---
title: SetContextValue
framework: security
role: symbol
role_heading: Instance Property
path: security/authorizationcallbacks/setcontextvalue
---

# SetContextValue

Stores data collected during authorization as a key-value pair.

## Declaration

```occ
int (*)(struct __OpaqueAuthorizationEngine *, const char *, enum AuthorizationContextFlags, const struct AuthorizationValue *) SetContextValue;
```

## Parameters

- `inEngine`: An opaque handle that is passed to your plug-in when the authorization engine calls your doc://com.apple.security/documentation/Security/AuthorizationPluginInterface/MechanismCreate function.
- `inKey`: A key identifying the value you are storing. For standard values such as user names, use the keys listed in DirectoryService/DirServicesConst.h. If you need to define a new key, use reverse domain notation (such as com.apple.ifoo) and make sure the key is unique. For example, you can use your company name as a prefix for the key name.
- `inContextFlags`: A flag that indicates whether this value should be available to the authorization client.
- `inValue`: A pointer to an doc://com.apple.security/documentation/Security/AuthorizationValue structure that contains the size of the context data and a pointer to the data. Both the structure and the data are copied to the context maintained by the Security Server.

## Mentioned in

Extending authorization services with plug-ins

## Return Value

Return Value A result code. Possible results are errAuthorizationSuccess (no error) and errAuthorizationInternal (Security Server internal error).

## Discussion

Discussion Your plug-in authorization mechanism collects data such as the user name and other authentication information during evaluation of authorization. You can use this function to have the Security Server store this data and the GetContextValue function to retrieve it. When you store this context data, you flag it to indicate whether the authorization client can obtain the value with the AuthorizationCopyInfo(_:_:_:) function. If data is set to be extractable (kAuthorizationContextFlagExtractable), it is possible for the authorization client to use the AuthorizationCopyInfo(_:_:_:) function to obtain the value. If data is marked as volatile (kAuthorizationContextFlagVolatile), the value is not available to the client. In any case, sensitive data such as a user’s password is not provided to the client. The authorization engine sends you the entry point to the SetContextValue function in an AuthorizationCallbacks structure when you call the AuthorizationPluginCreate function. important: Do not call this function after you have called the SetResult function. If you do so, the function does not set the context data, even though the function returns the errAuthorizationSuccess result code.