Hi,
We are evaluating Swift Package Manager for distributing private packages to external customers.
Our use case requires enterprise-grade authentication beyond standard username/password, personal access token, or SSH key based authentication. Our current authentication model relies on request signing / IAM-based authorization rather than standard Git credentials.
From what we can tell, Swift Package Manager does not appear to expose a built-in mechanism for custom authentication hooks during package resolution. Because of that, we started exploring whether a Git-based workaround might be possible, such as:
using a custom Git URL scheme handling that scheme through a Git remote helper using a Git credential helper or related Git configuration for authentication
We tried a proof of concept along these lines, but Xcode did not seem to recognize or resolve the package correctly.
We are trying to understand what is officially supported and what is not.
Our questions are:
Does Xcode / Swift Package Manager support package dependencies that rely on custom Git URL schemes? During package resolution, does Xcode honor system Git configuration for remote helpers and credential helpers? Is there any difference in support between: adding the package through the Xcode UI resolving through swift package resolve resolving through xcodebuild For private package distribution, is there any Apple-recommended approach when authentication requires request signing or a custom IAM-based flow instead of standard Git credentials? If custom Git authentication is not supported, should we assume the recommended path is to place an authenticated proxy or gateway in front of a standard Git or HTTPS endpoint instead?
We are mainly trying to determine whether this direction is fundamentally unsupported in Xcode / SwiftPM, or whether there is a supported way to integrate enterprise authentication into package resolution.
Any guidance would be appreciated.
Thanks!