A comprehensive, production-ready authentication system showcasing modern Swift development practices across backend and iOS platforms.
<<<<<<< HEAD
=======
develop
This project demonstrates best-in-class authentication architecture using the latest Swift technologies and industry security standards. While themed as an ecommerce application for context, the core focus for now is building the most robust, secure, and modern authentication system possible with Swift.
- Backend: Built with Hummingbird 2.0 - the next-generation Swift server framework
- iOS Client: SwiftUI with modern
@Observablemacro and@MainActorisolation - Networking: Actor-based concurrency with automatic token refresh and race condition prevention
- Security: Keychain storage and JWT token management patterns
- Multi-Factor Authentication (MFA):
- TOTP (Time-based One-Time Passwords) with QR code generation
- Email-based MFA with resend capabilities
- Recovery codes system with secure backup
- Granular MFA method selection and management
- Advanced Session Management:
- JWT tokens with automatic refresh
- Actor-isolated token storage preventing race conditions
- Account lockout with configurable retry policies
- Rate limiting with permit-based system
- Social Authentication:
- Google Sign-In integration
- Apple Sign In support
- Unified response handling across all auth methods
- Core Authentication:
- Email/Username + Password sign-in
- Social authentication (Google, Apple)
- Multi-factor authentication (TOTP, Email)
- Password reset with email verification
- Account recovery with backup codes
- Role-based access control (planned)
- Password Security:
- Secure password validation and hashing (bcrypt)
- Password history tracking
- Account lockout protection
- Token Management:
- JWT-based authentication with refresh tokens
- Token blacklisting and invalidation
- Secure token rotation
- Concurrent session management
- Protection Mechanisms:
- Rate limiting with exponential backoff
- Brute force protection
- Account lockout with retry policies
- Certificate pinning (planned)
- Verification Flows:
- Email verification during registration
- MFA setup notifications
- Password reset emails
- Security notifications
- Integration:
- SendGrid email service integration
- Configurable email templates
- Authentication Flow:
- SwiftUI-based sign up/sign in screens
- Social authentication integration
- MFA support with QR code scanning
- Password recovery flow
- Secure token storage using Keychain
- Biometric authentication (planned)
- User Experience:
- Real-time form validation
- Intelligent error handling and recovery
- Seamless MFA setup with QR codes
- Progressive authentication flows
- Localization support (planned)
- Push notifications (planned)
- Offline support (planned)
- Sophisticated Error Handling: Typed errors with comprehensive HTTP status mapping
- Network Resilience: Exponential backoff, retry logic, and response caching
- Security Best Practices: Keychain storage, bearer token injection, secure password reset flows
- Comprehensive Testing: Full test suite covering auth flows and edge cases
βββ Controllers/
β βββ AuthController.swift # Core authentication
β βββ EmailMFAController.swift # Email-based MFA
β βββ TOTPController.swift # TOTP management
β βββ MFARecoveryController.swift # Recovery codes
β βββ OAuthController.swift # OAuth flows
β βββ SocialAuthController.swift # Social login
β βββ UserController.swift # User management
βββ Models/
β βββ User/ # User entities and DTOs
β βββ Auth/ # Authentication models
βββ Services/ # Business logic layer
βββ Middleware/ # Request/response middleware
βββ Migrations/ # Database schema
βββ Authentication/
β βββ AuthManager.swift # Central auth orchestration
β βββ TOTPManager.swift # TOTP MFA management
β βββ EmailVerificationManager.swift # Email verification flows
β βββ SocialAuthManager.swift # Social login coordination
β βββ Views/ # SwiftUI authentication views
βββ Networking/
β βββ NetworkManager.swift # Actor-based HTTP client
β βββ AuthorizationManager.swift # Token lifecycle management
β βββ TokenStore.swift # Keychain-backed storage
β βββ RetryHandler.swift # Network resilience
βββ Models/ # Shared data models
- Hummingbird 2.0 - Modern async server framework
- Hummingbird Auth 2.0 - Advanced authentication
- JWT Kit 5.0-beta - JSON Web Token implementation
- AsyncHTTPClient 1.19 - High-performance HTTP
- PostgreSQL - Production database with migrations
- SwiftUI with
@Observableand@MainActorpatterns - Swift Concurrency - Full async/await with actor isolation
- Keychain Services - Secure credential storage
- Network Framework - Modern HTTP client with caching
- Swift Crypto - Apple's cryptographic library
- TOTP RFC 6238 - Time-based one-time passwords
- OAuth 2.0 - Industry standard authorization
- JWT RFC 7519 - Secure token format
- Xcode 15.0+ with Swift 5.9+
- macOS 14.0+ for development
- PostgreSQL 14+ for backend database
- Docker (optional) for containerized development
cd EcommerceServer
swift package resolve
swift run App serve --port 8080cd Ecommerce
open Ecommerce.xcodeproj
# Configure your development team and runCopy .env.example to .env and configure:
DATABASE_URL=postgresql://localhost:5432/ecommerce
JWT_SECRET=your-secret-key
SENDGRID_API_KEY=your-sendgrid-key
GOOGLE_CLIENT_ID=your-google-client-id- β Email/Username + Password sign-in
- β Social authentication (Google, Apple)
- β Multi-factor authentication (TOTP, Email)
- β Password reset with email verification
- β Account recovery with backup codes
- β JWT token-based authentication
- β Automatic token refresh with race condition prevention
- β Account lockout after failed attempts
- β Rate limiting and DDoS protection
- β Secure password hashing (bcrypt)
- β CSRF protection and secure headers
- β Seamless MFA setup with QR codes
- β Progressive authentication flows
- β Intelligent error handling and recovery
- β Offline-capable with local caching
- β Accessibility support (VoiceOver, Dynamic Type)
cd EcommerceServer
swift test# Main app tests (Auth, Managers, etc.)
xcodebuild test -project Ecommerce.xcodeproj -scheme Ecommerce
# Networking layer tests
cd Ecommerce/Networking
swift test- Setup Guide - Detailed installation instructions
- API Reference - Complete backend API documentation
- Security Model - Security implementation details
- Architecture Guide - System design and patterns
Built with cutting-edge Swift technologies:
- Hummingbird 2.0 - Next-generation Swift server framework
- Hummingbird Auth 2.0 - Advanced authentication framework
- Hummingbird Fluent 2.0-beta - Modern ORM integration
- JWT Kit 5.0-beta - Latest JSON Web Token implementation
- AsyncHTTPClient 1.19 - High-performance HTTP client
- SendGrid Kit 3.0 - Email service integration
- Swift Crypto - Apple's cryptographic library
- GoogleSignIn - Google authentication SDK
- KeychainSwift - Keychain wrapper library
This project is open source and available under the MIT License.