ThousandEyes-Transactions

A collection of script examples to be used with ThousandEyes Web Transaction tests

---

Duo auth & preauth Transactions

Executing transactions against the Duo API can provide key insights into the authentication experience of your users, allowing you to proactively detect issues, and quickly verify user reports.

preauth vs auth

The Duo preauth transaction determines whether a user is authorized to log in, and (if so) returns the user's available authentication factors. This transaction exercises various components of the Duo Auth API without requiring a user bypass code.

The Duo auth transaction actually completes an authentication transaction, verifying more of the Duo subsystems than the preauth transaction, but it requires the use of a bypass code.

Prequisites

In order to setup this transaction you should follow the "First Steps" section of the Duo Auth API documentation. You must identify the following details:

• Integration key
• Secret key
• API hostname
• A user to execute the preauth request for.
• A bypass code (auth transaction ONLY)

Configuring the transaction

• Within ThousandEyes, register the secret key, integration key, and bypass code (if using the auth) as separate secrets in the Credential Repository.
• Create a new Web Transaction test.
• Use the Duo Auth API /ping endpoint endpoint for your API hostname as the URL.
• Paste the code snippet from this repo in the Transaction Script field.
• Update the code with your API hostname, username, the name of the integration key, secret key, and bypass code (if auth) credentials.
• Using the key icon above the transaction script window, grant this test access to the relevant credentials.
• Set the remaining test attributes, then Save or verify with Run Once

The ThousandEyes Recorder IDE can also be used to test these transaction locally on your desktop

Resources

• Duo Auth API documentation - Relevant sections: "First Steps", "Endpoints > /preauth", and "Endpoints > /auth"
• Duo Bypass Code documentation

---

Generic OAuth Transaction

ThousandEyes HTTP Server Tests are fairly flexible in the ways that you can configure the transaction, but there are some limitations to the test type. You may want to use a different HTTP method, have a dynamic payload, or specify a nuanced validation criteria. While the HTTP Server test type cannot support this, the Web Transaction test type can!

This example implements a client_credentials grant type OAuth authentication, followed by an API request using the resulting auth token. It enables easy configuration of both the Authentication stage as well as the API request, and provides both HTTP status code and regex based validation.

Prerequisites

You should identify the configuration details of both the authentication and API transaction. As the Web Transaction test also contains an HTTP Server view component, you should also identify an appropriate URL for the HTTP Server configuration. The best option would be a basic 'ping' or health API that functions without authentication and a GET http method.

Configuring the transaction

• Within ThousandEyes, register the client secret in the Credential Repository.
• Create a new Web Transaction test.
• Configure the basic parameters of the test: interval, agents, url.
• Paste the code snippet from this repo in the Transaction Script field.
• Update the configuration and auth objects with the configuration details you previously identified.
  • If no validation is required, remove this key from the configuration object
• Using the key icon above the transaction script window, grant this test access to the relevant credentials.
• Set the remaining test attributes, then Save or verify with Run Once

The ThousandEyes Recorder IDE can also be used to test these transaction locally on your desktop