From 98c40a4dfeee54596aa5f5130364f88b8ebdeb90 Mon Sep 17 00:00:00 2001
From: Nick Irvine <nick@segment.com>
Date: Wed, 22 Jul 2020 17:09:28 -0700
Subject: [PATCH] fix: add dual duo sid API support (#294)

---
 lib/duo.go | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/duo.go b/lib/duo.go
index 9b18d201..a6760a29 100644
--- a/lib/duo.go
+++ b/lib/duo.go
@@ -463,7 +463,14 @@ func (d *DuoClient) DoStatus(txid, sid string) (auth string, status StatusResp,
 
 	if status.Response.Result == "SUCCESS" {
 		if status.Response.ResultURL != "" {
-			auth, err = d.DoRedirect(status.Response.ResultURL, status.Response.SessionID)
+			// DUO appears to waver on whether a session ID should come back
+			// in the response here, if it does, it should be used in the redirect
+			// before calling the Okta callback.
+			if status.Response.SessionID != "" {
+				sid = status.Response.SessionID
+			}
+			log.Debugf("Redirecting: %s; sid: %s", status.Response.ResultURL, sid)
+			auth, err = d.DoRedirect(status.Response.ResultURL, sid)
 		} else {
 			auth = status.Response.Cookie
 		}