auth0
diff --git a/‎Guardian/Authentication.swift
Lines changed: 1 addition & 1 deletion b/‎Guardian/Authentication.swift
Lines changed: 1 addition & 1 deletion
diff --git a/‎Guardian/Guardian.swift
Lines changed: 140 additions & 1 deletion b/‎Guardian/Guardian.swift
Lines changed: 140 additions & 1 deletion
diff --git a/‎GuardianTests/APIClientSpec.swift
Lines changed: 11 additions & 11 deletions b/‎GuardianTests/APIClientSpec.swift
Lines changed: 11 additions & 11 deletions
@@ -144,7 +144,7 @@ struct RSAAuthentication: Authentication {
             var jwtPayload: [String: Any] = [
                 "iat": currentTime,
                 "exp": currentTime + RSAAuthentication.challengeResponseExpiresInSecs,
-                "aud": self.api.baseUrl.absoluteString,
+                "aud": self.api.baseUrl.appendingPathComponent("api/resolve-transaction").absoluteString,
                 "iss": self.enrollment.deviceIdentifier,
                 "sub": challenge,
                 "auth0_guardian_method": "push",
 
@@ -37,7 +37,25 @@ import Foundation
  - seealso: Guardian.API
  */
 public func api(forDomain domain: String, session: URLSession = .shared) -> API {
-    return APIClient(baseUrl: url(from: domain)!, session: session)
+    return api(url: url(from: domain)!, session: session)
+}
+
+/**
+ Creates a low level API client for Guardian MFA server
+
+ ```
+ let api = Guardian.api(url: URL(string: "https://tenant.guardian.auth0.com/")!)
+ ```
+
+ - parameter url:       URL of your Guardian server
+ - parameter session:   session to use for network requests
+
+ - returns: an Guardian API client
+
+ - seealso: Guardian.API
+ */
+public func api(url: URL, session: URLSession = .shared) -> API {
+    return APIClient(baseUrl: url, session: session)
 }
 
 /**
@@ -63,6 +81,30 @@ public func authentication(forDomain domain: String, andEnrollment enrollment: E
     return RSAAuthentication(api: client, enrollment: enrollment)
 }
 
+/**
+ Creates an authentication manager for a Guardian enrollment
+
+ ```
+ let enrollment: Enrollment = // the object you obtained when enrolling
+ let authenticator = Guardian
+    .authentication(url: URL(string: "https://tenant.guardian.auth0.com/")!,
+                    andEnrollment: enrollment)
+ ```
+
+ - parameter url:           URL of your Guardian server
+ - parameter andEnrollment: the enrollment that will be used to handle
+ authentication
+ - parameter session:       session to use for network requests
+
+ - returns: an `Authentication` instance
+
+ - seealso: Guardian.Authentication
+ */
+public func authentication(url: URL, andEnrollment enrollment: Enrollment, session: URLSession = .shared) -> Authentication {
+    let client = api(url: url, session: session)
+    return RSAAuthentication(api: client, enrollment: enrollment)
+}
+
 /**
  Creates a request to enroll from a Guardian enrollment URI
 
@@ -112,6 +154,55 @@ public func enroll(forDomain domain: String, session: URLSession = .shared, usin
     return EnrollRequest(api: client, enrollmentUri: uri, notificationToken: notificationToken, keyPair: keyPair)
 }
 
+/**
+ Creates a request to enroll from a Guardian enrollment URI
+
+ You'll have to create a new pair of RSA keys for the enrollment.
+ The keys will be stored on the keychain, and we'll later access them by `tag`,
+ so you should use a unique identifier every time you create them.
+
+ ```
+ let rsaKeyPair = RSAKeyPair.new(usingPublicTag: "com.auth0.guardian.enroll.public",
+                                 privateTag: "com.auth0.guardian.enroll.private")
+ ```
+
+ You will also need an enroll uri (from a Guardian QR code for example) and the
+ APNS token for the device.
+
+ Finally, to create an enrollment you just use it like this:
+
+ ```
+ let enrollUri: String = // obtained from a Guardian QR code
+ let apnsToken: String = // apple push notification service token for this device
+
+ Guardian
+    .enroll(url: URL(string: "https://tenant.guardian.auth0.com/")!,
+            usingUri: enrollUri,
+            notificationToken: apnsToken,
+            keyPair: rsaKeyPair)
+    .start { result in
+        switch result {
+        case .success(let enrollment):
+            // we have the enrollment data, save it for later usages
+        case .failure(let cause):
+            // something failed
+        }
+ }
+ ```
+
+ - parameter url:               URL of your Guardian server
+ - parameter session:           session to use for network requests
+ - parameter usingUri:          the enrollment URI
+ - parameter notificationToken: the APNS token of the device
+ - parameter keyPair:           the RSA key pair
+
+ - returns: a request to create an enrollment
+ */
+public func enroll(url: URL, session: URLSession = .shared, usingUri uri: String, notificationToken: String, keyPair: RSAKeyPair) -> EnrollRequest {
+    let client = api(url: url, session: session)
+    return EnrollRequest(api: client, enrollmentUri: uri, notificationToken: notificationToken, keyPair: keyPair)
+}
+
 /**
  Creates a request to enroll from a Guardian enrollment ticket
 
@@ -160,6 +251,54 @@ public func enroll(forDomain domain: String, session: URLSession = .shared, usin
     return EnrollRequest(api: client, enrollmentTicket: ticket, notificationToken: notificationToken, keyPair: keyPair)
 }
 
+/**
+ Creates a request to enroll from a Guardian enrollment ticket
+
+ You'll have to create a new pair of RSA keys for the enrollment.
+ The keys will be stored on the keychain, and we'll later access them by `tag`,
+ so you should use a unique identifier every time you create them.
+
+ ```
+ let rsaKeyPair = RSAKeyPair.new(usingPublicTag: "com.auth0.guardian.enroll.public",
+                                 privateTag: "com.auth0.guardian.enroll.private")
+ ```
+
+ You will also need an enroll ticket and the APNS token for the device.
+
+ Finally, to create an enrollment you just use it like this:
+
+ ```
+ let enrollTicket: String = // obtained from a Guardian QR code or email
+ let apnsToken: String = // apple push notification service token for this device
+
+ Guardian
+    .enroll(url: URL(string: "https://tenant.guardian.auth0.com/")!,
+            usingTicket: enrollTicket,
+            notificationToken: apnsToken,
+            keyPair: rsaKeyPair)
+    .start { result in
+        switch result {
+        case .success(let enrollment):
+            // we have the enrollment data, save it for later usages
+        case .failure(let cause):
+            // something failed
+        }
+ }
+ ```
+
+ - parameter url:               URL of your Guardian server
+ - parameter session:           session to use for network requests
+ - parameter usingTicket:       the enrollment ticket
+ - parameter notificationToken: the APNS token of the device
+ - parameter keyPair:           the RSA key pair
+
+ - returns: a request to create an enrollment
+ */
+public func enroll(url: URL, session: URLSession = .shared, usingTicket ticket: String, notificationToken: String, keyPair: RSAKeyPair) -> EnrollRequest {
+    let client = api(url: url, session: session)
+    return EnrollRequest(api: client, enrollmentTicket: ticket, notificationToken: notificationToken, keyPair: keyPair)
+}
+
 /**
  Parses and returns the data about the push notification's authentication
  request.
 
@@ -30,7 +30,7 @@ class APIClientSpec: QuickSpec {
 
     override func spec() {
 
-        let client = APIClient(baseUrl: URL(string: "https://\(Domain)/")!, session: URLSession.shared)
+        let client = APIClient(baseUrl: ValidURL, session: URLSession.shared)
 
         beforeEach {
             stub(condition: { _ in return true }) { _ in
@@ -45,7 +45,7 @@ class APIClientSpec: QuickSpec {
         describe("enroll") {
 
             beforeEach {
-                stub(condition: isMobileEnroll(domain: Domain)
+                stub(condition: isMobileEnroll(baseUrl: ValidURL)
                     && hasTicketAuth(ValidTransactionId)
                     && hasAtLeast([
                         "identifier": ValidDeviceIdentifier,
@@ -100,14 +100,14 @@ class APIClientSpec: QuickSpec {
         describe("resolve-transaction") {
 
             beforeEach {
-                stub(condition: isResolveTransaction(domain: Domain)) { _ in
+                stub(condition: isResolveTransaction(baseUrl: ValidURL)) { _ in
                     return errorResponse(statusCode: 404, errorCode: "invalid_token", message: "Invalid transaction token")
                     }.name = "Missing authentication"
-                stub(condition: isResolveTransaction(domain: Domain)
+                stub(condition: isResolveTransaction(baseUrl: ValidURL)
                     && hasBearerToken(ValidTransactionToken)) { req in
                         return errorResponse(statusCode: 401, errorCode: "invalid_challenge", message: "Invalid challenge_response")
                     }.name = "Invalid challenge_response"
-                stub(condition: isResolveTransaction(domain: Domain)
+                stub(condition: isResolveTransaction(baseUrl: ValidURL)
                     && hasBearerToken(ValidTransactionToken)
                     && hasAtLeast([
                         "challenge_response": ValidChallengeResponse
@@ -153,14 +153,14 @@ class APIClientSpec: QuickSpec {
         describe("delete enrollment") {
 
             beforeEach {
-                stub(condition: isDeleteEnrollment(domain: Domain)) { _ in
+                stub(condition: isDeleteEnrollment(baseUrl: ValidURL)) { _ in
                     return errorResponse(statusCode: 404, errorCode: "invalid_token", message: "Invalid transaction token")
                     }.name = "Missing authentication"
-                stub(condition: isDeleteEnrollment(domain: Domain)
+                stub(condition: isDeleteEnrollment(baseUrl: ValidURL)
                     && hasBearerToken(ValidEnrollmentToken)) { _ in
                         return errorResponse(statusCode: 404, errorCode: "enrollment_not_found", message: "Enrollment not found")
                     }.name = "Enrollment not found"
-                stub(condition: isDeleteEnrollment(domain: Domain, enrollmentId: ValidEnrollmentId)
+                stub(condition: isDeleteEnrollment(baseUrl: ValidURL, enrollmentId: ValidEnrollmentId)
                     && hasBearerToken(ValidEnrollmentToken)) { _ in
                         return successResponse()
                     }.name = "Valid delete enrollment"
@@ -206,14 +206,14 @@ class APIClientSpec: QuickSpec {
         describe("update enrollment") {
 
             beforeEach {
-                stub(condition: isUpdateEnrollment(domain: Domain)) { _ in
+                stub(condition: isUpdateEnrollment(baseUrl: ValidURL)) { _ in
                     return errorResponse(statusCode: 404, errorCode: "invalid_token", message: "Invalid transaction token")
                     }.name = "Missing authentication"
-                stub(condition: isUpdateEnrollment(domain: Domain)
+                stub(condition: isUpdateEnrollment(baseUrl: ValidURL)
                     && hasBearerToken(ValidEnrollmentToken)) { _ in
                         return errorResponse(statusCode: 404, errorCode: "enrollment_not_found", message: "Enrollment not found")
                     }.name = "Enrollment not found"
-                stub(condition: isUpdateEnrollment(domain: Domain, enrollmentId: ValidEnrollmentId)
+                stub(condition: isUpdateEnrollment(baseUrl: ValidURL, enrollmentId: ValidEnrollmentId)
                     && hasBearerToken(ValidEnrollmentToken)) { req in
                         let payload = req.a0_payload
                         let pushCredentials = payload?["push_credentials"] as? [String: String]