Skip to main content

Crate localauthentication

Crate localauthentication 

Source
Expand description

§localauthentication-rs

Safe Rust bindings for Apple’s LocalAuthentication framework on macOS.

Status: v0.2.1 expands coverage across LAContext, LAPolicy, LAError, LACredential, LAAuthenticationRequirement, LARight, LARightStore, LAPersistedRight, LAPublicKey, LAPrivateKey, LASecret, and the macOS 15 LAEnvironment observer/state surface.

§Platform notes

  • The Rust crate is macOS-focused and links the system LocalAuthentication.framework.
  • The Swift bridge now targets macOS 13+.
  • LAContext::domain_state() plus the LAEnvironment::{current_user, state, add_observer} surface are macOS 15+ APIs.
  • Persisted-right and key APIs can require signing or entitlements; the examples and tests treat OSStatus -34018 as an expected environment limitation.
  • LAPrivateKey::exchange_keys_with_public_key uses SecKeyExchangeParameters for the requested derived-key length and optional shared-info KDF context.

§Quick start

use localauthentication::prelude::*;

fn main() -> Result<(), Box<dyn std::error::Error>> {
    let context = LAContext::new()?;
    context.set_interaction_not_allowed(true)?;
    context.set_localized_reason("inspect local authentication state")?;

    match context.can_evaluate_policy(LAPolicy::DeviceOwnerAuthenticationWithBiometrics) {
        Ok(true) => {
            println!("biometry: {:?}", context.biometry_type()?);
            println!("reason: {}", context.localized_reason()?);
        }
        Ok(false) => println!("policy unavailable without a framework error"),
        Err(error) => println!("policy unavailable: {error}"),
    }

    Ok(())
}

§Highlights

  • LAContext lifecycle, policy preflight/evaluation, credential injection, domain-state snapshots, and raw access-control evaluation
  • LAPolicy, LAError, LA_ERROR_DOMAIN, BiometryType, and LACompanionType
  • LAAuthenticationRequirement and LABiometryFallbackRequirement builders for rights
  • LARight and LARightStore for in-memory and persisted authorization flows
  • LAPersistedRight, LASecret, LAPrivateKey, LAPublicKey, SecKeyAlgorithm, and SecKeyExchangeParameters helpers for persisted secrets and asymmetric-key operations
  • LAEnvironment, LAEnvironmentObserver, LAEnvironmentState, and the environment mechanism subclasses for macOS 15 environment snapshots and change notifications
  • Backward-compatible aliases for the v0.1.x surface (Policy, LocalAuthenticationError, context, and error)

§Examples

The crate ships numbered examples for every logical area:

  • 01_smokeLAContext, policies, credentials, and domain state
  • 02_policy_catalog — policy availability across biometric and companion modes
  • 03_error_codesLAError and domain/code mapping
  • 04_credentialsLACredential helpers
  • 05_authentication_requirements — requirement builders and LARight construction
  • 06_rights — right state/tag/preflight/deauthorize flow
  • 07_right_store — shared LARightStore persistence entry points
  • 08_persisted_rightLAPersistedRight, LASecret, and LAPrivateKey
  • 09_public_keyLAPublicKey export plus LAPrivateKey verify/encrypt/key-exchange capability checks
  • 10_environmentLAEnvironment, observer registration, and mechanism snapshots

Run the full verification matrix with:

cargo clippy --all-targets -- -D warnings
cargo test
for ex in examples/*.rs; do cargo run --example "$(basename "$ex" .rs)"; done

For the header-by-header audit, see COVERAGE.md.

§License

Licensed under either of Apache-2.0 or MIT at your option.

§API documentation

Safe Rust bindings for Apple’s LocalAuthentication.framework on macOS.

Re-exports§

pub use la_authentication_requirement::LAAuthenticationRequirement;
pub use la_authentication_requirement::LABiometryFallbackRequirement;
pub use la_context::BiometryType;
pub use la_context::LAAccessControlOperation;
pub use la_context::LACompanionType;
pub use la_context::LAContext;
pub use la_context::LADomainState;
pub use la_context::LADomainStateBiometry;
pub use la_context::LADomainStateCompanion;
pub use la_credential::LACredential;
pub use la_credential::LACredentialType;
pub use la_environment::LAEnvironment;
pub use la_environment::LAEnvironmentMechanism;
pub use la_environment::LAEnvironmentMechanismBiometry;
pub use la_environment::LAEnvironmentMechanismCompanion;
pub use la_environment::LAEnvironmentMechanismUserPassword;
pub use la_environment::LAEnvironmentObserver;
pub use la_environment::LAEnvironmentObserverRegistration;
pub use la_environment::LAEnvironmentState;
pub use la_error::LAError;
pub use la_error::LocalAuthenticationError;
pub use la_error::Result;
pub use la_error::LA_ERROR_DOMAIN;
pub use la_persisted_right::LAPersistedRight;
pub use la_persisted_right::LAPrivateKey;
pub use la_persisted_right::LASecret;
pub use la_policy::LAPolicy;
pub use la_policy::Policy;
pub use la_public_key::LAPublicKey;
pub use la_public_key::SecKeyAlgorithm;
pub use la_public_key::SecKeyExchangeParameters;
pub use la_right::LARight;
pub use la_right::LARightState;
pub use la_right_store::LARightStore;

Modules§

context
Backward-compatible re-exports for the original context module.
error
Backward-compatible re-exports for the original error module.
ffi
Raw FFI declarations matching the Swift la_* bridge exports.
la_authentication_requirement
LAAuthenticationRequirement and LABiometryFallbackRequirement wrappers.
la_context
LAContext and related LocalAuthentication value types.
la_credential
Application-provided credential helpers for LAContext.
la_environment
LAEnvironment observer, state, and mechanism wrappers.
la_error
Errors produced by the LocalAuthentication bridge.
la_persisted_right
LAPersistedRight, LAPrivateKey, and LASecret wrappers.
la_policy
LAPolicy values supported by LAContext.
la_public_key
LAPublicKey wrappers.
la_right
LARight wrappers.
la_right_store
LARightStore wrappers.
prelude
Common imports for users of this crate.