Are you happy with your logging solution? Would you help us out by taking a 30-second survey? Click here


Pluggable HTTP authentication for Swift.

Subscribe to updates I use Superb

Statistics on Superb

Number of watchers on Github 209
Number of open issues 7
Average time to close an issue 5 days
Main language Swift
Average time to merge a PR 10 days
Open pull requests 3+
Closed pull requests 2+
Last commit over 1 year ago
Repo Created over 2 years ago
Repo Last Updated over 1 year ago
Size 289 KB
Organization / Authorthoughtbot
Latest Release0.2.0
Page Updated
Do you use Superb? Leave a review!
View open issues (7)
View on github
Fresh, new opensource launches 🚀🚀🚀
Trendy new open source projects in your inbox! View examples

Subscribe to our mailing list

Evaluating Superb for your project? Score Explanation
Commits Score (?)
Issues & PR Score (?)

Superb Carthage compatible

Pluggable HTTP authentication for Swift.


  • Safe, secure token storage in the iOS Keychain.
  • Automatic handling of 401 responses and reauthentication.
  • Scales to handle many concurrent requests in a thread-safe way.
  • Stays out of your way until you need it with a simple, minimal API.
  • Promotes Apple's Authentication Guidelines by delaying sign-in as long as possible.
  • Supports adapters for any number of authentication providers.
  • Extensible without requiring any source modifications or pull requests.


  • Opinionated about user experience.


Example: GitHub OAuth Authentication

When you register the app with your OAuth provider, you will give a redirect URI. This URI must use a URL scheme that is registered for your app in your app's Info.plist.

Superb allows your app to support multiple authentication providers via a registration mechanism. iOS apps have a single entrypoint for URLs, so Superb searches through the registered providers to find the correct one to handle the redirect URL.

// GitHub+Providers.swift

import Superb
import SuperbGitHub

extension GitHubOAuthProvider {
  static var shared: GitHubOAuthProvider {
    // Register a provider to handle callback URLs
    return Superb.register(
        clientId: "<your client id>",
        clientSecret: "<your client secret>",
        redirectURI: URL(string: "<your chosen redirect URI>")!
// AppDelegate.swift

final class AppDelegate: UIResponder, UIApplicationDelegate {
  // ...

  func application(_ app: UIApplication, open url: URL, options: [UIApplicationOpenURLOptionsKey: Any]) -> Bool {
    // Pass the URL and options off to Superb.
    return Superb.handleAuthenticationRedirect(url, options: options)

Then, in our API client, we can use RequestAuthorizer to fence the code that must be run with authentication, using RequestAuthorizer.performAuthorized().

// GitHubAPIClient.swift

struct GitHubAPIClient {
  static let oauthClient = GitHubAPIClient(
    requestAuthorizer: RequestAuthorizer(
      authorizationProvider: GitHubOAuthProvider.shared

  private let authorizer: RequestAuthorizerProtocol

  init(requestAuthorizer: RequestAuthorizerProtocol) {
    authorizer = requestAuthorizer

  // An authorized request to get the current user's profile.
  func getProfile(completionHandler: @escaping (Result<Profile, SuperbError>) -> Void) {
    let request = URLRequest(url: URL(string: "")!)

    authorizer.performAuthorized(request) { result in
      switch result {
      case let .success(data, _):
        let profile = parseProfile(from: data)

      case let .failure(error):

  // An unauthorized request.
  func getZen(completionHandler: @escaping (Result<String, SuperbError>) -> Void) {
    let request = URLRequest(url: URL(string: "")!)

    URLSession.shared.dataTask(with: request) { data, _, error in
      let result = parseZen(data, error)

// later
let api = GitHubAPIClient.oauthClient

api.getProfile { result in
  // ...

List of Authentication Providers



Add the following to your Cartfile:

github "thoughtbot/Superb" ~> 0.2

Then run carthage update.

Follow the current instructions in Carthage's README for up to date installation instructions.

You will need to embed both Superb.framework and Result.framework in your application.


Add the following to your Podfile:

pod "Superb", "~> 0.2.0"

You will also need to make sure you're opting into using frameworks:


Then run pod install.


Authentication always fails when using OAuth

You forgot to call Superb.register.

If you do not call Superb.register then your authentication provider will not have a chance to receive callback URLs.


See the CONTRIBUTING document. Thank you, contributors!


Superb is Copyright (c) 2017 thoughtbot, inc. It is free software, and may be redistributed under the terms specified in the LICENSE file.



Superb is maintained and funded by thoughtbot, inc. The names and logos for thoughtbot are trademarks of thoughtbot, inc.

We love open source software! See our other projects or look at our product case studies and hire us to help build your iOS app.

Superb open issues Ask a question     (View All Issues)
  • over 2 years Add support for cancelling requests
  • over 2 years Announcement blog post
  • over 2 years Split superb-github out
  • over 2 years Add some documentation / guides
Superb open pull requests (View All Pulls)
  • Update SuperbDemo to use SuperbGitHub via Carthage
  • Add Twitter API integration to demo app
  • Allow requests to be cancelled
Superb questions on Stackoverflow (View All Questions)
  • How to implement the follwing below url Superb Material design Menu animation in android
  • What does the Parameter superb in LAPACKE_dgesvd(..) mean?
  • Android webDriver selenium tests fail to run on Emulators but working superb on Real Devices
  • Centering Not Possible On All Mobile Browsers - Normal Browser Works Superb
  • How does this superb quine work?
  • How is this superb site constructed?
Superb list of languages used
Superb latest release notes
0.2.0 0.2

Thanks for using Superb!


  • A new clearToken() method on RequestAuthorizer allows the current authentication token to be manually cleared. (#35, #36)


  • The authorizationProvider: parameter to RequestAuthorizer.init has been renamed to authenticationProvider:. (#38)
Other projects in Swift