SwAuth is an OAuth 2.0 HTTP request library written in Swift for iOS 15.0+, macOS 12.0+, watchOS 8.0+, and tvOS 15.0+.


  • Beautiful readable syntax with async/await! Kiss completion handler hell and the closure jungle goodbye!
  • Supports Authorization Code Grant (RFC 6749/6750), Proof Key for Code Exchange (PKCE) extension for Authorization Code Grant (RFC 7636), and the Device Authorization Grant (RFC 8628).
  • Support for all Apple device platforms.
  • Retry errored requests.
  • Automatically refreshes tokens.
  • Tokens stored on Keychain and cross-site request forgery mitigation by default.
  • Easily deal with JSON responses with SwiftyJSON built-in.
  • Easily integrate with SwiftUI.
  • Complete, meticulous, thorough, documentation.
  • Errors that are probably, maybe, useful.
  • Built on SwiftNIO with AsyncHTTPClient.
  • QR Code for the Device Authorization Flow (tvOS/watchOS).
  • Sample/Example Apps.


  • Xcode 13+
  • iOS 15.0+ | macOS 12.0+ | watchOS 8.0+ | tvOS 15.0+


Swift Package

Use the Swift Package Manager to add SwAuth to your project! Simply add the package to dependencies in your Package.swift:

let package = Package(
    name: "YOUR_PROJECT_NAME",
    dependencies: [
        .package(url: "https://github.com/Colaski/SwAuth.git", from: "1.0.0"),


Select File > Add Packages and enter https://github.com/Colaski/SwAuth.git

Basic Usage

  1. Import SwAuth in files you wish to use it’s amazing features:

    import SwAuth
  2. Create an instance of keychain:

    let keychain = Keychain(service: "com.your.bundleID",
                            accessGroup: "appIdentifierPrefix.com.your.bundleID").label("Your App Name")
  3. Create an instance of the proper authorization flow for your Web API.

    let keychain = Keychain(service: "com.your.bundleID",
                            accessGroup: "appIdentifierPrefix.com.your.bundleID").label("Your App Name")
    let spotify = PKCEAuthorizationFlow(clientID: "YourClientID",
                                        authorizationEndpoint: URL(string: "https://accounts.spotify.com/authorize")!,
                                        tokenEndpoint: URL(string: "https://accounts.spotify.com/api/token")!,
                                        redirectURI: "someapp://callback",
                                        keychain: keychain,
                                        scopes: "user-follow-modify")
  4. Start an ASWebAuthenticationSession like in the example app with the instance’s authorization URL:

  5. Pass the callback URL from the ASWebAuthenticationSession into the provided handler method:

    do {
        try await spotify.authorizationResponseHandler(for: callbackURL)
    } catch {
  6. Make an authorized request:

    do {
        // https://developer.spotify.com/documentation/web-api/reference/#/operations/follow-artists-users
        var request = HTTPRequest(endpoint: URL(sting: "https://api.spotify.com/v1/me/following")!)
        request.httpMethod = .PUT
        request.endpointQueryItems = ["type": "artist"]
        request.httpBody = ["ids": ["5K4W6rqBFWDnAN6FQUkS6x"]]
        request.bodyEncoding = .JSON
        // Send an authenticated HTTP request, this one will follow the artist Kanye West on Spotify.
        let json = try await spotify.authenticatedRequest(for: request, numberOfRetries: 2).json()
        // Prints the JSON output
    } catch {

For more information, read my beautiful documentation: https://swauth.netlify.app/documentation/Swauth


Contributions are welcome!

You do not need a mac to contribute, all you need is Swift and SwiftLint (there is a SwiftLint VSCode extension). No linting rules are added or excluded, the default will do.

Clone the repo:

git clone https://github.com/Colaski/SwAuth.git
cd SwAuth

Make your changes, document them, fix linting errors, see if it works, and submit a PR for review!

Nice to have list:

  • Cocoapods and Carthage integration
  • Include ready to go implementations of Web API’s with endpoints like in the example app
    • Perhaps Spotify, Google, Azure/Microsoft, Github etc.
  • OAuth 1.0 support
  • Linux/Windows support


View Github