From 41e1d9155850581be85d11e4b74088aa022f8381 Mon Sep 17 00:00:00 2001
From: Ike <137194738+ike-kottlowski@users.noreply.github.com>
Date: Tue, 25 Jun 2024 11:09:45 -0700
Subject: [PATCH] [PM-5156] [PM-5216] Duo v2 removal (#9513)

* remove library and update package and webpack

* update 2fa flow and remove feature flag

* update request and response models

* fix merge conflicts
---
 .github/renovate.json                         |   9 +-
 .../src/auth/popup/two-factor.component.html  |  15 +-
 apps/browser/src/auth/scripts/duo.js          | 418 ------------------
 .../src/auth/two-factor.component.html        |  25 +-
 .../auth/settings/two-factor-duo.component.ts |   8 +-
 .../src/app/auth/two-factor.component.html    |  29 +-
 apps/web/src/connectors/duo.html              |  17 -
 apps/web/src/connectors/duo.scss              |  18 -
 apps/web/src/connectors/duo.ts                |  47 --
 apps/web/webpack.config.js                    |   6 -
 .../auth/components/two-factor.component.ts   |  44 +-
 .../request/update-two-factor-duo.request.ts  |   4 +-
 .../response/two-factor-duo.response.ts       |   8 +-
 package-lock.json                             |  13 -
 package.json                                  |   2 -
 15 files changed, 36 insertions(+), 627 deletions(-)
 delete mode 100644 apps/browser/src/auth/scripts/duo.js
 delete mode 100644 apps/web/src/connectors/duo.html
 delete mode 100644 apps/web/src/connectors/duo.scss
 delete mode 100644 apps/web/src/connectors/duo.ts

diff --git a/.github/renovate.json b/.github/renovate.json
index 95fd2dc11e..e202e02667 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -69,14 +69,7 @@
       "reviewers": ["team:team-admin-console-dev"]
     },
     {
-      "matchPackageNames": [
-        "@types/duo_web_sdk",
-        "@types/node-ipc",
-        "duo_web_sdk",
-        "node-ipc",
-        "qrious",
-        "regedit"
-      ],
+      "matchPackageNames": ["@types/node-ipc", "node-ipc", "qrious", "regedit"],
       "description": "Auth owned dependencies",
       "commitMessagePrefix": "[deps] Auth:",
       "reviewers": ["team:team-auth-dev"]
diff --git a/apps/browser/src/auth/popup/two-factor.component.html b/apps/browser/src/auth/popup/two-factor.component.html
index 3047ddfd7e..126b0ea5a9 100644
--- a/apps/browser/src/auth/popup/two-factor.component.html
+++ b/apps/browser/src/auth/popup/two-factor.component.html
@@ -111,7 +111,7 @@
     </ng-container>
     <!-- Duo -->
     <ng-container *ngIf="isDuoProvider">
-      <div *ngIf="duoFrameless" class="tw-my-4">
+      <div class="tw-my-4">
         <p class="tw-mb-0 tw-text-center">
           {{ "duoRequiredForAccount" | i18n }}
         </p>
@@ -127,17 +127,6 @@
         </ng-container>
       </div>
 
-      <ng-container *ngIf="!duoFrameless">
-        <div id="duo-frame">
-          <iframe
-            id="duo_iframe"
-            sandbox="allow-scripts allow-forms allow-same-origin allow-popups allow-popups-to-escape-sandbox"
-          ></iframe>
-        </div>
-
-        <ng-container *ngTemplateOutlet="duoRememberMe"></ng-container>
-      </ng-container>
-
       <ng-template #duoRememberMe>
         <div class="box">
           <div class="box-content">
@@ -158,7 +147,7 @@
     </div>
     <!-- Buttons -->
     <div class="content no-vpad" *ngIf="selectedProviderType != null">
-      <ng-container *ngIf="duoFrameless && isDuoProvider">
+      <ng-container *ngIf="isDuoProvider">
         <button
           *ngIf="inPopout"
           bitButton
diff --git a/apps/browser/src/auth/scripts/duo.js b/apps/browser/src/auth/scripts/duo.js
deleted file mode 100644
index 8b712dcf25..0000000000
--- a/apps/browser/src/auth/scripts/duo.js
+++ /dev/null
@@ -1,418 +0,0 @@
-/**
- * Duo Web SDK v2
- * Copyright 2017, Duo Security
- */
-
-var Duo;
-(function (root, factory) {
-    // Browser globals (root is window)
-    var d = factory();
-    // If the Javascript was loaded via a script tag, attempt to autoload
-    // the frame.
-    d._onReady(d.init);
-    // Attach Duo to the `window` object
-    root.Duo = Duo = d;
-}(window, function () {
-    var DUO_MESSAGE_FORMAT = /^(?:AUTH|ENROLL)+\|[A-Za-z0-9\+\/=]+\|[A-Za-z0-9\+\/=]+$/;
-    var DUO_ERROR_FORMAT = /^ERR\|[\w\s\.\(\)]+$/;
-    var DUO_OPEN_WINDOW_FORMAT = /^DUO_OPEN_WINDOW\|/;
-    var VALID_OPEN_WINDOW_DOMAINS = [
-        'duo.com',
-        'duosecurity.com',
-        'duomobile.s3-us-west-1.amazonaws.com'
-    ];
-
-    var iframeId = 'duo_iframe',
-        postAction = '',
-        postArgument = 'sig_response',
-        host,
-        sigRequest,
-        duoSig,
-        appSig,
-        iframe,
-        submitCallback;
-
-    function throwError(message, url) {
-        throw new Error(
-            'Duo Web SDK error: ' + message +
-            (url ? ('\n' + 'See ' + url + ' for more information') : '')
-        );
-    }
-
-    function hyphenize(str) {
-        return str.replace(/([a-z])([A-Z])/, '$1-$2').toLowerCase();
-    }
-
-    // cross-browser data attributes
-    function getDataAttribute(element, name) {
-        if ('dataset' in element) {
-            return element.dataset[name];
-        } else {
-            return element.getAttribute('data-' + hyphenize(name));
-        }
-    }
-
-    // cross-browser event binding/unbinding
-    function on(context, event, fallbackEvent, callback) {
-        if ('addEventListener' in window) {
-            context.addEventListener(event, callback, false);
-        } else {
-            context.attachEvent(fallbackEvent, callback);
-        }
-    }
-
-    function off(context, event, fallbackEvent, callback) {
-        if ('removeEventListener' in window) {
-            context.removeEventListener(event, callback, false);
-        } else {
-            context.detachEvent(fallbackEvent, callback);
-        }
-    }
-
-    function onReady(callback) {
-        on(document, 'DOMContentLoaded', 'onreadystatechange', callback);
-    }
-
-    function offReady(callback) {
-        off(document, 'DOMContentLoaded', 'onreadystatechange', callback);
-    }
-
-    function onMessage(callback) {
-        on(window, 'message', 'onmessage', callback);
-    }
-
-    function offMessage(callback) {
-        off(window, 'message', 'onmessage', callback);
-    }
-
-    /**
-     * Parse the sig_request parameter, throwing errors if the token contains
-     * a server error or if the token is invalid.
-     *
-     * @param {String} sig Request token
-     */
-    function parseSigRequest(sig) {
-        if (!sig) {
-            // nothing to do
-            return;
-        }
-
-        // see if the token contains an error, throwing it if it does
-        if (sig.indexOf('ERR|') === 0) {
-            throwError(sig.split('|')[1]);
-        }
-
-        // validate the token
-        if (sig.indexOf(':') === -1 || sig.split(':').length !== 2) {
-            throwError(
-                'Duo was given a bad token.  This might indicate a configuration ' +
-                'problem with one of Duo\'s client libraries.',
-                'https://www.duosecurity.com/docs/duoweb#first-steps'
-            );
-        }
-
-        var sigParts = sig.split(':');
-
-        // hang on to the token, and the parsed duo and app sigs
-        sigRequest = sig;
-        duoSig = sigParts[0];
-        appSig = sigParts[1];
-
-        return {
-            sigRequest: sig,
-            duoSig: sigParts[0],
-            appSig: sigParts[1]
-        };
-    }
-
-    /**
-     * This function is set up to run when the DOM is ready, if the iframe was
-     * not available during `init`.
-     */
-    function onDOMReady() {
-        iframe = document.getElementById(iframeId);
-
-        if (!iframe) {
-            throw new Error(
-                'This page does not contain an iframe for Duo to use.' +
-                'Add an element like <iframe id="duo_iframe"></iframe> ' +
-                'to this page.  ' +
-                'See https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe ' +
-                'for more information.'
-            );
-        }
-
-        // we've got an iframe, away we go!
-        ready();
-
-        // always clean up after yourself
-        offReady(onDOMReady);
-    }
-
-    /**
-     * Validate that a MessageEvent came from the Duo service, and that it
-     * is a properly formatted payload.
-     *
-     * The Google Chrome sign-in page injects some JS into pages that also
-     * make use of postMessage, so we need to do additional validation above
-     * and beyond the origin.
-     *
-     * @param {MessageEvent} event Message received via postMessage
-     */
-    function isDuoMessage(event) {
-        return Boolean(
-            event.origin === ('https://' + host) &&
-            typeof event.data === 'string' &&
-            (
-                event.data.match(DUO_MESSAGE_FORMAT) ||
-                event.data.match(DUO_ERROR_FORMAT) ||
-                event.data.match(DUO_OPEN_WINDOW_FORMAT)
-            )
-        );
-    }
-
-    /**
-     * Validate the request token and prepare for the iframe to become ready.
-     *
-     * All options below can be passed into an options hash to `Duo.init`, or
-     * specified on the iframe using `data-` attributes.
-     *
-     * Options specified using the options hash will take precedence over
-     * `data-` attributes.
-     *
-     * Example using options hash:
-     * ```javascript
-     * Duo.init({
-     *     iframe: "some_other_id",
-     *     host: "api-main.duo.test",
-     *     sig_request: "...",
-     *     post_action: "/auth",
-     *     post_argument: "resp"
-     * });
-     * ```
-     *
-     * Example using `data-` attributes:
-     * ```
-     * <iframe id="duo_iframe"
-     *         data-host="api-main.duo.test"
-     *         data-sig-request="..."
-     *         data-post-action="/auth"
-     *         data-post-argument="resp"
-     *         >
-     * </iframe>
-     * ```
-     *
-     * @param {Object} options
-     * @param {String} options.iframe                         The iframe, or id of an iframe to set up
-     * @param {String} options.host                           Hostname
-     * @param {String} options.sig_request                    Request token
-     * @param {String} [options.post_action='']               URL to POST back to after successful auth
-     * @param {String} [options.post_argument='sig_response'] Parameter name to use for response token
-     * @param {Function} [options.submit_callback]            If provided, duo will not submit the form instead execute
-     *                                                        the callback function with reference to the "duo_form" form object
-     *                                                        submit_callback can be used to prevent the webpage from reloading.
-     */
-    function init(options) {
-        if (options) {
-            if (options.host) {
-                host = options.host;
-            }
-
-            if (options.sig_request) {
-                parseSigRequest(options.sig_request);
-            }
-
-            if (options.post_action) {
-                postAction = options.post_action;
-            }
-
-            if (options.post_argument) {
-                postArgument = options.post_argument;
-            }
-
-            if (options.iframe) {
-                if (options.iframe.tagName) {
-                    iframe = options.iframe;
-                } else if (typeof options.iframe === 'string') {
-                    iframeId = options.iframe;
-                }
-            }
-
-            if (typeof options.submit_callback === 'function') {
-                submitCallback = options.submit_callback;
-            }
-        }
-
-        // if we were given an iframe, no need to wait for the rest of the DOM
-        if (false && iframe) {
-            ready();
-        } else {
-            // try to find the iframe in the DOM
-            iframe = document.getElementById(iframeId);
-
-            // iframe is in the DOM, away we go!
-            if (iframe) {
-                ready();
-            } else {
-                // wait until the DOM is ready, then try again
-                onReady(onDOMReady);
-            }
-        }
-
-        // always clean up after yourself!
-        offReady(init);
-    }
-
-    /**
-     * This function is called when a message was received from another domain
-     * using the `postMessage` API.  Check that the event came from the Duo
-     * service domain, and that the message is a properly formatted payload,
-     * then perform the post back to the primary service.
-     *
-     * @param event Event object (contains origin and data)
-     */
-    function onReceivedMessage(event) {
-        if (isDuoMessage(event)) {
-            if (event.data.match(DUO_OPEN_WINDOW_FORMAT)) {
-                var url = event.data.substring("DUO_OPEN_WINDOW|".length);
-                if (isValidUrlToOpen(url)) {
-                    // Open the URL that comes after the DUO_WINDOW_OPEN token.
-                    window.open(url, "_self");
-                }
-            }
-            else {
-                // the event came from duo, do the post back
-                doPostBack(event.data);
-
-                // always clean up after yourself!
-                offMessage(onReceivedMessage);
-            }
-        }
-    }
-
-    /**
-     * Validate that this passed in URL is one that we will actually allow to
-     * be opened.
-     * @param url String URL that the message poster wants to open
-     * @returns {boolean} true if we allow this url to be opened in the window
-     */
-    function isValidUrlToOpen(url) {
-        if (!url) {
-            return false;
-        }
-
-        var parser = document.createElement('a');
-        parser.href = url;
-
-        if (parser.protocol === "duotrustedendpoints:") {
-            return true;
-        } else if (parser.protocol !== "https:") {
-            return false;
-        }
-
-        for (var i = 0; i < VALID_OPEN_WINDOW_DOMAINS.length; i++) {
-            if (parser.hostname.endsWith("." + VALID_OPEN_WINDOW_DOMAINS[i]) ||
-                parser.hostname === VALID_OPEN_WINDOW_DOMAINS[i]) {
-                return true;
-            }
-        }
-        return false;
-    }
-
-    /**
-     * Point the iframe at Duo, then wait for it to postMessage back to us.
-     */
-    function ready() {
-        if (!host) {
-            host = getDataAttribute(iframe, 'host');
-
-            if (!host) {
-                throwError(
-                    'No API hostname is given for Duo to use.  Be sure to pass ' +
-                    'a `host` parameter to Duo.init, or through the `data-host` ' +
-                    'attribute on the iframe element.',
-                    'https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe'
-                );
-            }
-        }
-
-        if (!duoSig || !appSig) {
-            parseSigRequest(getDataAttribute(iframe, 'sigRequest'));
-
-            if (!duoSig || !appSig) {
-                throwError(
-                    'No valid signed request is given.  Be sure to give the ' +
-                    '`sig_request` parameter to Duo.init, or use the ' +
-                    '`data-sig-request` attribute on the iframe element.',
-                    'https://www.duosecurity.com/docs/duoweb#3.-show-the-iframe'
-                );
-            }
-        }
-
-        // if postAction/Argument are defaults, see if they are specified
-        // as data attributes on the iframe
-        if (postAction === '') {
-            postAction = getDataAttribute(iframe, 'postAction') || postAction;
-        }
-
-        if (postArgument === 'sig_response') {
-            postArgument = getDataAttribute(iframe, 'postArgument') || postArgument;
-        }
-
-        // point the iframe at Duo
-        iframe.src = [
-            'https://', host, '/frame/web/v1/auth?tx=', duoSig,
-            '&parent=', encodeURIComponent(document.location.href),
-            '&v=2.6'
-        ].join('');
-
-        // listen for the 'message' event
-        onMessage(onReceivedMessage);
-    }
-
-    /**
-     * We received a postMessage from Duo.  POST back to the primary service
-     * with the response token, and any additional user-supplied parameters
-     * given in form#duo_form.
-     */
-    function doPostBack(response) {
-        // create a hidden input to contain the response token
-        var input = document.createElement('input');
-        input.type = 'hidden';
-        input.name = postArgument;
-        input.value = response + ':' + appSig;
-
-        // user may supply their own form with additional inputs
-        var form = document.getElementById('duo_form');
-
-        // if the form doesn't exist, create one
-        if (!form) {
-            form = document.createElement('form');
-
-            // insert the new form after the iframe
-            iframe.parentElement.insertBefore(form, iframe.nextSibling);
-        }
-
-        // make sure we are actually posting to the right place
-        form.method = 'POST';
-        form.action = postAction;
-
-        // add the response token input to the form
-        form.appendChild(input);
-
-        // away we go!
-        if (typeof submitCallback === "function") {
-            submitCallback.call(null, form);
-        } else {
-            form.submit();
-        }
-    }
-
-    return {
-        init: init,
-        _onReady: onReady,
-        _parseSigRequest: parseSigRequest,
-        _isDuoMessage: isDuoMessage,
-        _doPostBack: doPostBack
-    };
-}));
diff --git a/apps/desktop/src/auth/two-factor.component.html b/apps/desktop/src/auth/two-factor.component.html
index afd866e1d5..1f65d5070f 100644
--- a/apps/desktop/src/auth/two-factor.component.html
+++ b/apps/desktop/src/auth/two-factor.component.html
@@ -90,20 +90,12 @@
 
         <!-- Duo -->
         <ng-container *ngIf="isDuoProvider">
-          <ng-container *ngIf="duoFrameless">
-            <div>
-              <span *ngIf="selectedProviderType === providerType.OrganizationDuo" class="tw-mb-0">
-                {{ "duoRequiredByOrgForAccount" | i18n }}
-              </span>
-              {{ "launchDuoAndFollowStepsToFinishLoggingIn" | i18n }}
-            </div>
-          </ng-container>
-          <ng-container id="duo-frame" *ngIf="!duoFrameless">
-            <iframe
-              id="duo_iframe"
-              sandbox="allow-scripts allow-forms allow-same-origin allow-popups allow-popups-to-escape-sandbox"
-            ></iframe>
-          </ng-container>
+          <div>
+            <span *ngIf="selectedProviderType === providerType.OrganizationDuo" class="tw-mb-0">
+              {{ "duoRequiredByOrgForAccount" | i18n }}
+            </span>
+            {{ "launchDuoAndFollowStepsToFinishLoggingIn" | i18n }}
+          </div>
         </ng-container>
       </div>
 
@@ -148,10 +140,7 @@
 
       <!-- Submit Buttons -->
       <div class="buttons with-rows">
-        <div
-          class="buttons-row"
-          *ngIf="duoFrameless && selectedProviderType != null && isDuoProvider"
-        >
+        <div class="buttons-row" *ngIf="selectedProviderType != null && isDuoProvider">
           <button
             (click)="launchDuoFrameless()"
             type="button"
diff --git a/apps/web/src/app/auth/settings/two-factor-duo.component.ts b/apps/web/src/app/auth/settings/two-factor-duo.component.ts
index 6dbfa66856..9a1ec6c4da 100644
--- a/apps/web/src/app/auth/settings/two-factor-duo.component.ts
+++ b/apps/web/src/app/auth/settings/two-factor-duo.component.ts
@@ -59,8 +59,8 @@ export class TwoFactorDuoComponent extends TwoFactorBaseComponent {
 
   protected async enable() {
     const request = await this.buildRequestModel(UpdateTwoFactorDuoRequest);
-    request.integrationKey = this.clientId;
-    request.secretKey = this.clientSecret;
+    request.clientId = this.clientId;
+    request.clientSecret = this.clientSecret;
     request.host = this.host;
 
     return super.enable(async () => {
@@ -78,8 +78,8 @@ export class TwoFactorDuoComponent extends TwoFactorBaseComponent {
   }
 
   private processResponse(response: TwoFactorDuoResponse) {
-    this.clientId = response.integrationKey;
-    this.clientSecret = response.secretKey;
+    this.clientId = response.clientId;
+    this.clientSecret = response.clientSecret;
     this.host = response.host;
     this.enabled = response.enabled;
   }
diff --git a/apps/web/src/app/auth/two-factor.component.html b/apps/web/src/app/auth/two-factor.component.html
index 639e2e9de7..b09ab68c31 100644
--- a/apps/web/src/app/auth/two-factor.component.html
+++ b/apps/web/src/app/auth/two-factor.component.html
@@ -54,25 +54,14 @@
     </ng-container>
     <!-- Duo -->
     <ng-container *ngIf="isDuoProvider">
-      <ng-container *ngIf="duoFrameless">
-        <p
-          bitTypography="body1"
-          *ngIf="selectedProviderType === providerType.OrganizationDuo"
-          class="tw-mb-0"
-        >
-          {{ "duoRequiredByOrgForAccount" | i18n }}
-        </p>
-        <p bitTypography="body1">{{ "launchDuoAndFollowStepsToFinishLoggingIn" | i18n }}</p>
-      </ng-container>
-
-      <ng-container *ngIf="!duoFrameless">
-        <div id="duo-frame" class="tw-mb-3">
-          <iframe
-            id="duo_iframe"
-            sandbox="allow-scripts allow-forms allow-same-origin allow-popups allow-popups-to-escape-sandbox"
-          ></iframe>
-        </div>
-      </ng-container>
+      <p
+        bitTypography="body1"
+        *ngIf="selectedProviderType === providerType.OrganizationDuo"
+        class="tw-mb-0"
+      >
+        {{ "duoRequiredByOrgForAccount" | i18n }}
+      </p>
+      <p bitTypography="body1">{{ "launchDuoAndFollowStepsToFinishLoggingIn" | i18n }}</p>
     </ng-container>
     <bit-form-control *ngIf="selectedProviderType != null">
       <bit-label>{{ "rememberMe" | i18n }}</bit-label>
@@ -107,7 +96,7 @@
         buttonType="primary"
         bitButton
         bitFormButton
-        *ngIf="duoFrameless && isDuoProvider"
+        *ngIf="isDuoProvider"
       >
         <span> {{ "launchDuo" | i18n }} </span>
       </button>
diff --git a/apps/web/src/connectors/duo.html b/apps/web/src/connectors/duo.html
deleted file mode 100644
index 8d315219c2..0000000000
--- a/apps/web/src/connectors/duo.html
+++ /dev/null
@@ -1,17 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <meta charset="utf-8" />
-    <meta
-      name="viewport"
-      content="initial-scale=1, maximum-scale=1, user-scalable=no, width=device-width"
-    />
-    <meta
-      http-equiv="Content-Security-Policy"
-      content="default-src 'self'; child-src 'self' https://*.duosecurity.com https://*.duofederal.com; frame-src 'self' https://*.duosecurity.com https://*.duofederal.com;"
-    />
-    <title>Bitwarden Duo Connector</title>
-  </head>
-
-  <body></body>
-</html>
diff --git a/apps/web/src/connectors/duo.scss b/apps/web/src/connectors/duo.scss
deleted file mode 100644
index 0fa97956ee..0000000000
--- a/apps/web/src/connectors/duo.scss
+++ /dev/null
@@ -1,18 +0,0 @@
-html,
-body {
-  margin: 0;
-  padding: 0;
-}
-
-body {
-  background: #efeff4 url("../images/loading.svg") 0 0 no-repeat;
-}
-
-iframe {
-  display: block;
-  width: 100%;
-  height: 400px;
-  border: none;
-  margin: 0;
-  padding: 0;
-}
diff --git a/apps/web/src/connectors/duo.ts b/apps/web/src/connectors/duo.ts
deleted file mode 100644
index b041c0d6a2..0000000000
--- a/apps/web/src/connectors/duo.ts
+++ /dev/null
@@ -1,47 +0,0 @@
-import * as DuoWebSDK from "duo_web_sdk";
-
-import { getQsParam } from "./common";
-
-require("./duo.scss");
-
-document.addEventListener("DOMContentLoaded", () => {
-  const frameElement = document.createElement("iframe");
-  frameElement.setAttribute("id", "duo_iframe");
-  setFrameHeight();
-  document.body.appendChild(frameElement);
-
-  const hostParam = getQsParam("host");
-  const requestParam = getQsParam("request");
-
-  const hostUrl = new URL("https://" + hostParam);
-  if (
-    !hostUrl.hostname.endsWith(".duosecurity.com") &&
-    !hostUrl.hostname.endsWith(".duofederal.com")
-  ) {
-    return;
-  }
-
-  DuoWebSDK.init({
-    iframe: "duo_iframe",
-    host: hostUrl.hostname,
-    sig_request: requestParam,
-    submit_callback: (form: any) => {
-      invokeCSCode(form.elements.sig_response.value);
-    },
-  });
-
-  window.onresize = setFrameHeight;
-
-  function setFrameHeight() {
-    frameElement.style.height = window.innerHeight + "px";
-  }
-});
-
-function invokeCSCode(data: string) {
-  try {
-    (window as any).invokeCSharpAction(data);
-  } catch (err) {
-    // eslint-disable-next-line
-    console.log(err);
-  }
-}
diff --git a/apps/web/webpack.config.js b/apps/web/webpack.config.js
index f22d98f081..884a0bc997 100644
--- a/apps/web/webpack.config.js
+++ b/apps/web/webpack.config.js
@@ -91,11 +91,6 @@ const plugins = [
     chunks: ["theme_head", "app/polyfills", "app/vendor", "app/main"],
   }),
   new HtmlWebpackInjector(),
-  new HtmlWebpackPlugin({
-    template: "./src/connectors/duo.html",
-    filename: "duo-connector.html",
-    chunks: ["connectors/duo"],
-  }),
   new HtmlWebpackPlugin({
     template: "./src/connectors/webauthn.html",
     filename: "webauthn-connector.html",
@@ -324,7 +319,6 @@ const webpackConfig = {
     "app/main": "./src/main.ts",
     "connectors/webauthn": "./src/connectors/webauthn.ts",
     "connectors/webauthn-fallback": "./src/connectors/webauthn-fallback.ts",
-    "connectors/duo": "./src/connectors/duo.ts",
     "connectors/sso": "./src/connectors/sso.ts",
     "connectors/captcha": "./src/connectors/captcha.ts",
     "connectors/duo-redirect": "./src/connectors/duo-redirect.ts",
diff --git a/libs/angular/src/auth/components/two-factor.component.ts b/libs/angular/src/auth/components/two-factor.component.ts
index 687fd3fb6f..4ef18985d8 100644
--- a/libs/angular/src/auth/components/two-factor.component.ts
+++ b/libs/angular/src/auth/components/two-factor.component.ts
@@ -1,6 +1,5 @@
 import { Directive, Inject, OnDestroy, OnInit } from "@angular/core";
 import { ActivatedRoute, NavigationExtras, Router } from "@angular/router";
-import * as DuoWebSDK from "duo_web_sdk";
 import { firstValueFrom } from "rxjs";
 import { first } from "rxjs/operators";
 
@@ -53,7 +52,6 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
   emailPromise: Promise<any>;
   orgIdentifier: string = null;
 
-  duoFrameless = false;
   duoFramelessUrl: string = null;
   duoResultListenerInitialized = false;
 
@@ -177,42 +175,14 @@ export class TwoFactorComponent extends CaptchaProtectedComponent implements OnI
         break;
       case TwoFactorProviderType.Duo:
       case TwoFactorProviderType.OrganizationDuo:
-        // 2 Duo 2FA flows available
-        // 1. Duo Web SDK (iframe) - existing, to be deprecated
-        // 2. Duo Frameless (new tab) - new
-
-        // AuthUrl only exists for new Duo Frameless flow
-        if (providerData.AuthUrl) {
-          this.duoFrameless = true;
-          // Setup listener for duo-redirect.ts connector to send back the code
-
-          if (!this.duoResultListenerInitialized) {
-            // setup client specific duo result listener
-            this.setupDuoResultListener();
-            this.duoResultListenerInitialized = true;
-          }
-
-          // flow must be launched by user so they can choose to remember the device or not.
-          this.duoFramelessUrl = providerData.AuthUrl;
-        } else {
-          // Duo Web SDK (iframe) flow
-          // TODO: remove when we remove the "duo-redirect" feature flag
-          setTimeout(() => {
-            DuoWebSDK.init({
-              iframe: undefined,
-              host: providerData.Host,
-              sig_request: providerData.Signature,
-              submit_callback: async (f: HTMLFormElement) => {
-                const sig = f.querySelector('input[name="sig_response"]') as HTMLInputElement;
-                if (sig != null) {
-                  this.token = sig.value;
-                  await this.submit();
-                }
-              },
-            });
-          }, 0);
+        // Setup listener for duo-redirect.ts connector to send back the code
+        if (!this.duoResultListenerInitialized) {
+          // setup client specific duo result listener
+          this.setupDuoResultListener();
+          this.duoResultListenerInitialized = true;
         }
-
+        // flow must be launched by user so they can choose to remember the device or not.
+        this.duoFramelessUrl = providerData.AuthUrl;
         break;
       case TwoFactorProviderType.Email:
         this.twoFactorEmail = providerData.Email;
diff --git a/libs/common/src/auth/models/request/update-two-factor-duo.request.ts b/libs/common/src/auth/models/request/update-two-factor-duo.request.ts
index d113715b37..c67b111741 100644
--- a/libs/common/src/auth/models/request/update-two-factor-duo.request.ts
+++ b/libs/common/src/auth/models/request/update-two-factor-duo.request.ts
@@ -1,7 +1,7 @@
 import { SecretVerificationRequest } from "./secret-verification.request";
 
 export class UpdateTwoFactorDuoRequest extends SecretVerificationRequest {
-  integrationKey: string;
-  secretKey: string;
+  clientId: string;
+  clientSecret: string;
   host: string;
 }
diff --git a/libs/common/src/auth/models/response/two-factor-duo.response.ts b/libs/common/src/auth/models/response/two-factor-duo.response.ts
index b91c9f0fb6..a195aa236d 100644
--- a/libs/common/src/auth/models/response/two-factor-duo.response.ts
+++ b/libs/common/src/auth/models/response/two-factor-duo.response.ts
@@ -3,14 +3,14 @@ import { BaseResponse } from "../../../models/response/base.response";
 export class TwoFactorDuoResponse extends BaseResponse {
   enabled: boolean;
   host: string;
-  secretKey: string;
-  integrationKey: string;
+  clientSecret: string;
+  clientId: string;
 
   constructor(response: any) {
     super(response);
     this.enabled = this.getResponseProperty("Enabled");
     this.host = this.getResponseProperty("Host");
-    this.secretKey = this.getResponseProperty("SecretKey");
-    this.integrationKey = this.getResponseProperty("IntegrationKey");
+    this.clientSecret = this.getResponseProperty("ClientSecret");
+    this.clientId = this.getResponseProperty("ClientId");
   }
 }
diff --git a/package-lock.json b/package-lock.json
index 78ed8111e0..991849fd01 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -39,7 +39,6 @@
         "chalk": "4.1.2",
         "commander": "11.1.0",
         "core-js": "3.36.1",
-        "duo_web_sdk": "github:duosecurity/duo_web_sdk",
         "form-data": "4.0.0",
         "https-proxy-agent": "7.0.2",
         "inquirer": "8.2.6",
@@ -97,7 +96,6 @@
         "@storybook/testing-library": "0.2.2",
         "@types/argon2-browser": "1.18.1",
         "@types/chrome": "0.0.262",
-        "@types/duo_web_sdk": "2.7.1",
         "@types/firefox-webext-browser": "111.0.5",
         "@types/inquirer": "8.2.10",
         "@types/jest": "29.5.12",
@@ -11352,12 +11350,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/@types/duo_web_sdk": {
-      "version": "2.7.1",
-      "resolved": "https://registry.npmjs.org/@types/duo_web_sdk/-/duo_web_sdk-2.7.1.tgz",
-      "integrity": "sha512-DePanZjFww36yGSxXwC8B3AsjrrDuPxEcufeh4gTqVsUMpCYByxjX4PERiYZdW0typzKSt9E4I14PPp+PrSIQA==",
-      "dev": true
-    },
     "node_modules/@types/ejs": {
       "version": "3.1.5",
       "resolved": "https://registry.npmjs.org/@types/ejs/-/ejs-3.1.5.tgz",
@@ -18249,11 +18241,6 @@
         "node": ">=12"
       }
     },
-    "node_modules/duo_web_sdk": {
-      "version": "2.7.0",
-      "resolved": "git+ssh://git@github.com/duosecurity/duo_web_sdk.git#29cad7338eff2cd909a361ecdd525458862938be",
-      "license": "SEE LICENSE IN LICENSE"
-    },
     "node_modules/duplexer": {
       "version": "0.1.2",
       "resolved": "https://registry.npmjs.org/duplexer/-/duplexer-0.1.2.tgz",
diff --git a/package.json b/package.json
index 70c3803aba..c835300fcc 100644
--- a/package.json
+++ b/package.json
@@ -58,7 +58,6 @@
     "@storybook/testing-library": "0.2.2",
     "@types/argon2-browser": "1.18.1",
     "@types/chrome": "0.0.262",
-    "@types/duo_web_sdk": "2.7.1",
     "@types/firefox-webext-browser": "111.0.5",
     "@types/inquirer": "8.2.10",
     "@types/jest": "29.5.12",
@@ -176,7 +175,6 @@
     "chalk": "4.1.2",
     "commander": "11.1.0",
     "core-js": "3.36.1",
-    "duo_web_sdk": "github:duosecurity/duo_web_sdk",
     "form-data": "4.0.0",
     "https-proxy-agent": "7.0.2",
     "inquirer": "8.2.6",