TechnologiesSecurity, Privacy & Authentication

AuthenticationServices

iOSmacOStvOSwatchOSvisionOS

AuthenticationServices implements Sign in with Apple, passkeys and WebAuthn, password autofill, and credential authorization flows across iOS, macOS, tvOS, watchOS, and visionOS. You present an ASAuthorizationController to drive a request such as ASAuthorizationAppleIDRequest, ASAuthorizationPasswordRequest, or the platform public-key credential requests for registering and asserting passkeys, and receive the result as an ASAuthorizationCredential like ASAuthorizationAppleIDCredential. The ASAuthorizationAppleIDButton class provides the standard Sign in with Apple control, while ASAuthorizationAppleIDProvider and ASAuthorizationPasswordProvider create the corresponding requests. For enterprise single sign-on, the ASAuthorizationProviderExtension types let you build an authorization provider extension with its own login configuration, signing and encryption algorithms, and Kerberos mapping.

Authorization Flow 7

The controller and base request, credential, and provider types that drive a credential authorization.

  • Cl
    ASAuthorizationControllermacOS 10.15+
    An object that presents and manages the authorization requests an app makes.
  • Cl
    ASAuthorizationmacOS 10.15+
    An object that encapsulates a completed authorization, pairing the provider with the resulting credential.
  • Cl
    ASAuthorizationRequestmacOS 10.15+
    An abstract base class for the authorization requests presented by a controller.
  • Pr
    ASAuthorizationCredentialmacOS 10.15+
    A protocol adopted by the credential types returned from an authorization.
  • Pr
    ASAuthorizationProvidermacOS 10.15+
    A protocol adopted by objects that create authorization requests.
  • En
    ASAuthorizationResultiOS 16.4+
    The result of a successful authorization request.
  • St
    ASAuthorizationErrormacOS 10.15+
    An error type describing failures that occur during an authorization.

Sign in with Apple 7

The button, provider, request, and credential types for authenticating users with their Apple Account.

  • Cl
    ASAuthorizationAppleIDButtonmacOS 10.15+
    A control that lets the user initiate the Sign in with Apple flow in your interface.
  • Cl
    ASAuthorizationAppleIDProvidermacOS 10.15+
    A provider that creates requests to authenticate users with their Apple Account.
  • Cl
    ASAuthorizationAppleIDRequestmacOS 10.15+
    A request to authenticate a user with their Apple Account, optionally requesting their name and email.
  • Cl
    ASAuthorizationOpenIDRequestmacOS 10.15+
    A base request type for OpenID-style authorizations such as Sign in with Apple.
  • Cl
    ASAuthorizationAppleIDCredentialmacOS 10.15+
    A credential that contains the user identifier, name, email, and identity token from Sign in with Apple.
  • En
    ASUserDetectionStatus
    @enum ASUserDetectionStatus
  • En
    ASUserAgeRangemacOS 14.0+
    @enum ASUserAgeRange

Passwords 3

Provider, request, and credential types for retrieving and storing saved passwords.

  • Cl
    ASAuthorizationPasswordProvidermacOS 10.15+
    A provider that creates requests to retrieve stored passwords for the user.
  • Cl
    ASAuthorizationPasswordRequestmacOS 10.15+
    A request to authenticate a user with a saved password from the keychain.
  • Cl
    ASPasswordCredentialmacOS 10.15+
    A credential that contains a user name and password.

Platform Passkeys 6

Types for registering and asserting platform-bound public-key credentials backed by the device.

  • Cl
    ASAuthorizationPlatformPublicKeyCredentialProvidermacOS 12.0+
    A provider that creates requests to register and assert platform-bound passkeys.
  • Cl
    ASAuthorizationPlatformPublicKeyCredentialRegistrationRequestmacOS 12.0+
    A request to register a new platform passkey for the user.
  • Cl
    ASAuthorizationPlatformPublicKeyCredentialRegistrationmacOS 12.0+
    A credential returned when a new platform passkey is registered.
  • Cl
    ASAuthorizationPlatformPublicKeyCredentialAssertionRequestmacOS 12.0+
    A request to assert a platform passkey to sign a user in.
  • Cl
    ASAuthorizationPlatformPublicKeyCredentialAssertionmacOS 12.0+
    A credential containing the signed assertion produced by a platform passkey during sign-in.
  • Cl
    ASAuthorizationPlatformPublicKeyCredentialDescriptormacOS 12.0+
    A descriptor that identifies a specific platform passkey by its credential ID.

Security Key Credentials 6

Types for registering and asserting public-key credentials backed by a hardware security key.

  • Cl
    ASAuthorizationSecurityKeyPublicKeyCredentialProvidermacOS 12.0+
    A provider that creates requests to register and assert security-key credentials.
  • Cl
    ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationRequestmacOS 12.0+
    A request to register a new credential on a hardware security key.
  • Cl
    ASAuthorizationSecurityKeyPublicKeyCredentialRegistrationmacOS 12.0+
    A credential returned when a new security-key credential is registered.
  • Cl
    ASAuthorizationSecurityKeyPublicKeyCredentialAssertionRequestmacOS 12.0+
    A request to assert a credential stored on a hardware security key.
  • Cl
    ASAuthorizationSecurityKeyPublicKeyCredentialAssertionmacOS 12.0+
    A credential containing the signed assertion produced by a hardware security key.
  • Cl
    ASAuthorizationSecurityKeyPublicKeyCredentialDescriptormacOS 12.0+
    @abstract An object to describe a credential on a security key.

Public-Key Credential Protocols 6

Protocols defining the shared shape of WebAuthn public-key registration, assertion, and descriptor types.

  • Pr
    ASPublicKeyCredentialmacOS 12.0+
    @abstract The base protocol for all PublicKeyCredential credential types.
  • Pr
    ASAuthorizationPublicKeyCredentialRegistrationmacOS 12.0+
    A protocol adopted by credentials returned from a public-key registration.
  • Pr
    ASAuthorizationPublicKeyCredentialRegistrationRequestmacOS 12.0+
    A protocol adopted by requests that register a new public-key credential.
  • Pr
    ASAuthorizationPublicKeyCredentialAssertionmacOS 12.0+
    A protocol adopted by credentials that carry a public-key assertion signature.
  • Pr
    ASAuthorizationPublicKeyCredentialAssertionRequestmacOS 12.0+
    A protocol adopted by requests that assert a public-key credential.
  • Pr
    ASAuthorizationPublicKeyCredentialDescriptormacOS 12.0+
    A protocol adopted by descriptors that identify a public-key credential.

Credential Parameters & Options 9

Algorithm identifiers and preference constants that configure how public-key credentials are created and verified.

  • Cl
    ASAuthorizationPublicKeyCredentialParametersmacOS 12.0+
    A parameter that specifies a public-key algorithm acceptable for a credential.
  • St
    ASCOSEAlgorithmIdentifiermacOS 12.0+
    Constants identifying the COSE algorithms used to sign public-key credentials.
  • St
    ASCOSEEllipticCurveIdentifiermacOS 12.0+
    Constants identifying the COSE elliptic curves used for public-key credentials.
  • St
    ASAuthorizationPublicKeyCredentialUserVerificationPreferencemacOS 12.0+
    @abstract A string indicating a preference for whether the authenticator should attempt to verify the user, such as through a PIN or biometrics.
  • St
    ASAuthorizationPublicKeyCredentialAttestationKindmacOS 12.0+
    @abstract A string indicating the type of attestation the authenticator should attempt to perform.
  • St
    ASAuthorizationPublicKeyCredentialResidentKeyPreferencemacOS 12.0+
    @abstract A string used to indicate a preference for whether the authenticator should itself store the private key for a credential.
  • En
    ASAuthorizationPublicKeyCredentialAttachmentmacOS 13.5+
    Constants that specify whether a credential is platform-bound or roaming.
  • St
    ASPublicKeyCredentialClientData
    A value containing the WebAuthn client data signed during a credential operation.
  • En
    ASPublicKeyCredentialClientDataCrossOriginValuemacOS 13.5+
    Constants indicating whether a credential operation was performed cross-origin.

WebAuthn Extensions 8

Input and output value types for the large-blob and PRF WebAuthn credential extensions.

  • St
    ASAuthorizationPublicKeyCredentialLargeBlobRegistrationInput
    Input that requests large-blob support during credential registration.
  • St
    ASAuthorizationPublicKeyCredentialLargeBlobRegistrationOutput
    Output reporting whether large-blob support was granted during registration.
  • St
    ASAuthorizationPublicKeyCredentialLargeBlobAssertionInput
    Input that requests reading or writing the large-blob extension during an assertion.
  • St
    ASAuthorizationPublicKeyCredentialLargeBlobAssertionOutput
    Output reporting the result of the large-blob extension during an assertion.
  • St
    ASAuthorizationPublicKeyCredentialPRFRegistrationInput
    Input that requests the PRF extension during credential registration.
  • St
    ASAuthorizationPublicKeyCredentialPRFRegistrationOutput
    Output reporting whether the PRF extension is supported after registration.
  • St
    ASAuthorizationPublicKeyCredentialPRFAssertionInput
    This type represents the inputs for the WebAuthentication PRF extension, when used during assertion requests.
  • St
    ASAuthorizationPublicKeyCredentialPRFAssertionOutput
    The outputs of the WebAuthentication PRF extension, when requested during an assertion. This object represents one or two SymmetricKeys which are available anywhere the passkey can be used.

Web Authentication Session 6

Session types for performing browser-based OAuth-style authentication flows.

  • Cl
    ASWebAuthenticationSessionmacOS 10.15+
    @class ASWebAuthenticationSession
  • Cl
    ASWebAuthenticationSessionRequestmacOS 10.15+
    A request that a web browser session manager fulfills on behalf of an app.
  • Pr
    ASWebAuthenticationSessionRequestDelegatemacOS 10.15+
    A protocol that receives lifecycle callbacks for a web authentication session request.
  • Cl
    ASWebAuthenticationSessionWebBrowserSessionManagermacOS 10.15+
    The manager that routes web authentication session requests to the default browser.
  • Pr
    ASWebAuthenticationSessionWebBrowserSessionHandlingmacOS 10.15+
    A protocol a browser implements to handle web authentication session requests.
  • St
    ASWebAuthenticationSessionErrormacOS 10.15+
    An error type describing failures during a web authentication session.

Credential Provider Extensions 11

Types for building an AutoFill credential provider extension that supplies passwords, passkeys, and codes.

  • Cl
    ASCredentialProviderViewControllermacOS 11.0+
    The principal view controller for a credential provider AutoFill extension.
  • Cl
    ASCredentialProviderExtensionContextmacOS 11.0+
    The context through which a credential provider extension completes or cancels a request.
  • Cl
    ASCredentialServiceIdentifiermacOS 11.0+
    An identifier, such as a domain or URL, that scopes a credential to a service.
  • Cl
    ASCredentialIdentityStoremacOS 11.0+
    The store that holds the credential identities your provider extension makes available for AutoFill.
  • Cl
    ASCredentialIdentityStoreStatemacOS 11.0+
    An object that describes whether the credential identity store is enabled and accepting updates.
  • Pr
    ASCredentialIdentitymacOS 14.0+
    @protocol ASCredentialIdentity
  • Pr
    ASCredentialRequestmacOS 14.0+
    @protocol ASCredentialRequest
  • En
    ASCredentialRequestTypemacOS 14.0+
    @enum ASCredentialRequestType
  • St
    ASCredentialIdentityStoreErrormacOS 11.0+
    An error type describing failures when updating the credential identity store.
  • St
    ASExtensionErrormacOS 11.0+
    An error type describing failures within a credential provider extension.
  • St
    ASAutoFillURLScope
    This structure represents the subset of URL components supported for the AutoFill of credentials.

Passkey Provider Credentials 10

Request, credential, and identity types a provider extension uses to register and assert passkeys.

  • Cl
    ASPasskeyCredentialRequestmacOS 14.0+
    @class This class encapsulates a passkey assertion request made to a credential provider extension.
  • Cl
    ASPasskeyCredentialRequestParametersmacOS 14.0+
    A class that holds various parameters related to a passkey credential request.
  • Cl
    ASPasskeyCredentialIdentitymacOS 14.0+
    @class ASPasskeyCredentialIdentity
  • Cl
    ASPasskeyRegistrationCredentialmacOS 14.0+
    @class This class encapsulates a passkey registration response created by a credential provider extension.
  • Cl
    ASPasskeyAssertionCredentialmacOS 14.0+
    @class This class encapsulates a passkey assertion response created by a credential provider extension.
  • En
    ASPasskeyCredentialExtensionInput
    An enumeration of the WebAuthn extension inputs supplied for a passkey operation.
  • St
    ASPasskeyRegistrationCredentialExtensionInput
    Input describing the WebAuthn extensions requested during a passkey registration.
  • St
    ASPasskeyRegistrationCredentialExtensionOutput
    Output reporting the WebAuthn extension results of a passkey registration.
  • St
    ASPasskeyAssertionCredentialExtensionInput
    Input describing the WebAuthn extensions requested during a passkey assertion.
  • St
    ASPasskeyAssertionCredentialExtensionOutput
    Output reporting the WebAuthn extension results of a passkey assertion.

Password & One-Time-Code Provider Credentials 7

Request, credential, and identity types a provider extension uses for saved passwords and one-time codes.

  • Cl
    ASPasswordCredentialRequestmacOS 14.0+
    @class This class encapsulates a password request made to a credential provider extension.
  • Cl
    ASPasswordCredentialIdentitymacOS 11.0+
    @class ASPasswordCredentialIdentity
  • Cl
    ASOneTimeCodeCredentialmacOS 15.0+
    A credential that supplies a one-time verification code to an app.
  • Cl
    ASOneTimeCodeCredentialRequestmacOS 15.0+
    A request asking a provider extension to supply a one-time code.
  • Cl
    ASOneTimeCodeCredentialIdentitymacOS 15.0+
    @class ASOneTimeCodeCredentialIdentity
  • Cl
    ASDeliveredVerificationCodesManager
    This class allows interacting with one-time codes delivered to the system.
  • St
    ASVerificationCode
    This is an instance of a verification code.

Single Sign-On & Provider Extensions 19

Types for building enterprise single sign-on and authorization provider extensions.

  • Cl
    ASAuthorizationSingleSignOnProvidermacOS 10.15+
    A provider that creates requests to perform single sign-on through an extension.
  • Cl
    ASAuthorizationSingleSignOnRequestmacOS 10.15+
    A request to perform an enterprise single sign-on authorization.
  • Cl
    ASAuthorizationSingleSignOnCredentialmacOS 10.15+
    A credential returned by a single sign-on authorization, including tokens and HTTP response data.
  • Cl
    ASAuthorizationProviderExtensionAuthorizationRequestmacOS 10.15+
    A request passed to an authorization provider extension to perform a single sign-on operation.
  • Cl
    ASAuthorizationProviderExtensionAuthorizationResultmacOS 12.0+
    The result an authorization provider extension returns after completing a request.
  • Cl
    ASAuthorizationProviderExtensionLoginManagermacOS 13.0+
    An object that manages device and user registration for an authorization provider extension.
  • Cl
    ASAuthorizationProviderExtensionLoginConfigurationmacOS 13.0+
    The configuration that defines how an authorization provider extension performs login.
  • Cl
    ASAuthorizationProviderExtensionUserLoginConfigurationmacOS 14.0+
    The per-user login configuration applied within an authorization provider extension.
  • Cl
    ASAuthorizationProviderExtensionKerberosMappingmacOS 13.0+
    A configuration that maps authorization claims to Kerberos ticket fields.
  • Pr
    ASAuthorizationProviderExtensionRegistrationHandlermacOS 13.0+
    A protocol an authorization provider extension implements to handle device and user registration.
  • St
    ASAuthorizationProviderAuthorizationOperationmacOS 10.15+
    Constants identifying the operation an authorization provider extension is asked to perform.
  • St
    ASAuthorizationProviderExtensionEncryptionAlgorithmmacOS 15.0+
    Constants identifying the encryption algorithms an authorization provider extension supports.
  • St
    ASAuthorizationProviderExtensionSigningAlgorithmmacOS 15.0+
    Constants identifying the signing algorithms an authorization provider extension supports.
  • St
    ASAuthorizationProviderExtensionRequestOptionsmacOS 13.0+
    Options that configure how an authorization provider extension handles a request.
  • St
    ASAuthorizationProviderExtensionSupportedGrantTypesmacOS 14.0+
    Options describing the OAuth grant types an authorization provider extension supports.
  • En
    ASAuthorizationProviderExtensionKeyTypemacOS 13.0+
    Constants identifying the key types an authorization provider extension manages.
  • En
    ASAuthorizationProviderExtensionAuthenticationMethodmacOS 13.0+
    Constants identifying the authentication methods an authorization provider extension supports.
  • En
    ASAuthorizationProviderExtensionRegistrationResultmacOS 13.0+
    Constants describing the outcome of an authorization provider extension registration.
  • En
    ASAuthorizationProviderExtensionPlatformSSOProtocolVersionmacOS 14.0+
    Constants identifying the Platform SSO protocol version an extension uses.

Web Browser Credential Support 9

Types that let a web browser drive platform and security-key public-key credential flows on the user's behalf.

  • Cl
    ASAuthorizationWebBrowserPublicKeyCredentialManagermacOS 13.3+
    An object that lets a browser app enumerate and manage the user's platform passkeys.
  • St
    ASAuthorizationWebBrowserPlatformPublicKeyCredential
    A value describing a platform passkey that a browser can present to the user.
  • Pr
    ASAuthorizationWebBrowserPlatformPublicKeyCredentialProvider
    A protocol adopted by providers that create browser-driven platform passkey requests.
  • Pr
    ASAuthorizationWebBrowserSecurityKeyPublicKeyCredentialProvider
    A protocol adopted by providers that create browser-driven security-key requests.
  • Pr
    ASAuthorizationWebBrowserExternallyAuthenticatableRequestmacOS 13.3+
    A protocol for requests a browser can authenticate using an externally provided assertion.
  • Pr
    ASAuthorizationWebBrowserPlatformPublicKeyCredentialAssertionRequestmacOS 13.5+
    A protocol for browser-driven platform passkey assertion requests.
  • Pr
    ASAuthorizationWebBrowserPlatformPublicKeyCredentialRegistrationRequestmacOS 13.5+
    A protocol for browser-driven platform passkey registration requests.
  • Pr
    ASAuthorizationWebBrowserSecurityKeyPublicKeyCredentialAssertionRequestmacOS 14.4+
    A protocol for browser-driven security-key assertion requests.
  • Pr
    ASAuthorizationWebBrowserSecurityKeyPublicKeyCredentialRegistrationRequestmacOS 14.4+
    A protocol for browser-driven security-key registration requests.

Credential Import & Export 14

Types for exchanging credentials between password managers through the standard import and export format.

  • Cl
    ASCredentialExportManager
    An object that exports the user's credentials in the standard interchange format.
  • Cl
    ASCredentialImportManager
    An object that imports credentials from another password manager.
  • St
    ASExportedCredentialData
    A wrapper object for multiple ASImportableAccount objects
  • St
    ASImportableItem
    A representation of Item as defined in the [Credential Exchange Format (CXF) specs](https://fidoalliance.org/specs/cx/cxf-v1.0-rd-20250313.html)
  • St
    ASImportableLinkedItem
    A representation of LinkedItem as defined in the [Credential Exchange Format (CXF) specs](https://fidoalliance.org/specs/cx/cxf-v1.0-rd-20250313.html)
  • St
    ASImportableAccount
    A representation of Account as defined in the [Credential Exchange Format (CXF) specs](https://fidoalliance.org/specs/cx/cxf-v1.0-rd-20250313.html)
  • St
    ASImportableCollection
    A representation of Collection as defined in the [Credential Exchange Format (CXF) specs](https://fidoalliance.org/specs/cx/cxf-v1.0-rd-20250313.html)
  • En
    ASImportableCredential
    A representation of Credential as defined in the [Credential Exchange Format (CXF) specs](https://fidoalliance.org/specs/cx/cxf-v1.0-rd-20250313.html)
  • St
    ASImportableCredentialScope
    The scope for where a credential should be usable.
  • St
    ASImportableEditableField
    A representation of EditableField as defined in the [Credential Exchange Format (CXF) specs](https://fidoalliance.org/specs/cx/cxf-v1.0-rd-20250313.html)
  • En
    ASImportableExtension
    A representation of CXF extensions.
  • St
    ASImportableFIDO2Extensions
    A representation of FIDO2 extensions as defined in CXF.
  • St
    ASImportableFIDO2HMACCredential
    A representation of FIDO2 HMAC Credentials as defined in CXF.
  • St
    ASImportableFIDO2LargeBlob
    A representation of FIDO2 LargeBlob extensions as defined in CXF.

Credential Identifiers & Management 7

Identifier value types and managers for keeping stored credentials current.

  • Cl
    ASCredentialDataManager
    This class allows submitting credentials and events to any credential manager enabled on the system.
  • Cl
    ASCredentialUpdater
    This class allows passing update events to credential managers enabled on the system. When a user makes a change to how they sign in to an account, such as removing a credential or renaming the accoun
  • St
    ASEmailIdentifier
    A value that identifies a credential by an email address.
  • St
    ASPhoneNumberIdentifier
    A value that identifies a credential by a phone number.
  • En
    ASContactIdentifier
    A value that identifies a credential by a contact such as an email or phone number.
  • En
    ASContactIdentifierRequest
    A request describing the contact identifier a provider extension should match.
  • Cl
    ASSettingsHelpermacOS 14.0+
    A helper class to provide static utility methods for quick access to settings related to credential providers.

Classes 3

  • Cl
    ASAuthorizationAccountCreationPlatformPublicKeyCredential
  • Cl
    ASAuthorizationAccountCreationPlatformPublicKeyCredentialRequest
  • Cl
    ASAuthorizationAccountCreationProvider

Structures 5

  • St
    AuthorizationControlleriOS 16.4+
    A value provided in the SwiftUI environment that views can use
  • St
    CredentialDataManager
  • St
    DeliveredVerificationCodesManager
  • St
    SignInWithAppleButtoniOS 14.0+
    A control you add to your interface that enables users to initiate
  • St
    WebAuthenticationSessioniOS 16.4+
    A value provided in the SwiftUI environment that views can use to

Protocols 4

  • Pr
    ASAuthorizationControllerDelegatemacOS 10.15+
  • Pr
    ASAuthorizationControllerPresentationContextProvidingmacOS 10.15+
  • Pr
    ASAuthorizationProviderExtensionAuthorizationRequestHandlermacOS 10.15+
  • Pr
    ASWebAuthenticationPresentationContextProvidingmacOS 10.15+
    @abstract Provides context to target where in an application's UI the authorization view should be shown.

Type Aliases 1

  • Ty
    ASPresentationAnchor

Extends 2

EnvironmentValuesView
← Security, Privacy & Authentication