PyObjC LocalAuthentication Framework

12.1 · active · verified Tue Apr 14

Wrappers for the framework LocalAuthentication on macOS. This library is part of the larger PyObjC project, a bridge between Python and Objective-C. It allows Python applications to leverage macOS's biometric authentication (Face ID, Touch ID) and passcode features for secure user authentication. Currently at version 12.1, it maintains an active release cadence, typically aligning with macOS SDK updates and Python version support.

Warnings

breaking PyObjC frequently drops support for older Python versions. PyObjC 12.0 dropped support for Python 3.9, and PyObjC 11.0 dropped Python 3.8.
Fix: Ensure your Python environment is compatible with the PyObjC version you are installing. For `pyobjc-framework-localauthentication` 12.x, Python 3.10 or later is required. Always check `requires_python` on PyPI or the PyObjC changelog for specific version requirements.
breaking PyObjC 11.1 changed how Objective-C 'init' family methods are modeled, now correctly reflecting that they 'steal' a reference to `self` and return a new one, as per clang's Automatic Reference Counting (ARC) documentation.
Fix: Review code that interacts with object initialization, especially custom subclasses or factory methods, to ensure correct reference handling. While explicit memory management is rarely needed in Python, understanding the underlying Objective-C semantics is crucial for correct behavior.
gotcha Unlike Objective-C, where sending a message to `nil` (equivalent to Python `None`) is a no-op, attempting to call a method on a Python `None` object (which PyObjC translates from `nil`) will raise an `AttributeError`.
Fix: Always check for `None` before calling methods on PyObjC-wrapped objects that might originate from Objective-C `nil` values. E.g., `if my_obj is not None: my_obj.doSomething_()`.
gotcha PyObjC is a macOS-specific library and will not install or run on other operating systems. The frameworks it wraps (like LocalAuthentication) are Apple-proprietary.
Fix: Only use `pyobjc-framework-localauthentication` in macOS environments. For cross-platform authentication, consider alternative libraries.
gotcha PyObjC 10.3 introduced breaking changes around the interaction of `__init__` and `__new__` for Python subclasses of Objective-C objects. While 10.3.1 partially re-introduced `__init__` support when a user implements `__new__`, code relying on PyObjC's provided `__new__` still cannot use `__init__`. This can lead to `__init__` not being called or unexpected behavior.
Fix: When subclassing Objective-C classes in Python and overriding `__new__`, be extremely cautious with `__init__`. It's generally safer to perform all initialization logic within `__new__` or the appropriate Objective-C `init` equivalent. Refer to PyObjC documentation on subclassing for the most up-to-date guidance.

Install

pip install pyobjc-framework-localauthentication Install stable version

Imports

LAContext
```
from LocalAuthentication import LAContext
```
The primary class for evaluating authentication policies.
LAPolicy
```
from LocalAuthentication import LAPolicy
```
Constants defining authentication policies (e.g., deviceOwnerAuthentication).
LAError
```
from LocalAuthentication import LAError
```
Error codes for local authentication failures.

Quickstart

This quickstart demonstrates how to use `LAContext` to evaluate an authentication policy, typically for biometric authentication (Face ID/Touch ID) or device passcode. It first checks if the policy can be evaluated and then calls `evaluatePolicy_localizedReason_reply_` with a callback function to handle the authentication result. Remember that `pyobjc-framework-localauthentication` is a macOS-only library and requires user interaction via a system prompt.

import objc
from LocalAuthentication import LAContext, LAPolicy

def authenticate_user(reason="Authenticate to access sensitive data."):
    context = LAContext.alloc().init()
    error = objc.nil
    can_evaluate = context.canEvaluatePolicy_error_(LAPolicy.deviceOwnerAuthenticationWithBiometrics, objc.byref(error))

    if not can_evaluate:
        if error is not objc.nil:
            print(f"Biometric authentication not available: {error.localizedDescription()}")
        else:
            print("Biometric authentication not available.")
        # Fallback to device passcode if biometrics not available
        can_evaluate = context.canEvaluatePolicy_error_(LAPolicy.deviceOwnerAuthentication, objc.byref(error))
        if not can_evaluate:
            if error is not objc.nil:
                print(f"Device passcode authentication not available: {error.localizedDescription()}")
            else:
                print("Device passcode authentication not available.")
            return False

    def reply_handler(success, err):
        if success:
            print("Authentication successful!")
        elif err is not objc.nil:
            print(f"Authentication failed: {err.localizedDescription()}")
        else:
            print("Authentication failed (unknown error).")

    context.evaluatePolicy_localizedReason_reply_(LAPolicy.deviceOwnerAuthentication, reason, reply_handler)

# Example usage:
# Note: This will block the Python interpreter until authentication completes or fails.
# In a real GUI app, this would typically be run on a background thread or using a runloop.
authenticate_user()

# To run PyObjC event loop in a console application (optional, for persistent UI/callbacks):
# from PyObjCTools import AppHelper
# AppHelper.runEventLoop() # This should be called if you need to keep a UI or callbacks alive.

view raw JSON →