Authorization Services

Access restricted areas of the operating system, and control access to particular features of your macOS app.


The Security.Authorization API is a programming interface to the Security Server and its policy database. This API facilitates access control to restricted areas of the operating system and allows you to restrict a user’s access to particular features in your macOS app. Use authorization services in:

  • Software that restricts access to its own tools

  • Applications that call system tools

  • Software installers that install privileged tools or require access to restricted areas of the operating system

As shown in Figure 1, the Security Server is a daemon running in the operating system that provides a trusted implementation of various security protocols, including authorization computation. In turn, the Security Server relies on the Security Agent to interface with users when authentication is needed. Thus an app can verify credentials (usernames and passwords) without ever accessing them directly. This authorization process also allows the means of authentication to change in the future (such as adding Touch ID) without your having to modify your app.

Figure 1

Authorization services provide an interface to the Security Server

Diagram showing your app sitting above the Security framework, which in turn sits above the Security Server and the Security Agent.


Authorization References

func AuthorizationFree(AuthorizationRef, AuthorizationFlags) -> OSStatus

Frees the memory associated with an authorization reference.

struct AuthorizationFlags

The flags used to specify authorization options.

typealias AuthorizationRef

A pointer to an opaque authorization reference structure.

Authorization Items

Use authorization items (alone or in sets) to represent rights and environment information.

struct AuthorizationItem

A structure containing information about an authorization right or the authorization environment.

struct AuthorizationItemSet

A structure containing a set of authorization items.

typealias AuthorizationRights

An authorization item set designated to represent a set of rights.

typealias AuthorizationEnvironment

An authorization item set designated to hold environment information relevant to authorization decisions.

Authorization Name Tags

Use name tags to define authorization security items.

func AuthorizationFreeItemSet(UnsafeMutablePointer<AuthorizationItemSet>) -> OSStatus

Frees the memory associated with a set of authorization items.

Rights and Credentials

Import and Export

struct AuthorizationExternalForm

The external representation of an authorization reference.

let kAuthorizationExternalFormLength: Int

The number of bytes in an external form structure's array.

The Policy Database

Result Codes

Authorization Services Result Codes

Recognize result codes specific to the authorization services API.

See Also

Authorization and Authentication

Password AutoFill

Streamline your app’s login and onboarding procedures.

Shared Web Credentials

Share credentials between iOS apps and their website counterparts.

Authorization Plug-ins

Extend the authorization services API by creating plug-ins that can participate in authorization decisions.


Manage login, authorization, and security sessions in macOS.