1.4.2 (2024-05-29)
Changed
- Fix bug with the privacy manifest
1.4.1 (2024-05-22)
Changed
- Fix bug with TOTP to enable builds with Xcode 15.2+
1.4.0 (2024-04-29)
Changed
- Add privacy manifest
1.3.0 (2024-03-15)
Changed
- Add support for Xcode 15
- Add telemetry to track usage
1.2.0 (2023-10-31)
Changed
- Add support for transaction linking id
- Add support for custom domain (demo app example).
1.1.0 (2021-06-01)
Changed
1.0.0 (2018-07-31)
Added
Changed
Fixed
Breaking changes
- Rework GuardianError #74 (hzalaz)
- Rework Network Layer #73 (hzalaz)
- Now the session should be configured per request. #70 (hzalaz)
- Refactor Key handling for enroll and resolve #69 (hzalaz)
- Refactor notification handling #68 (hzalaz)
- Remove ObjectiveC bindings and support #67 (hzalaz)
- Remove iOS 9 support #65 (hzalaz)
0.5.0 (2018-07-19)
Full Changelog Closed issues
- Private constants as default arguments - Swift 4 Support #61
Changed
Deprecated
0.4.0 (2018-06-08)
Added
- Add fastlane release plugin #59 (hzalaz)
- Add ability to log requests or add hooks on request/response/error #57 (hzalaz)
Changed
0.3.1 (2018-05-25)
Closed issues
- Turn off iOS HTTP cache #51
Changed
Fixed
0.3.0 (2017-06-02)
Added
- Make RSAKeyPair(publicKeyTag:privateKeyTag) constructor public #49 (nikolaseu)
- Add support for appliance #48 (nikolaseu)
0.2.0 (2017-01-16)
Added
- Make jwk conversion property public #47 (hzalaz)
- Add methods to register and handle remote notifications #45 (nikolaseu)
0.1.0 (2016-11-23)
First release of Guardian for iOS
Guardian.swift is available through CocoaPods. To install it, simply add the following line to your Podfile:
pod "Guardian"
In your Cartfile add this line
github "auth0/Guardian.swift"
Guardian
is the core of the SDK. To get things going you'll have to import the library:
import Guardian
Then you'll need the Auth0 Guarduan domain for your account:
let domain = "{YOUR_ACCOUNT_NAME}.guardian.auth0.com"
An enrollment is a link between the second factor and an Auth0 account. When an account is enrolled you'll need it to provide the second factor required to verify the identity.
For an enrollment you need the following things, besides your Guardian Domain:
- Enrollment Uri: The value encoded in the QR Code scanned from Guardian Web Widget or in your enrollment ticket sent to you, e.g. by email.
- APNS Token: Apple APNS token for the device and MUST be a
String
containing the 64 bytes (expressed in hexadecimal format) - Key Pair: A RSA (Private/Public) key pair used to assert your identity with Auth0 Guardian
In case your app is not yet using push notifications or you're not familiar with it, you should check their docs.
after your have all of them, you can enroll your device
Guardian
.enroll(forDomain: "{YOUR_GUARDIAN_DOMAIN}",
usingUri: "{ENROLLMENT_URI}",
notificationToken: "{APNS_TOKEN}",
keyPair: keyPair)
.start { result in
switch result {
case .success(let enrollment):
// success, we have the enrollment data available
case .failure(let cause):
// something failed, check cause to see what went wrong
}
}
On success you'll obtain the enrollment information, that should be secured stored in your application. This information includes the enrollment identifier, and the token for Guardian API associated to your device for updating or deleting your enrollment.
Guardian.swift provides a convenience class to generate an RSA key pair and store it in iOS Keychain.
let rsaKeyPair = RSAKeyPair.new(
usingPublicTag: "com.auth0.guardian.enroll.public",
privateTag: "com.auth0.guardian.enroll.private"
)
The tags should be unique since it's the identifier of each key inside iOS Keychain.
Since the keys are already secured stored inside iOS Keychain, you olny need to store the identifiers
Once you have the enrollment in place, you will receive a push notification every time the user has to validate his identity with MFA.
Guardian provides a method to parse the data received from APNs and return a Notification
instance ready to be used.
if let notification = Guardian.notification(from: userInfo) {
// we have received a Guardian push notification
}
Once you have the notification instance, you can easily allow the authentication request by using
the allow
method. You'll also need the enrollment that you obtained previously.
In case you have more than one enrollment, you'll have to find the one that has the same id
as the
notification (the enrollmentId
property).
Guardian
.authentication(forDomain: "{YOUR_GUARDIAN_DOMAIN}", andEnrollment: enrollment)
.allow(notification: notification)
.start { result in
switch result {
case .success:
// the auth request was successfuly allowed
case .failure(let cause):
// something failed, check cause to see what went wrong
}
}