A mechanism for evaluating authentication policies and access controls.


You use an authentication context to evaluate the user’s identity, either with biometrics like Touch ID or Face ID, or by supplying the device passcode. The context handles user interaction, and also interfaces to the Secure Enclave, the underlying hardware element that manages biometric data. You create and configure the context, and ask it to carry out the authentication. You then receive an asynchronous callback, which provides an indication of authentication success or failure, and an error instance that explains the reason for a failure, if any.


Checking Availability

func canEvaluatePolicy(LAPolicy, error: NSErrorPointer) -> Bool

Assesses whether authentication can proceed for a given policy.

enum LAPolicy

The set of available local authentication policies.

var biometryType: LABiometryType

The type of biometric authentication supported by the device.

enum LABiometryType

The set of available biometric authentication types.

Evaluating Authentication Policies

var evaluatedPolicyDomainState: Data?

The current state of the evaluated policy domain.

var maxBiometryFailures: NSNumber?

The number of biometric authentication failures after which the context falls back to another mechanism.

Evaluation Options

Legacy options used in evaluating a policy.

Evaluating Access Controls

enum LAAccessControlOperation

Operations to be evaluated for access control.

var interactionNotAllowed: Bool

A Boolean value indicating whether authentication can be interactive.

Customizing Authentication Prompts

var localizedReason: String

The localized explanation for authentication shown in the dialog presented to the user.

var localizedFallbackTitle: String?

The localized title for the fallback button in the dialog presented to the user during authentication.

var localizedCancelTitle: String?

The localized title for the fallback button in the dialog presented to the user during authentication.

Reusing Device Unlock State

var touchIDAuthenticationAllowableReuseDuration: TimeInterval

The duration for which Touch ID authentication reuse is allowable.

Managing Credentials

func setCredential(Data?, type: LACredentialType) -> Bool

Sets an application-provided credential to be used when evaluating authentication.

func isCredentialSet(LACredentialType) -> Bool

Returns a Boolean value indicating whether the specified credential type is set.

enum LACredentialType

The types of credentials to be used for authentication.

Invalidating the Authentication Context

func invalidate()

Invalidates the authentication context.


Inherits From

Conforms To

See Also

Authentication and Access

Accessing Keychain Items with Face ID or Touch ID

Protect a keychain item with biometric authentication.