I have a proof of concept implementation of this package available on GitHub.
Introduction
This pitch proposes the introduction of an Authentication package, which will provide lightweight yet opinionated abstractions enabling developers to build secure authentication systems in Swift.
Motivation
As adoption of Swift on the server continues to increase, and the server-side Swift ecosystem grows (e.g. with introduction of Swift Service Discovery), various approaches to building authentication and authorization mechanisms are likely to pop up. Swift Authentication seeks to address the former challenge. (I have also worked on a complimentary Swift Authorization package, but that's for another day.)
Swift Authentication aims to address sensitive use cases that could have profound security implications. An openly-available package with good documentation (and perhaps more importantly, recommendations) made available in the IDE (Xcode or otherwise) could make Swift an even more attractive solution for building services with authentication requirements.
Related Work
Notably, Apple has an existing AuthenticationServices
framework that is very similar to this proposed package. There are two key reasons I believe they can co-exist:
- Swift Authentication is/will be available as open source, accepting contributions and being generally steered by the larger Swift community.
- Swift Authentication will be platform agnostic, whereas Apple's AuthenticationServices framework is primarily meant (and includes features) specific to Apple platforms.
Hypothetically, the AuthenticationServices framework from Apple could eventually leverage Swift Authentication under the hood.
Implementation
The surface area of this package is minimal by design. Authentication occurs in many different contexts, relying on various different pieces of information. Because we can't predict what all those contexts might be, the general purpose of the package is encapsulated in an AuthenticationService
protocol.
Beyond that, Swift Authentication will shine by providing a suite of opinionated credential implementations that can be used to accelerate the development of secure authentication systems. The only example in my proof of concept is the UsernamePasswordCredential
. This is similar to the ASPasswordCredential
defined in the Apple AuthenticationServices
framework.
Potential areas for other credentials:
- OpenID Connect
- Public key cryptosystems
- FIDO U2F
Conclusion
I think that it would make sense for the Swift Server Working Group to pursue an opinionated authentication package, such as Swift Authentication, to encourage the usage of Swift for building cross-platform services with authentication requirements.
Direct contributions via GitHub to the package are welcome as well. Further discussion, issues, PRs, etc. You can also ping me on Twitter (@sjroot) to discuss further.