Auth
LaunchSwift’s auth flow is selected by AppConfig.deploymentPath through AuthServiceFactory.
iOS files
Section titled “iOS files”ios/SwiftLaunch/Features/Auth/AuthState.swift—@Observableauth stateios/SwiftLaunch/Features/Auth/Models/AuthModels.swift—User,AuthProvider,AuthErrorios/SwiftLaunch/Features/Auth/Services/AuthService.swift— service protocol + factoryios/SwiftLaunch/Features/Auth/Services/AppleAuthService.swift— Sign in with Apple serviceios/SwiftLaunch/Features/Auth/Services/BackendAuthService.swift— backend auth API serviceios/SwiftLaunch/Features/Auth/Views/LoginView.swift— sign-in UIios/SwiftLaunch/Features/Auth/Views/SignUpView.swift— sign-up UI
AuthState API
Section titled “AuthState API”@MainActor@Observablefinal class AuthState { var currentUser: User? var isLoading = false var error: AuthError? var isSignedIn: Bool { currentUser != nil }
func signIn() async func signInWithEmail(email: String, password: String) async func signUp(name: String, email: String, password: String) async func checkSession() async func signOut() async}User and provider models
Section titled “User and provider models”enum AuthProvider: String, Codable, Sendable { case apple case backend}
struct User: Codable, Equatable, Sendable { let id: String let email: String let name: String let authProvider: AuthProvider}Path A (Apple Native)
Section titled “Path A (Apple Native)”AppleAuthService:
- requests credentials via
ASAuthorizationController - checks that
identityTokenandauthorizationCodeare present before saving a session - does not independently decode/verify token or code contents in the current implementation
- saves session in Keychain (
auth.apple.session) - validates existing sessions with
ASAuthorizationAppleIDProvider.credentialState(forUserID:)
LoginView triggers AuthState.signIn() when email auth is disabled.
Path B (Full Stack / better-auth)
Section titled “Path B (Full Stack / better-auth)”Backend files
Section titled “Backend files”backend/src/auth.tsbackend/src/routes/auth.tsbackend/src/middleware/auth.ts
Auth routes mounted by backend
Section titled “Auth routes mounted by backend”backend/src/index.ts mounts authRoutes under /api, so these are the effective paths:
| Method | Path | Description |
|---|---|---|
POST | /api/auth/sign-in/apple | Apple sign-in using identity token |
POST | /api/auth/sign-in/email | Email/password sign-in (handled via /auth/* better-auth handler) |
POST | /api/auth/sign-up/email | Email/password sign-up (handled via /auth/* better-auth handler) |
GET | /api/auth/session | Resolve active session |
POST | /api/auth/sign-out | Sign out |
GET/POST/PUT/PATCH/DELETE/OPTIONS | /api/auth/* | better-auth catch-all handler |
better-auth configuration (current code)
Section titled “better-auth configuration (current code)”- D1 + Drizzle adapter when
DBis available, memory adapter fallback otherwise emailAndPassword.enabled = true- Apple social provider only when
APPLE_CLIENT_IDandAPPLE_CLIENT_SECRETare configured - Bearer plugin enabled (
plugins: [bearer()]) basePath: "/api/auth"
Environment variables used by auth
Section titled “Environment variables used by auth”# RequiredBETTER_AUTH_SECRET=...BETTER_AUTH_URL=https://your-worker.workers.dev
# Optional (enables Apple social auth)APPLE_CLIENT_ID=...APPLE_CLIENT_SECRET=...