Apple enforcing 2FA for *all* accounts - CI servers #17655
Replies: 10 comments 45 replies
-
Use the https://docs.fastlane.tools/actions/upload_to_testflight/#use-an-application-specific-password-to-upload together with upload_to_testflight. Just be careful. The apple_id is not the username, it is the Apps Apple Id, like "1234567890". |
Beta Was this translation helpful? Give feedback.
-
As mentioned by @levibostian and @max-ott, it's not possible to use the app specific password to a lot of the functions available in Spaceship. We are managing 150+ developer accounts on our CI and we still use: And in Q1 of 2021 we will extend the use of Spaceship::Tunes::Application.in_app_purchases to also create non consumable. Most of our accounts don't have 2fa enabled yet and the few we have, I manually run spaceauth once in awhile. So there is still a lot of use cases where we rely on the username/password login. |
Beta Was this translation helpful? Give feedback.
-
Hey @levibostian 👋 Based on internal statistics with a small sample, only about ~50% of users got that email. I'm an admin in 2 teams and didn't receive the email in any of them 😅 I second @dinsen and, whenever you can use the API key, please do it. Note that the API key is very limited when compared to the old APIs, but new APIs are added regularly, so it's a process. One of the biggest limitations as of today is not supporting enterprise accounts, and key endpoints such as downloading dsyms. The next best option is creating a session and attributing it to the FWIW I'm personally avoiding adopting to 2FA until I can't delay it anymore, because it's a major hassle, and because I'm privileged to have an account without 2FA enabled. 😬 If that's an option for you, it makes things much easier. I agree docs should be updated, at the very least. I'm not sure there will be a better solution other than these, for the time being, since we're blocked by Apple releasing more APIs for us. I believe that if we can have them delay that deadline, that'd be better for us (since we can't make them release more APIs faster 🤓 ) these opinions are my own 😇 |
Beta Was this translation helpful? Give feedback.
-
Hi all, Since we are close to entering February, I am just wondering if there are any news/suggestions on what should be done in order to apply to the new changes e.g. a guide on what to do? |
Beta Was this translation helpful? Give feedback.
-
API keys cannot be linked to specific apps and the Account Holder (if you're not him) might be hesitant to provide you with one. |
Beta Was this translation helpful? Give feedback.
-
Apple send a reminder email yesterday:
Can we interpret that it only applies to the user management and not other parts? |
Beta Was this translation helpful? Give feedback.
-
I'm receiving 2FA email reminders on my developer (non 2FA) account that I use to build apps on a CLI environment. So from February this will be a problem. Most Fastlane tools support Apple's Connect API, see https://docs.fastlane.tools/app-store-connect-api, like uploading screenshots, meta data and building for review or testflight. This seems to be the way, but unfortunately I'm missing a possibility to register new app bundle id's (for unexisting apps). Fastlane 'produce' can do this, but doesn't support the Connect API. But the Connect API supports registration of new bundle id's and update bundle capabilities. See: https://developer.apple.com/documentation/appstoreconnectapi/register_a_new_bundle_id Any possibility that an existing (Produce) or new tool will cover this generation and updating of app bundle id's in Fastlane? |
Beta Was this translation helpful? Give feedback.
-
Hey guys, does API store connect support |
Beta Was this translation helpful? Give feedback.
-
We were able to implement a semi-automatic way using a Node.js script and custom SMS Gateway API. However, we are still running into issues because we are asked (by fastlane) to also specify an application specific password via the We understand the alternative (or solution) is to use the AppStore Connect API. Unfortunately, as per our research, this isn't an option since this API doesn't support enterprise accounts. Do you have different experiences or further information on how you handle this change in your company? |
Beta Was this translation helpful? Give feedback.
-
My assumption is that these new 2FA restrictions should become live today. However I was still able to upload an app using an account without 2FA. I had a prompt though, when logging in in browser, to enable 2FA, but I was able to skip it. Does it mean that restrictions were not fully launched yet? Or maybe old accounts without 2FA will continue to work? |
Beta Was this translation helpful? Give feedback.
-
Got an email from Apple.
Currently, fastlane recommends creating a new apple account without 2FA enabled to provide an easy way to integrate fastlane with your CI server.
With this new change, what is recommended? At a minimum, this probably requires a change to the docs to give a new recommendation for how to authenticate with CI servers. But it might require something else to make life easier for us using fastlane with a ci server?
What should we do to handle this new requirement?
Beta Was this translation helpful? Give feedback.
All reactions