fastlane: fastlane cert got Unauthorized Access error
New Issue Checklist
- Updated fastlane to the latest version
- I read the Contribution Guidelines
- I read docs.fastlane.tools
- I searched for existing GitHub issues
Issue Description
plenty of accounts got same error since yesterday, and nothing usefull found so far. about half accounts got errors, and other 50% accounts worked well. tried fastlane 2.131.0 and 2.142.0
Command executed
command: fastlane cert -u xxxx@xxxx.com
Please enter the 6 digit code:
796984
Requesting session...
Looking for related GitHub issues on fastlane/fastlane...
[!] The request could not be completed because:
Unauthorized Access
Complete output when running fastlane, including the stack trace and command used
shenlongdeMac:*@126.com shenlong$ fastlane cert -u *@126.com
[⠼] 🚀 /Users/shenlong/.rvm/gems/ruby-2.7.0-preview1/gems/faraday_middleware-0.13.1/lib/faraday_middleware/response_middleware.rb:14: warning: Capturing the given block using Proc.new is deprecated; use `&block` instead
[✔] 🚀
[20:38:09]: Get started using a Gemfile for fastlane https://docs.fastlane.tools/getting-started/ios/setup/#use-a-gemfile
+----------------------+-----------------------------------------------------+
| Summary for cert 2.142.0 |
+----------------------+-----------------------------------------------------+
| username | *@126.com |
| development | false |
| force | false |
| generate_apple_certs | false |
| keychain_path | /Users/shenlong/Library/Keychains/login.keychain-db |
| platform | ios |
+----------------------+-----------------------------------------------------+
[20:38:10]: Starting login with user '*@126.com'
/Users/shenlong/.rvm/gems/ruby-2.7.0-preview1/gems/faraday_middleware-0.13.1/lib/faraday_middleware/response_middleware.rb:14: warning: Capturing the given block using Proc.new is deprecated; use `&block` instead
/Users/shenlong/.rvm/gems/ruby-2.7.0-preview1/gems/faraday_middleware-0.13.1/lib/faraday_middleware/response_middleware.rb:14: warning: Capturing the given block using Proc.new is deprecated; use `&block` instead
-------------------------------------------------------------------------------------
Please provide your Apple Developer Program account credentials
The login information you enter will be stored in your macOS Keychain
You can also pass the password using the `FASTLANE_PASSWORD` environment variable
See more information about it on GitHub: https://github.com/fastlane/fastlane/tree/master/credentials_manager
-------------------------------------------------------------------------------------
Password (for *@126.com): ********
Two-factor Authentication (6 digits code) is enabled for account '*@126.com'
More information about Two-factor Authentication: https://support.apple.com/en-us/HT204915
If you're running this in a non-interactive session (e.g. server or CI)
check out https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification
(Input `sms` to escape this prompt and select a trusted phone number to send the code as a text message)
(You can also set the environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` to automate this)
(Read more at: https://github.com/fastlane/fastlane/blob/master/spaceship/docs/Authentication.md#auto-select-sms-via-spaceship-2fa-sms-default-phone-number)
Please enter the 6 digit code:
847823
Requesting session...
Looking for related GitHub issues on fastlane/fastlane...
[!] The request could not be completed because:
Unauthorized Access
Environment
✅ fastlane environment ✅
Stack
| Key | Value |
|---|---|
| OS | 10.14.6 |
| Ruby | 2.7.0 |
| Bundler? | false |
| Git | git version 2.20.1 (Apple Git-117) |
| Installation Source | ~/.rvm/gems/ruby-2.7.0-preview1/bin/fastlane |
| Host | Mac OS X 10.14.6 (18G95) |
| Ruby Lib Dir | ~/.rvm/rubies/ruby-2.7.0-preview1/lib |
| OpenSSL Version | OpenSSL 1.1.1d 10 Sep 2019 |
| Is contained | false |
| Is homebrew | false |
| Is installed via Fabric.app | false |
| Xcode Path | /Applications/Xcode.app/Contents/Developer/ |
| Xcode Version | 10.3 |
System Locale
| Variable | Value | |
|---|---|---|
| LANG | zh_CN.UTF-8 | ✅ |
| LC_ALL | ||
| LANGUAGE |
fastlane files:
No Fastfile found
No Appfile found
fastlane gems
| Gem | Version | Update-Status |
|---|---|---|
| fastlane | 2.142.0 | ✅ Up-To-Date |
Loaded fastlane plugins:
No plugins Loaded
Loaded gems
| Gem | Version |
|---|---|
| did_you_mean | 1.3.0 |
| executable-hooks | 1.6.0 |
| bundler-unload | 1.0.2 |
| rubygems-bundler | 1.4.5 |
| bundler | 2.1.4 |
| slack-notifier | 2.3.2 |
| atomos | 0.1.3 |
| CFPropertyList | 3.0.2 |
| claide | 1.0.3 |
| colored2 | 3.1.2 |
| nanaimo | 0.2.6 |
| xcodeproj | 1.15.0 |
| rouge | 2.0.7 |
| xcpretty | 0.3.0 |
| terminal-notifier | 2.0.0 |
| unicode-display_width | 1.6.1 |
| terminal-table | 1.8.0 |
| plist | 3.5.0 |
| public_suffix | 2.0.5 |
| addressable | 2.7.0 |
| multipart-post | 2.0.0 |
| word_wrap | 1.0.0 |
| tty-screen | 0.7.1 |
| tty-cursor | 0.7.1 |
| tty-spinner | 0.9.3 |
| babosa | 1.0.3 |
| colored | 1.2 |
| highline | 1.7.10 |
| commander-fastlane | 4.4.6 |
| excon | 0.72.0 |
| faraday | 0.17.3 |
| unf_ext | 0.0.7.6 |
| unf | 0.1.4 |
| domain_name | 0.5.20190701 |
| http-cookie | 1.0.3 |
| faraday-cookie_jar | 0.0.6 |
| faraday_middleware | 0.13.1 |
| fastimage | 2.1.7 |
| gh_inspector | 1.1.3 |
| json | 2.2.0 |
| mini_magick | 4.10.1 |
| multi_xml | 0.6.0 |
| rubyzip | 1.3.0 |
| security | 0.1.3 |
| xcpretty-travis-formatter | 1.0.0 |
| dotenv | 2.7.5 |
| naturally | 2.2.0 |
| simctl | 1.6.8 |
| jwt | 2.1.0 |
| uber | 0.1.0 |
| declarative | 0.0.10 |
| declarative-option | 0.1.0 |
| representable | 3.0.4 |
| retriable | 3.1.2 |
| mini_mime | 1.0.2 |
| multi_json | 1.14.1 |
| signet | 0.13.0 |
| memoist | 0.16.2 |
| os | 1.0.1 |
| googleauth | 0.11.0 |
| httpclient | 2.8.3 |
| google-api-client | 0.36.4 |
| google-cloud-env | 1.3.0 |
| google-cloud-errors | 1.0.0 |
| google-cloud-core | 1.5.0 |
| digest-crc | 0.4.1 |
| google-cloud-storage | 1.25.1 |
| emoji_regex | 1.0.1 |
| forwardable | 1.2.0 |
| logger | 1.3.0 |
| stringio | 0.0.2 |
| ipaddr | 1.2.2 |
| openssl | 2.1.2 |
| ostruct | 0.1.0 |
| strscan | 1.0.0 |
| date | 2.0.0 |
| fileutils | 1.1.0 |
| io-console | 0.4.7 |
| zlib | 1.0.0 |
| rexml | 3.1.9 |
| psych | 3.1.0 |
| mutex_m | 0.1.0 |
generated on: 2020-03-02
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Reactions: 11
- Comments: 62 (16 by maintainers)
@janpio I was able to authenticate successfully by entering
smswhen prompted for the 2FA code and selecting the trusted phone number manually (producing a second sms), instead of entering the code that was initially generated.Wondering if this line could be related https://github.com/fastlane/fastlane/blob/master/spaceship/lib/spaceship/two_step_or_factor_client.rb#L144
i solve with this. when the prompt asked you
“Please enter the 6 digit code:” i type “sms” instead
it will ask you: Please select a trusted phone number to send code to:
and then I enter the 6 digit code I received earlier.
This works for me!
What works for me: I did change my password on Apple account and signout from all devices. Then fastlane spaceauth -u “username”, enter “sms” instead of the first code received by Apple, choose my phone number, and then enter the second sms received.
I was facing the issue and I tried changing the pwd from apple login page https://appleid.apple.com/account/manage and select the checkbox. But unsure, if this works for everyone.
@AAverin Multiple people posted the workaround here: Type
sms, hit Enter, select the phone to send the code to (if asked) and then enter the second code you are sent.To be honest it might very well be, that we did not design the 2FA logic in fastlane for the case of “first code already comes via SMS”. But of course it does make sense that this is possible.
@jesiegel1 wants to look into this a bit ❤️
thank you. this way works fine. Initial code can not work.
It didn’t work for me the
smssolutionThis worked for me. Changed my password and signed out of all devices then tried again with the new password. Thanks!
@janpio @max-ott Yea sorry, that was unclear (also to clarify the account has 2FA enabled, not 2SV).
Using the Apple ID that was throwing the unauthorized error (made sure to remove the fastlane cookie with each run):
match, phone displayed the 2FA system prompt, and entering the displayed code authenticated successfully (without inputtingsms).match, received sms, and entering the sms code threw the unauthorized error.match, received sms, enteredsmsand selected a trusted phone number, received second sms, and entering the second sms code authenticated successfully.Yes, the accounts that showed ‘Unauthorized Access’ worked as expected when I logged in web myself
Since the issue is tied to SMS/call 2FA, I was able to go around it by logging into my developer’s Apple ID from the System Preferences -> Internet Accounts (you can add a secondary Apple account there) and receiving the 2FA code directly in macOS.
We have a PR now that should fix this problem: https://github.com/fastlane/fastlane/pull/16162 The logic is quite complicated, so might take some time to get properly reviewed and merged. If you know ruby, take a look!
@janpio It seems like accounts that aren’t currently logged into any devices (which is the case for my account) will fallback automatically to sms.
I took a quick look in Postman and compared account
A(not logged in to a device) to accountB(logged into a device), and the behavior seemed to differ:B, it seems like the system 2FA code gets displayed right after thePOST https://idmsa.apple.com/appleauth/auth/signinreq is made by the spaceship client, whereas forAan sms gets sent right after theGET https://idmsa.apple.com/appleauth/authreq inhandle_two_step_or_factorA, the response forGET https://idmsa.apple.com/appleauth/authhas a few additional fields including"noTrustedDevices": trueand"mode": "sms"So I’m guessing we need to check for one of those fields, and if present, set the
code_typeand payload as if the user had enteredsms, but without thePUT https://idmsa.apple.com/appleauth/auth/verify/phonereq so we don’t generate a second code.Sounds like it is being caused by Apple’s servers, not fastlane. Unfortunately not much we can do.