« Locking down with Duo

November 23, 2015 • ☕️ 1 min read

SecurityTechWeb Development

At Highrise we’ve been really busy improving our CRM product. Usually our focus is directly on additions or tweaks for our customers. Currently, though, we’re also working on streamlining internally — in this case the net effect being a better, swifter support experience. Before we can add heavier admin functionality for our back-office, we need to ensure that it’s very locked down, so one of the things we’ve added internally is 2-Factor Authentication.

To avoid reinventing the wheel we decided to use a service to fill in some of the gaps. We chose Duo, which removes most compatibility concerns since it’s a fairly flexible API that does the hard work for us. Duo has a suite of APIs available to make the addition of 2-Factor Authentication secure and simple. They even have Ruby libraries. Those libraries are just repositories, though, and not registered as gems. There’s also a Third-Party library that is a gem that covers only one aspect of their API (the Web Flow). These options mean: deal with the libraries as non-gems (copy, or manage in non-traditional fashion) or use a gem that covers only one API topic. We opted to build out a full solution into a single gem, test it and Open Source it.

Thus, I give you duo-api. Duo-API is a dependency-less gem that works on Ruby all the way back to REE/1.8.7 and all the way up to latest. It provides the ability to sign and verify requests for the Duo Web Flow as well as connect to any of their APIs.

With this addition and some of the code presented in our Example we can now build out some of the more complex and sensitive admin functionality with peace of mind.

Pull Requests welcome!


I build software for Highrise — a more delightful CRM. Check us out!

By the way if you haven’t read about our awesome Support staff, check out Chris Gallo’s Advice From The Future.

If you’re curious about more bite-sized commentary from me, I’m sometimes chatty on Twitter.