Mandatory 2FA (Two Factor Authentication) for Apple Developer Accounts

By the end of the Feb 19, Apple is requiring all developer accounts to use 2 FA. How will this affect workflow steps such as the “iOS Auto Provisioning” Step?

Ran into this issue after enabling 2FA yesterday and have just started to debug. Here’s the output of the iOS Auto Provisioning step without a working configuration:

+------------------------------------------------------------------------------+
| (6) ios-auto-provision                                                       |
+------------------------------------------------------------------------------+
| id: ios-auto-provision                                                       |
| version: 1.3.0                                                               |
| collection: https://github.com/bitrise-io/bitrise-steplib.git                |
| toolkit: bash                                                                |
| time: 2019-02-14T13:47:12-08:00                                              |
+------------------------------------------------------------------------------+
|                                                                              |
$ bundle install
$ bundle exec ruby /var/folders/90/5stft2v13fb_m_gv3c8x9nwc0000gn/T/bitrise944155245/step_src/step.rb
Params:
team_id: XXX
certificate_urls: ***
min_profile_days_valid: 0
passphrases: ***
distribution_type: development
project_path: ios/X.xcodeproj
scheme: X
configuration: 
build_url: https://app.bitrise.io/build/xxx
build_api_token: ***
keychain_path: /Users/vagrant/Library/Keychains/login.keychain
keychain_password: ***
verbose_log: no
generate_profiles: no
Developer Portal authentication
Session loaded from environment variable is not valid. Continuing with normal login.
Two-step Verification (4 digits code) or Two-factor Authentication (6 digits code) is enabled for account 'xxx@xxx.com'
More information about Two-step Verification (4 digits code): https://support.apple.com/en-us/HT204152
More information about Two-factor Authentication (6 digits code): https://support.apple.com/en-us/HT204915
Two-factor Authentication (6 digits code) is enabled for account 'xxx@xxx.com'
If you're running this in a non-interactive session (e.g. server or CI)
check out https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification
Please enter the 6 digit code: 
Error:
The input stream is exhausted.
Stacktrace (for debugging):
/usr/local/lib/ruby/gems/2.5.0/gems/highline-1.7.10/lib/highline.rb:868:in `get_line'
/usr/local/lib/ruby/gems/2.5.0/gems/highline-1.7.10/lib/highline.rb:891:in `get_response'
/usr/local/lib/ruby/gems/2.5.0/gems/highline-1.7.10/lib/highline.rb:264:in `ask'
/usr/local/lib/ruby/gems/2.5.0/gems/fastlane-2.113.0/spaceship/lib/spaceship/two_step_or_factor_client.rb:129:in `handle_two_factor'
/usr/local/lib/ruby/gems/2.5.0/gems/fastlane-2.113.0/spaceship/lib/spaceship/two_step_or_factor_client.rb:25:in `handle_two_step_or_factor'
/usr/local/lib/ruby/gems/2.5.0/gems/fastlane-2.113.0/spaceship/lib/spaceship/client.rb:493:in `send_shared_login_request'
/usr/local/lib/ruby/gems/2.5.0/gems/fastlane-2.113.0/spaceship/lib/spaceship/portal/portal_client.rb:28:in `send_login_request'
/usr/local/lib/ruby/gems/2.5.0/gems/fastlane-2.113.0/spaceship/lib/spaceship/client.rb:751:in `do_login'
/usr/local/lib/ruby/gems/2.5.0/gems/fastlane-2.113.0/spaceship/lib/spaceship/client.rb:383:in `login'
/usr/local/lib/ruby/gems/2.5.0/gems/fastlane-2.113.0/spaceship/lib/spaceship/client.rb:345:in `login'
/usr/local/lib/ruby/gems/2.5.0/gems/fastlane-2.113.0/spaceship/lib/spaceship/portal/spaceship.rb:25:in `login'
/private/var/folders/90/5stft2v13fb_m_gv3c8x9nwc0000gn/T/bitrise944155245/step_src/lib/autoprovision/portal/auth_client.rb:9:in `login'
/private/var/folders/90/5stft2v13fb_m_gv3c8x9nwc0000gn/T/bitrise944155245/step_src/lib/autoprovision/auth_helper.rb:26:in `login'
/var/folders/90/5stft2v13fb_m_gv3c8x9nwc0000gn/T/bitrise944155245/step_src/step.rb:25:in `<main>'
|                                                                              |
+---+---------------------------------------------------------------+----------+
| x | ios-auto-provision (exit code: 1)                             | 21 sec   |
+---+---------------------------------------------------------------+----------+
| Issue tracker: ...github.com/bitrise-steplib/steps-ios-auto-provision/issues |
| Source: https://github.com/bitrise-steplib/steps-ios-auto-provision          |
+---+---------------------------------------------------------------+----------+

Also see:

This will not affect the iOS Auto Provisioning step, as you authenticate that by connecting your Apple Dev Portal account to your bitrise.io account, which supports 2FA completely: https://devcenter.bitrise.io/getting-started/signing-up/connecting-apple-dev-account/

Other steps:

• fastlane can be problematic, but we plan to implement a solution to use the Apple Dev Portal account you connect to your bitrise.io account in the fastlane bitrise step
• We plan to implement the same connection in the “Deploy to iTunes Connect” step https://www.bitrise.io/integrations/steps/deploy-to-itunesconnect-deliver , which is based fastlane deliver
• The Deploy to iTunes Connect using Application Loader step (https://www.bitrise.io/integrations/steps/deploy-to-itunesconnect-application-loader) uses the Apple Application Loader tool (comes with Xcode.app) which is one of the official ways to upload apps to the app store, which means Apple cares about not breaking it

If you have concerns for any other step please let us know!

If you enable 2FA for the account you have to re-connect it on bitrise.io . Once you re-connected it the iOS Auto Provisioning step will work without any issue

I can confirm that “iOS Auto Provisioning” works fine with 2FA enabled.
However, I couldn’t get “Deploy to iTunes Connect” to work so far. I entered an application specific password, but fastlane asked for the 6 digit code as I could see in the log. I tried to follow the steps described here: https://docs.fastlane.tools/best-practices/continuous-integration/#two-step-or-two-factor-auth and setup a FASTLANE_SESSION env variable, but again it didn’t work with some obscure error. Additionally, the whole procedure is not feasible for the 30+ apps we have setup on Bitrise.

What about using “deploy-to-itunesconnect-application-loader” instead? Would this work with 2FA?

Being able to deploy to the App Store using Bitrise is really important for us. Do you have any idea when we can see the changes you described above?

I can now also confirm that “Deploy to iTunes Connect using Application Loader” does indeed work without an issue with 2 FA enabled. Awesome!

Right, I forgot to mention that step - I’ll edit my original answer.

The Deploy to iTunes Connect using Application Loader step uses the Apple Application Loader tool (comes with Xcode.app) which is one of the official ways to upload apps to the app store, which means Apple cares about not breaking it

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.