Two-factor authentication for Apple ID / iTunes Connect TestFlight deploy

testflight
fastlane
ios
#8

Bitrise does not interpret anything in the env vars, except the $ANOTHER_ENV_VAR references if there’s any and the “expand” option is enabled. Other than that it’s just an env var, like any other.

It’s the same as if you’d run

export MY_KEY="the value here"

in your Terminal / in Bash.

0 Likes

#9

Sorry, I wasn’t precise enough - could you please share the “layout” like this:

app:
  envs:
  - MY_KEY: "the value"

So that we can see the whole “definition” / “layout” of the env config.

0 Likes

#10
---
format_version: 1.3.1
default_step_lib_source: https://github.com/bitrise-io/bitrise-steplib.git
app:
  envs:
  - opts:
      is_expand: false
    FASTLANE_WORK_DIR: "."
  - opts:
      is_expand: false
    FASTLANE_LANE: beta
  - opts:
      is_expand: false
    FASTLANE_PLATFORM_IOS: ios
  - opts:
      is_expand: false
    FASTLANE_PLATFORM_ANDROID: android
  - opts:
      is_expand: false
    FASTLANE_SESSION: "---\n- !ruby/object:HTTP::Cookie\n name: COOKIENAME\n
      value: COOKIE/2VALUE\n
      domain: idmsa.apple.com\n for_domain: true\n path: \"/\"\n secure: true\n httponly:
      true\n expires: \n max_age: 2592000\n created_at: 2017-05-02 18:01:03.754319000
      +02:00\n  accessed_at: 2017-05-02 19:42:09.357338000 +02:00"
trigger_map:
- push_branch: master
  workflow: primary
- pull_request_source_branch: "*"
  workflow: primary
  pull_request_target_branch: master
workflows:
  primary:
    steps:
    - activate-ssh-key:
        run_if: '{{getenv "SSH_RSA_PRIVATE_KEY" | ne ""}}'
    - git-clone: {}
    - fastlane:
        title: iOS Fastlane
        inputs:
        - lane: "$FASTLANE_PLATFORM_IOS $FASTLANE_LANE"
        - work_dir: "$FASTLANE_WORK_DIR"
    - npm:
        title: npm install
        inputs:
        - command: install
    - install-react-native:
        inputs:
        - version: ''
        - npm_options: ''
    - react-native-bundle:
        title: iOS RN
        inputs:
        - assetRoots: ''
        - options: ''
        - url: ''
        - root: ''
    - npm:
        title: npm test
        inputs:
        - command: run test
    - react-native-bundle:
        title: Android RN
        inputs:
        - platform: android
        - assetRoots: ''
        - options: ''
        - url: ''
        - root: ''
    - npm@0.9.0:
        title: npm increment_build
        inputs:
        - command: run increment_version
    - fastlane:
        title: Android Fastlane
        inputs:
        - lane: "$FASTLANE_PLATFORM_ANDROID $FASTLANE_LANE"
        - work_dir: "$FASTLANE_WORK_DIR"
    - deploy-to-bitrise-io@1.2.9: {}
0 Likes

#11

I think you should report this on the fastlane issue tracker, as the definition seems to be good.

The FASTLANE_SESSION: is essentially the same as

export FASTLANE_SESSION="---\n- !ruby/object:HTTP::Cookie\n name: COOKIENAME\nvalue: COOKIE/2VALUE\ndomain: idmsa.apple.com\n for_domain: true\n path: \"/\"\n secure: true\n httponly: true\n expires: \n max_age: 2592000\n created_at: 2017-05-02 18:01:03.754319000 +02:00\n  accessed_at: 2017-05-02 19:42:09.357338000 +02:00"
0 Likes

#12

This might also help: you can use the Bitrise CLI to run debug builds locally - https://www.bitrise.io/cli

Might make things easier/faster to debug.

0 Likes

#13

ok, well thanks for help anyway. this Bitrise CLI will be a big help for me for future anyway (cause pushing always to git repo is quite a pain if i do some changes locally to the pipeline or code).
If i won’t figure out the problem (maybe i screwed up the logging in in spaceauth) then I will ask guys on fastlane what might be the reason.

1 Like

#14

Sure, and if we can help with anything please let us know!

I’d also advise you to try to generate & set the value again - a quick tip: if you set the value directly in bitrise.yml mode then you don’t have to modify it, \n should remain \n, you only have to replace \n if you input the value on the Web UI / in the Editor. Simply just generate a new value and replace the value in bitrise.yml with the new one basically:

  - opts:
      is_expand: false
    FASTLANE_SESSION: "PASTE THE VALUE HERE"

Setting it through the web ui should work as well of course, but in that case you’ll have to replace the \n chars with actual newlines, which will be serialized as \n when written into YML.

1 Like

#15

I tried to generate new one and right now I get the message
"Two Factor Authentication for account ‘xxx@xxx.com’ is enabled
Your session cookie has been expired.
Please enter the 6 digit code: "

Which is 100% fastlane related. Though sadly no idea how to solve that one, but now I’m a one step closer.

CLI is quite a good feature

0 Likes

#16

It seems signing in on appleid.apple.com might help - https://github.com/fastlane/fastlane/issues/4157

0 Likes

#17

I saw this previously. but sadly nothing happens after that.

0 Likes

#18

We just discovered one more edge case when 2FA / the Fastlane Session won’t work: our servers are running in US and it seems that the (fastlane / apple) session is location aware. This means that it might not work if you’re not in the same “region” as where it’s used. It should work if you’re in the US where our runners are, but otherwise if you generate a session on your Mac it might not work on our US build machines.

Related fastlane issue & discussion:

1 Like

#19

I am getting
there is no web session to update
I ran 36 builds with trial and errors… please someone help me!

0 Likes

#20

Hi @fabrygio,

Did you try the things mentioned before in this thread?
If you did, I’d suggest you to contact the fastlane guys as our step just runs the relevant fastlane tool - you can see the exact command the step runs in the step’s log.

0 Likes

#21

If you can share more about the issue @fabrygio we can also try to debug it (e.g. send the full log to us in email or just copy paste the whole step log here).

Actually I think this error is something new, never seen it before, so can you please do this? Either send the build URL in email / through the onsite chat or copy paste the step’s log here and we’ll check it ASAP!

0 Likes

#22

My bad. I was using an old version of Fastlane

1 Like

#23

Ahh, indeed, if you use any fastlane tool/command which has to communicate with the iTunes Connect server you should always use the latest fastlane version, as iTC doesn’t have a public API and they do change the API from time to time, and when that happens only the updated fastlane versions will work / will have the proper, updated API calls.

0 Likes

#24

@Shiro Were you able to find a workaround? I’m having the same issue here too. I’m stuck at

0 Likes

Mandatory 2FA (Two Factor Authentication) for Apple Developer Accounts
#25

This Bitrise.io built in Apple Dev Portal auth now works with the fastlane step too: https://blog.bitrise.io/app-store-connect-2fa-solved-on-bitrise

With this you can connect your Apple Dev Portal account to your Bitrise.io account and then the official Bitrise fastlane step will use that connection to generate the fastlane specific session cookie automatically! :rocket:

1 Like

#26

Hi, I have enabled this option, and when running the build immediately after connecting my account everything work, awesome.

Unfortunately, it stops working after some short period of inactivity, i’m not sure how long but I’m guessing 24 hours. After that I see this error in our build:

If i go into the integration settings page, it shows our Apple 2fa is valid for another 30 days, if i I click to re-authenticate, despite it saying the code is still valid, the next build works! But then i have todo this again the next day.

I was searching through the fastlane docs, but can’t figure out why i have to re-auth my 2fa code every 24 hours. We are running on the latest fastlane version. Any ideas?

Thanks!

0 Likes

#27

Hy there, The website is kind of hardcoded on this, and apple tends to change the validity of the session cookies pretty frequently. but yeah, running a build daily that in a way uses the apple account, (like with the iOS auto provision step) can manage this issue I think :thinking:

0 Likes