duo_client_python icon indicating copy to clipboard operation
duo_client_python copied to clipboard
verified publisher icon duosecurity

Querying Authlog with a maxtime of > now-2 minutes may lead to inconsistent behavior

Open csanders-git opened this issue 4 years ago • 1 comments

Documentation says

There is an intentional two minute delay in availability of new authentications in the API response. Duo operates a large scale distributed system, and this two minute buffer period ensures that calls will return consistent results. Querying for results more recent than two minutes will return as empty.

However, maxtime is set by default to now. (see https://github.com/duosecurity/duo_client_python/blob/7c5b1158448281c181e7a181859963e9945d4a88/duo_client/admin.py#L448). Given this, it is quite possible that depending on refresh intervals the user will receive an empty list, when in fact results would be expected.

PR will appear as follows:

        # Querying for results more recent than two minutes will return as empty.
        if 'maxtime' not in params:
            params['maxtime'] = int(time.time() - 120) * 1000

csanders-git avatar Dec 17 '21 23:12 csanders-git

@csanders-git Duo is looking to improve our developer experience, if you are interested in providing us with feedback, please see the below

Duo is looking to learn how to significantly improve the developer experience and what tools, resources, and technology (eg: sandboxes, new sdks, etc.) would best-enable customers to work faster and build things more easily with Duo's developer ecosystem. If your org is a Duo customer, and you have done development work (ex; authentication integrations, creation of a homegrown admin tool, log consumption for SIEMS, etc) with Duo's developer tools/resources in the past year, we would love to speak with you about your experience, what tools/resources you used, and your pain points. This will be a 60-minute session during which you’ll have the opportunity to discuss your honest thoughts and feedback with Duo researchers. No preparation is necessary, and please know that this is not a sales call or product demo. If you’re interested in participating, please email [email protected] to start the scheduling process.

Once the 60-minute session is complete, you will receive a token of appreciation in the form of a $75 e-gift card through Tremendous (options for Amazon or select retailers).

Please let me know if you have any questions! Thanks!

AaronAtDuo avatar Sep 27 '23 14:09 AaronAtDuo