Currently, the IdP's Duo flow, when invoked by a non-browser client, will error when the factor header is set to sms stating that it isn't supported. If allowed to pass through, the Duo auth API would return an error, but it would still send the SMS code. The user can then restart authentication and supply the code as their factor. Though awkward, it works. Requesting that the check and prevention of sms as a factor is removed.