Change Log

1.0.0 (2018-07-31)

Full Changelog

Added

• Allow to send custom NumberFormatter for otp #76 (hzalaz)
• Add OTP Generators #71 (hzalaz)

Changed

• Rename Enrollment to EnrolledDevice #72 (hzalaz)

Fixed

• Allow 204 reponse that has Data object empty #75 (hzalaz)

Breaking changes

• Rework GuardianError #74 (hzalaz)
• Rework Network Layer #73 (hzalaz)
• Now the session should be configured per request. #70 (hzalaz)
• Refactor Key handling for enroll and resolve #69 (hzalaz)
• Refactor notification handling #68 (hzalaz)
• Remove ObjectiveC bindings and support #67 (hzalaz)
• Remove iOS 9 support #65 (hzalaz)

0.5.0 (2018-07-19)

Full Changelog Closed issues

• Private constants as default arguments - Swift 4 Support #61

Changed

• Update to compile with Swift 4 #63 (hzalaz)

Deprecated

• Deprecate iOS 9 or older notification code #64 (hzalaz)

0.4.0 (2018-06-08)

Full Changelog

Added

• Add fastlane release plugin #59 (hzalaz)
• Add ability to log requests or add hooks on request/response/error #57 (hzalaz)

Changed

• Remove warnings from deprecated methods #56 (hzalaz)
• Update to Xcode 9.3 #55 (hzalaz)

0.3.1 (2018-05-25)

Full Changelog

Closed issues

• Turn off iOS HTTP cache #51

Changed

• Update project to latests tools and Xcode 9.3 #52 (hzalaz)

Fixed

• Disable NSURLSession cache #53 (hzalaz)

0.3.0 (2017-06-02)

Full Changelog

Added

• Make RSAKeyPair(publicKeyTag:privateKeyTag) constructor public #49 (nikolaseu)
• Add support for appliance #48 (nikolaseu)

0.2.0 (2017-01-16)

Full Changelog

Added

• Make jwk conversion property public #47 (hzalaz)
• Add methods to register and handle remote notifications #45 (nikolaseu)

0.1.0 (2016-11-23)

First release of Guardian for iOS

Install

CocoaPods

Guardian.swift is available through CocoaPods. To install it, simply add the following line to your Podfile:

pod "Guardian"

Carthage

In your Cartfile add this line

github "auth0/Guardian.swift"

Usage

Guardian is the core of the SDK. To get things going you'll have to import the library:

import Guardian

Then you'll need the Auth0 Guarduan domain for your account:

let domain = "{YOUR_ACCOUNT_NAME}.guardian.auth0.com"

Enroll

An enrollment is a link between the second factor and an Auth0 account. When an account is enrolled you'll need it to provide the second factor required to verify the identity.

For an enrollment you need the following things, besides your Guardian Domain:

• Enrollment Uri: The value encoded in the QR Code scanned from Guardian Web Widget or in your enrollment ticket sent to you, e.g. by email.
• APNS Token: Apple APNS token for the device and MUST be a Stringcontaining the 64 bytes (expressed in hexadecimal format)
• Key Pair: A RSA (Private/Public) key pair used to assert your identity with Auth0 Guardian

In case your app is not yet using push notifications or you're not familiar with it, you should check their docs.

after your have all of them, you can enroll your device

Guardian
        .enroll(forDomain: "{YOUR_GUARDIAN_DOMAIN}",
                usingUri: "{ENROLLMENT_URI}",
                notificationToken: "{APNS_TOKEN}",
                keyPair: keyPair)
        .start { result in
            switch result {
            case .success(let enrollment):
                // success, we have the enrollment data available
            case .failure(let cause):
                // something failed, check cause to see what went wrong
            }
        }

On success you'll obtain the enrollment information, that should be secured stored in your application. This information includes the enrollment identifier, and the token for Guardian API associated to your device for updating or deleting your enrollment.

RSA key pair

Guardian.swift provides a convenience class to generate an RSA key pair and store it in iOS Keychain.

let rsaKeyPair = RSAKeyPair.new(
    usingPublicTag: "com.auth0.guardian.enroll.public",
    privateTag: "com.auth0.guardian.enroll.private"
    )

The tags should be unique since it's the identifier of each key inside iOS Keychain.

Since the keys are already secured stored inside iOS Keychain, you olny need to store the identifiers

Allow a login request

Once you have the enrollment in place, you will receive a push notification every time the user has to validate his identity with MFA.

Guardian provides a method to parse the data received from APNs and return a Notification instance ready to be used.

if let notification = Guardian.notification(from: userInfo) {
    // we have received a Guardian push notification
}

Once you have the notification instance, you can easily allow the authentication request by using the allow method. You'll also need the enrollment that you obtained previously. In case you have more than one enrollment, you'll have to find the one that has the same id as the notification (the enrollmentId property).

Guardian
        .authentication(forDomain: "{YOUR_GUARDIAN_DOMAIN}", andEnrollment: enrollment)
        .allow(notification: notification)
        .start { result in
            switch result {
            case .success:
                // the auth request was successfuly allowed
            case .failure(let cause):
                // something failed, check cause to see what went wrong
            }
        }