Skip to content

Releases: auth0/Guardian.java

0.3.1

Choose a tag to compare

@lbalmaceda lbalmaceda released this 24 May 18:09
46ae7aa

0.3.1 (2019-05-24)

Full Changelog

Security

  • Update dependencies (jackson-databind, okhttp, oss plugin) #10 (lbalmaceda)

0.3.0

Choose a tag to compare

@nikolaseu nikolaseu released this 29 May 15:08

Full Changelog

Added

  • Exposed OTP secret for not-yet serialised Transaction entities #8 (mirichan)

0.2.0

0.2.0 Pre-release
Pre-release

Choose a tag to compare

@nikolaseu nikolaseu released this 06 Apr 14:46

Full Changelog

Added

  • Add transaction not found error to GuardianException #5 (nikolaseu)

Changed

0.1.0

0.1.0 Pre-release
Pre-release

Choose a tag to compare

@hzalaz hzalaz released this 24 Mar 23:51
434ea3b

Full Changelog

Changed

  • Exposed protected Transaction data #3 (mirichan)

Release 0.0.1

Release 0.0.1 Pre-release
Pre-release

Choose a tag to compare

@nikolaseu nikolaseu released this 10 Mar 19:45

First release of Guardian for Java

Install

Get Guardian Java via Maven:

<dependency>
  <groupId>com.auth0</groupId>
  <artifactId>guardian</artifactId>
  <version>0.0.1</version>
</dependency>

or Gradle:

compile 'com.auth0:guardian:0.0.1'

Usage

Create an instance of Guardian using you Guardian URL:

Guardian guardian = new Guardian("https://<tenant>.guardian.auth0.com");

Obtain an enrollment ticket from API2:

String enrollmentTicket = "Ag1qX7vZVBvyTKhFwrkzaCH2M8vn5b6c";

Enrollment

Use the ticket and EnrollmentType.TOTP() to request an TOTP enrollment, or EnrollmentType.SMS() and the phone number
for an SMS enrollment.

For TOTP you must ask for the TOTP URI to show to the user in the QR code.

Transaction enrollmentTransaction;
try {
    enrollmentTransaction = guardian
            .requestEnroll(enrollmentTicket, EnrollmentType.TOTP());
            // or .requestEnroll(enrollmentTicket, EnrollmentType.SMS("+549XXXXXXXX58"));

    // Only for TOTP: use the TOTP URI to create a QR and scan with an app
    String totpURI = enrollmentTransaction.totpURI("Username", "Issuer");
    System.out.println(totpURI);

} catch (IOException e) {
    // connection issue, might be internet (or invalid certificates for example)
} catch (GuardianException e) {
    if (e.isAlreadyEnrolled()) {
        // the user was already enrolled
    } else if (e.isInvalidToken()) {
        // the ticket is not valid anymore, or was already used
    } else {
        // some other guardian error, check the message
    }
}

Transaction storage

Transaction implements java.io.Serializable interface so you can save and restore it easily.

The transaction contains sensitive information like the transaction token and the recovery code. Keep in mind this
when considering possible storage options.

Confirm enrollment

Restore the enrollment transaction from wherever you saved it, and use it together with the OTP that the user inputs to
confirm the enrollment, whether it's TOTP or SMS.

If the OTP was valid, the enrollment is confirmed and you get an object that contains the recovery code.

// get the OTP from SMS or TOTP app
String code = "123456";

try {
    Enrollment enrollment = guardian.confirmEnroll(enrollmentTransaction, code);

    // Get the recovery code and show to the user
    String recoveryCode = enrollment.getRecoveryCode();
    System.out.println(recoveryCode);

} catch (IOException e) {
    // connection issue, might be internet (or invalid certificates for example)
} catch (GuardianException e) {
    if (e.isInvalidToken()) {
        // the transaction is not valid anymore
    } else if (e.isInvalidOTP()) {
        // the OTP is not valid
    } else {
        // some other guardian error, check the message
    }
}