0.3.1

0.3.1 (2019-05-24)

Full Changelog

Security

• Update dependencies (jackson-databind, okhttp, oss plugin) #10 (lbalmaceda)

0.3.0

Full Changelog

Added

• Exposed OTP secret for not-yet serialised Transaction entities #8 (mirichan)

0.2.0

Full Changelog

Added

• Add transaction not found error to GuardianException #5 (nikolaseu)

Changed

• Remove HTTP logging interceptor #6 (nikolaseu)

0.1.0

Full Changelog

Changed

• Exposed protected Transaction data #3 (mirichan)

Release 0.0.1

First release of Guardian for Java

Install

Get Guardian Java via Maven:

<dependency>
  <groupId>com.auth0</groupId>
  <artifactId>guardian</artifactId>
  <version>0.0.1</version>
</dependency>

or Gradle:

compile 'com.auth0:guardian:0.0.1'

Usage

Create an instance of Guardian using you Guardian URL:

Guardian guardian = new Guardian("https://<tenant>.guardian.auth0.com");

Obtain an enrollment ticket from API2:

String enrollmentTicket = "Ag1qX7vZVBvyTKhFwrkzaCH2M8vn5b6c";

Enrollment

Use the ticket and EnrollmentType.TOTP() to request an TOTP enrollment, or EnrollmentType.SMS() and the phone number
for an SMS enrollment.

For TOTP you must ask for the TOTP URI to show to the user in the QR code.

Transaction enrollmentTransaction;
try {
    enrollmentTransaction = guardian
            .requestEnroll(enrollmentTicket, EnrollmentType.TOTP());
            // or .requestEnroll(enrollmentTicket, EnrollmentType.SMS("+549XXXXXXXX58"));

    // Only for TOTP: use the TOTP URI to create a QR and scan with an app
    String totpURI = enrollmentTransaction.totpURI("Username", "Issuer");
    System.out.println(totpURI);

} catch (IOException e) {
    // connection issue, might be internet (or invalid certificates for example)
} catch (GuardianException e) {
    if (e.isAlreadyEnrolled()) {
        // the user was already enrolled
    } else if (e.isInvalidToken()) {
        // the ticket is not valid anymore, or was already used
    } else {
        // some other guardian error, check the message
    }
}

Transaction storage

Transaction implements java.io.Serializable interface so you can save and restore it easily.

The transaction contains sensitive information like the transaction token and the recovery code. Keep in mind this
when considering possible storage options.

Confirm enrollment

Restore the enrollment transaction from wherever you saved it, and use it together with the OTP that the user inputs to
confirm the enrollment, whether it's TOTP or SMS.

If the OTP was valid, the enrollment is confirmed and you get an object that contains the recovery code.

// get the OTP from SMS or TOTP app
String code = "123456";

try {
    Enrollment enrollment = guardian.confirmEnroll(enrollmentTransaction, code);

    // Get the recovery code and show to the user
    String recoveryCode = enrollment.getRecoveryCode();
    System.out.println(recoveryCode);

} catch (IOException e) {
    // connection issue, might be internet (or invalid certificates for example)
} catch (GuardianException e) {
    if (e.isInvalidToken()) {
        // the transaction is not valid anymore
    } else if (e.isInvalidOTP()) {
        // the OTP is not valid
    } else {
        // some other guardian error, check the message
    }
}