Face ID and Touch ID allow iOS and macOS apps to implement seamless login and user authentication. This post presents an overview of Local Authentication, and examples of using Face ID and Touch ID to login with Swift:

  1. Local Authentication
    a. LAContext
    b. LAError
  2. Check Face ID Permission
    a. NSFaceIDUsageDescription
    b. LAContext.canEvaluatePolicy
    c. .deviceOwnerAuthentication
    d. .deviceOwnerAuthenticationWithBiometrics
  3. Login with Face ID Sample Code
  4. Login with Touch ID Sample Code

Local Authentication

The Local Authentication framework is available to iOS and macOS apps that want to use Face ID and Touch ID.

import LocalAuthentication

LAContext

An LAContext is the object that will be used to interact with both Face ID and Touch ID. The LAContext initializer does not require any parameters:

// Create an LAContext
var context = LAContext()

The biometryType enum on an LAContext provides information on what authentication mechanisms are available on the user’s device. There are three modern options:

  1. LABiometryType.none, meaning no biometric authentication is available
  2. LABiometryType.touchID, meaning the device supports Touch ID
  3. LABiometryType.faceID, meaning the device supports Face ID
// Get the supported biometry
var biometry = context.biometryType

LAError

LocalAuthentication implements a descriptive error LAError that can provide more information about any errors that may occur during authentication.

// If error is an instance of LAError
var code = LAError.Code(rawValue: error.code)

switch code {
case LAError.Code.appCancel:
    // The app canceled authentication by 
    // invalidating the LAContext
case LAError.Code.authenticationFailed:
    // The user did not provide
    // valid credentials
case LAError.Code.invalidContext:
    // The LAContext was invalid
case LAError.Code.notInteractive:
    // Interaction was not allowed so the 
    // authentication failed
case LAError.Code.passcodeNotSet:
    // The user has not set a passcode 
    // on this device
case LAError.Code.systemCancel:
    // The system canceled authentication, 
    // for example to show another app
case LAError.Code.userCancel:
    // The user canceled the 
    // authentication dialog
case LAError.Code.userFallback:
    // The user selected to use a fallback 
    // authentication method
case LAError.Code.biometryLockout:
    // Too many failed attempts locked 
    // biometric authentication
case LAError.Code.biometryNotAvailable:
    // The user's device does not support 
    // biometric authentication
case LAError.Code.biometryNotEnrolled:
    // The user has not configured 
    // biometric authentication
@unknown default:
    // An other error occurred
}

Check Face ID Permission

NSFaceIDUsageDescription

To support Face ID, a usage description must be added to the iOS or macOS app's Info.plist file. The key is NSFaceIDUsageDescription and the value should be a string explaining why the iOS or macOS app is asking to use biometric authentication.

Face ID Usage Description Key In Xcode

LAContext.canEvaluatePolicy

The canEvaluatePolicy(_:, error:) method on an LAContext can be used to determine if your iOS or macOS application has the permissions required to use biometric authentication:

var error: NSError?

// Check for biometric authentication 
// permissions
var permissions = context.canEvaluatePolicy(
    .deviceOwnerAuthentication,
    error: &error
)

if permissions {
    // Proceed to authentication
}
else {
    // Handle permission denied or error
}

.deviceOwnerAuthentication

Use .deviceOwnerAuthentication to authenticate the user using biometrics or the user's device passcode. LocalAuthentication will first attempt to authenticate the user using biometrics like Touch ID and Face ID if the biometrics are configured and enabled.

.deviceOwnerAuthenticationWithBiometrics

Use .deviceOwnerAuthenticationWithBiometrics to require a user to authenticate using biometrics (either Touch ID or Face ID, depending on what the user's device supports). Requiring biometrics means the authentication will fail if:

  1. The device doesn't support biometrics like Touch ID or Face ID
  2. The user has not configured biometrics on their device
  3. The user fails to provide a valid biometric

Login with Face ID Sample Code

Use evaluatePolicy(_:, localizedReason:, reply:) to show the Face ID authentication popup on a device that supports Face ID and where the user has configured Face ID:

let reason = "Log in with Face ID"
context.evaluatePolicy(
    // .deviceOwnerAuthentication allows 
    // biometric or passcode authentication
    .deviceOwnerAuthentication, 
    localizedReason: reason
) { success, error in
    if success {
        // Handle successful authentication
    } else {
        // Handle LAError error
    }
}

Login with Touch ID Sample Code

Use evaluatePolicy(_:, localizedReason:, reply:) to show the Touch ID authentication popup on a device that supports Touch ID and where the user has configured Touch ID:

let reason = "Log in with Touch ID"
context.evaluatePolicy(
    // .deviceOwnerAuthentication allows 
    // biometric or passcode authentication
    .deviceOwnerAuthentication, 
    localizedReason: reason
) { success, error in
    if success {
        // Handle successful authentication
    } else {
        // Handle LAError error
    }
}

Local Authentication Examples In Swift

That's it! By using the Local Authentication framework you can implement Face ID and Touch ID to authenticate users in Swift.