Summary
Apple 2FA SMS codes are consistently rejected as "Invalid code" when authenticating via EAS CLI, even though the same code works immediately on Apple's website. This makes it impossible to authenticate with Apple through EAS CLI for credential management.
Environment
- eas-cli: 18.5.0 and 18.7.0
- macOS: Darwin 25.4.0 (arm64)
- Node: v22.19.0
Steps to reproduce
- Run
eas build --platform ios --profile production or eas credentials --platform ios
- Select "Yes" to log in to Apple account
- Enter Apple ID credentials (password accepted from Keychain)
- Receive SMS 2FA code
- Enter the code immediately upon receipt
- Code is rejected as "Invalid code"
- Same code entered again — rejected again
- Go to appleid.apple.com in browser, sign in with same credentials — same SMS code works fine
Workaround
Using App Store Connect API Key via environment variables (EXPO_ASC_API_KEY_PATH, EXPO_ASC_KEY_ID, EXPO_ASC_ISSUER_ID) bypasses 2FA entirely and works for non-interactive builds.
Related issues
This appears to be the same underlying issue reported multiple times. The SMS 2FA flow in EAS CLI seems fundamentally broken for some accounts.
Summary
Apple 2FA SMS codes are consistently rejected as "Invalid code" when authenticating via EAS CLI, even though the same code works immediately on Apple's website. This makes it impossible to authenticate with Apple through EAS CLI for credential management.
Environment
Steps to reproduce
eas build --platform ios --profile productionoreas credentials --platform iosWorkaround
Using App Store Connect API Key via environment variables (
EXPO_ASC_API_KEY_PATH,EXPO_ASC_KEY_ID,EXPO_ASC_ISSUER_ID) bypasses 2FA entirely and works for non-interactive builds.Related issues
This appears to be the same underlying issue reported multiple times. The SMS 2FA flow in EAS CLI seems fundamentally broken for some accounts.