Difference between app_secret_key and secret_key for Django-Auth-App

Question

For the python django package, django-duo-auth, the README shows the proper DUO CONFIG to be like so in settings.py:

    DUO_CONFIG = {
    'DEFAULT': {
        'HOST': '<api-host-url>',
        'IKEY': '<integration_key>',
        'AKEY': '<app_secret_key>',
        'SKEY': '<secret_key>',
        'FIRST_STAGE_BACKENDS': [
            'django.contrib.auth.backends.ModelBackend',
        ]
    }
}

HOST, IKEY, and SKEY make sense as they are attributes found in the Duo AUTH API, but I am confused as to what app_secret_key would mean. Any suggestions?

Answer 1

Not sure if you are still having this issue, but for the sake of anyone running into this same question: The application's secret key is just a string that will be used as part of the request signing process during authentication. In some of Duo's client libraries this gets generated for you automatically on a per-request basis, but duo_web doesn't. You should just generate a random string of at least 40 characters and use that.