3
python3 -m http.server 8000

# Or using Python 2
python -m SimpleHTTPServer 8000

# Or using Node.js
npx serve

Then open http://localhost:8000 in your browser.

Note: The local web server is only needed for development. When deployed to GitHub Pages or any web server, the app works without any additional setup.

Features

  • Step-by-step debugging: View canonicalized parameters, body hash, headers hash, and canonical string
  • Random value generation: Generate sample API requests with realistic test data
  • Interactive tooltips: Explanations for each result field

Testing

Run the test suite using Node.js:

node tests/logic.test.js

Tests validate the signing logic against known fixtures from the duo_hmac_python reference implementation.

Architecture

The application uses ES6 modules with clear separation of concerns:

  • logic.js - Shared HMAC signing and canonicalization logic (browser + Node.js compatible)
  • app-utils.js - Pure utility functions (date formatting, random generation, JSON parsing)
  • modules/ - ES6 modules for UI components (form controller, parameter/header rows, results display, tooltips, random generation)
  • index.html - Single-page interface with form inputs and results display

See CLAUDE.md for detailed architecture documentation.

Security Notes

  • This tool includes a hard-coded demo SKEY for testing purposes
  • Do not use production credentials in the web interface
  • All computation happens client-side; no data is transmitted

Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Run tests: node tests/logic.test.js
  5. Submit a pull request

License

See the LICENSE file for details.

Support

For questions about Duo's APIs, visit the Duo Security documentation.

About

This is a tool to assist anyone implementing the Duo API HMAC-based signing scheme

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages