A Swift Package providing a lightweight, testable client for token-protected REST APIs (OAuth2/JWT), plus a minimal CLI demo.

• OAuth2 login (password + refresh token flow)
• Access/Refresh token storage abstraction
• JSON API client with 401 retry after refresh
• Async/await networking with URLSession
• Optional SSL pinning hooks (extensible)

• SecureAPI (library): Core models, token store, authenticator, HTTP client, API client
• secure-api-cli (executable): Example CLI demonstrating login and a GET /me

• Swift 5.9+
• iOS 14+ or macOS 12+ (library)

Add the package to your Package.swift dependencies or use Xcode's SPM UI.

import SecureAPI

let config = APIConfig(baseURL: URL(string: "https://example.com")!)
let http = URLSessionHTTPClient()
let tokens = InMemoryTokenStore()
let auth = OAuth2Authenticator(config: config, httpClient: http, tokenStore: tokens)
let api = APIClient(baseURL: config.baseURL, httpClient: http, authenticator: auth)

// Login
let _ = try await auth.login(username: "user", password: "pass")

// Authorized request
struct Profile: Decodable { let user: String }
let me: Profile = try await api.requestJSON("GET", path: "/me")

swift build -c release
.build/release/secure-api-cli https://example.com user pass

swift test -v

• Use a real Keychain-backed TokenStore in production (not included here)
• Consider SSL pinning (public key or certificate) where appropriate
• Store client secrets outside the repo; never commit secrets

• Keychain-backed TokenStore
• PKCE/Authorization Code flow
• Structured logging and metrics