Exposed protected Transaction data

src/main/java/com/auth0/guardian/Guardian.java

@@ -108,4 +108,34 @@ public Enrollment confirmEnroll(Transaction transaction, String otp)
 
         return new Enrollment(transaction.getRecoveryCode());
     }
+
+    /**
+     * Confirms an enrollment started with {@link Guardian#requestEnroll(String, EnrollmentType)}.
+     * <p>
+     * Use this method to confirm an enrollment transaction once the user scanned the QR code with a TOTP app (for a
+     * transaction initiated with {@link EnrollmentType#TOTP()}) or when the user received the OTP code delivered to his
+     * phone number by SMS (for a transaction initiated with {@link EnrollmentType#SMS(String)}).
+     *
+     * This overload is intended for stateless applications where {@link java.io.Serializable} is not acceptable,
+     * avoiding the necessity of utilising poor practises to preserve {@link Transaction} between user actions.
+     *
+     * @param transactionToken the token associated with the transaction to confirm.
+     * @param otp              the code obtained from the TOTP app or delivered to the phone number by SMS
+     * @throws IOException              when there's a connection issue
+     * @throws IllegalArgumentException when the transaction is not valid
+     * @throws GuardianException        when there's a Guardian specific issue (invalid otp for example)
+     */
+    public void confirmEnroll(String transactionToken, String otp)
+            throws IOException, IllegalArgumentException, GuardianException {
+        if (transactionToken == null) {
+            throw new IllegalArgumentException("Invalid enrollment transaction");
+        }
+        if (otp == null) {
+            throw new IllegalArgumentException("Invalid OTP");
+        }
+
+        apiClient
+                .verifyOTP(transactionToken, otp)
+                .execute();
+    }
 }

src/main/java/com/auth0/guardian/Transaction.java

@@ -48,11 +48,11 @@ public class Transaction implements Serializable {
         this.otpSecret = otpSecret;
     }
 
-    String getTransactionToken() {
+    public String getTransactionToken() {
         return transactionToken;
     }
 
-    String getRecoveryCode() {
+    public String getRecoveryCode() {
         return recoveryCode;
     }
 

src/test/java/com/auth0/guardian/GuardianTest.java

@@ -240,7 +240,7 @@ public void shouldFailConfirmationWhenTransationIsNull() throws Exception {
         server.emptyResponse();
 
         guardian
-                .confirmEnroll(null, OTP_CODE);
+                .confirmEnroll((Transaction)null, OTP_CODE);
     }
 
     @Test
@@ -264,4 +264,57 @@ public void shouldFailConfirmationWhenOtpIsNull() throws Exception {
         guardian
                 .confirmEnroll(new Transaction("TRANSACTION_TOKEN", null, null), null);
     }
+
+    @Test
+    public void shouldConfirmEnrollOverload() throws Exception {
+        server.jsonResponse(MockServer.START_FLOW_VALID, 201);
+        server.emptyResponse();
+
+        Transaction transaction = guardian
+                .requestEnroll(ENROLLMENT_TICKET, EnrollmentType.TOTP());
+
+        guardian
+                .confirmEnroll(transaction.getTransactionToken(), OTP_CODE);
+
+        RecordedRequest startFlowRequest = server.takeRequest();
+
+        assertThat(startFlowRequest, hasMethodAndPath("POST", "/api/start-flow"));
+        assertThat(startFlowRequest, hasHeader("Content-Type", "application/json; charset=utf-8"));
+        assertThat(startFlowRequest, hasHeader("Authorization", "Ticket id=\"ENROLLMENT_TICKET\""));
+
+        Map<String, Object> startFlowBody = bodyFromRequest(startFlowRequest);
+        assertThat(startFlowBody, hasEntry("state_transport", (Object) "polling"));
+
+        RecordedRequest verifyOtpRequest = server.takeRequest();
+
+        assertThat(verifyOtpRequest, hasMethodAndPath("POST", "/api/verify-otp"));
+        assertThat(verifyOtpRequest, hasHeader("Content-Type", "application/json; charset=utf-8"));
+        assertThat(verifyOtpRequest, hasHeader("Authorization", "Bearer THE_TRANSACTION_TOKEN"));
+
+        Map<String, Object> verifyOtpBody = bodyFromRequest(verifyOtpRequest);
+        assertThat(verifyOtpBody, hasEntry("type", (Object) "manual_input"));
+        assertThat(verifyOtpBody, hasEntry("code", (Object) "OTP_CODE"));
+    }
+
+    @Test
+    public void shouldFailConfirmationOverloadWhenNoTokenIsProvided() throws Exception {
+        exception.expect(IllegalArgumentException.class);
+        exception.expectMessage("Invalid enrollment transaction");
+
+        server.emptyResponse();
+
+        guardian
+                .confirmEnroll((String)null, OTP_CODE);
+    }
+
+    @Test
+    public void shouldFailConfirmationOverloadWhenOtpIsNull() throws Exception {
+        exception.expect(IllegalArgumentException.class);
+        exception.expectMessage("Invalid OTP");
+
+        server.emptyResponse();
+
+        guardian
+                .confirmEnroll("TRANSACTION_TOKEN", null);
+    }
 }