Change Log

1.0.0 (2018-07-31)

Full Changelog

Added

Changed

Fixed

Breaking changes

0.5.0 (2018-07-19)

Full Changelog Closed issues

Changed

Deprecated

0.4.0 (2018-06-08)

Full Changelog

Added

Changed

0.3.1 (2018-05-25)

Full Changelog

Closed issues

Changed

Fixed

0.3.0 (2017-06-02)

Full Changelog

Added

0.2.0 (2017-01-16)

Full Changelog

Added

0.1.0 (2016-11-23)

First release of Guardian for iOS

Install

CocoaPods

Guardian.swift is available through CocoaPods. To install it, simply add the following line to your Podfile:

pod "Guardian"

Carthage

In your Cartfile add this line

github "auth0/Guardian.swift"

Usage

Guardian is the core of the SDK. To get things going you'll have to import the library:

import Guardian

Then you'll need the Auth0 Guarduan domain for your account:

let domain = "{YOUR_ACCOUNT_NAME}.guardian.auth0.com"

Enroll

An enrollment is a link between the second factor and an Auth0 account. When an account is enrolled you'll need it to provide the second factor required to verify the identity.

For an enrollment you need the following things, besides your Guardian Domain:

In case your app is not yet using push notifications or you're not familiar with it, you should check their docs.

after your have all of them, you can enroll your device

Guardian
        .enroll(forDomain: "{YOUR_GUARDIAN_DOMAIN}",
                usingUri: "{ENROLLMENT_URI}",
                notificationToken: "{APNS_TOKEN}",
                keyPair: keyPair)
        .start { result in
            switch result {
            case .success(let enrollment):
                // success, we have the enrollment data available
            case .failure(let cause):
                // something failed, check cause to see what went wrong
            }
        }

On success you'll obtain the enrollment information, that should be secured stored in your application. This information includes the enrollment identifier, and the token for Guardian API associated to your device for updating or deleting your enrollment.

RSA key pair

Guardian.swift provides a convenience class to generate an RSA key pair and store it in iOS Keychain.

let rsaKeyPair = RSAKeyPair.new(
    usingPublicTag: "com.auth0.guardian.enroll.public",
    privateTag: "com.auth0.guardian.enroll.private"
    )

The tags should be unique since it's the identifier of each key inside iOS Keychain.

Since the keys are already secured stored inside iOS Keychain, you olny need to store the identifiers

Allow a login request

Once you have the enrollment in place, you will receive a push notification every time the user has to validate his identity with MFA.

Guardian provides a method to parse the data received from APNs and return a Notification instance ready to be used.

if let notification = Guardian.notification(from: userInfo) {
    // we have received a Guardian push notification
}

Once you have the notification instance, you can easily allow the authentication request by using the allow method. You'll also need the enrollment that you obtained previously. In case you have more than one enrollment, you'll have to find the one that has the same id as the notification (the enrollmentId property).

Guardian
        .authentication(forDomain: "{YOUR_GUARDIAN_DOMAIN}", andEnrollment: enrollment)
        .allow(notification: notification)
        .start { result in
            switch result {
            case .success:
                // the auth request was successfuly allowed
            case .failure(let cause):
                // something failed, check cause to see what went wrong
            }
        }