Purpose
Add secure authentication to an existing iOS project using Apple-native approaches.
Arguments
--providers <list>— Comma-separated providers (default:apple,biometric)apple— Sign in with Applebiometric— Face ID / Touch IDcredentials— Email/password (requires backend)
--with-backend— Include API client for backend auth
What gets created
Services/
├── Auth/
│ ├── AuthService.swift # Main auth service
│ ├── AuthState.swift # Auth state enum
│ ├── KeychainManager.swift # Secure token storage
│ ├── BiometricAuthManager.swift # Face ID / Touch ID
│ └── SignInWithAppleManager.swift
Features/
├── Auth/
│ ├── SignInView.swift # Sign-in screen
│ ├── SignInViewModel.swift
│ └── AuthenticatedContainer.swift # Wraps authenticated content
Models/
└── User.swift # User model
Capabilities required
Add to Xcode project:
- Sign in with Apple capability (for
appleprovider)
Add to Info.plist:
NSFaceIDUsageDescription— "Use Face ID to unlock the app"
Keychain storage
- Access tokens stored in Keychain (not UserDefaults)
- Uses
kSecAttrAccessibleWhenUnlockedThisDeviceOnly - Biometric-protected option available
Auth flow
- Check for existing session (Keychain)
- If biometrics enabled, prompt for Face ID/Touch ID
- If no session, show sign-in screen
- On successful auth, store tokens in Keychain
- Handle token refresh (if backend)
Workflow
- Add Sign in with Apple capability in Xcode
- Create auth services and managers
- Create sign-in UI
- Create authenticated container wrapper
- Integrate with DependencyContainer
- Add Info.plist entries
- Test on device (biometrics require device)
Security requirements
- Never store tokens in UserDefaults
- Use Keychain with appropriate accessibility
- Validate Sign in with Apple tokens server-side
- Handle biometric fallback gracefully
- Clear Keychain on sign-out
Output
Summarize: providers configured, capabilities needed, UI components, security setup.
Reference
For implementation details and security patterns, see reference/ios-add-auth-reference.md