Use Apple's "Application Specific Password" feature for connecting Apple Developer Accounts

ios

#1

Description of the feature request

Allow users to connect Bitrise to their Apple Developer Account using Apple’s provided App-Specific password feature. https://support.apple.com/en-us/HT204397

This is an alternative to providing Bitrise with actual credentials to the Apple Developer Account itself.

Since I do not know what, if any, limitations there are with App Specific Password access, I am not certain this will be sufficient to perform the work Bitrise needs to perform during its various iOS build steps. However, it does appear that these passwords work for Fastlane and so I suspect it would probably work for Bitrise as well: https://docs.fastlane.tools/best-practices/continuous-integration/#use-of-application-specific-passwords-and-spaceauth

Use case / for what or how I would use it

Currently, Bitrise allows users to connect Apple Developer Accounts so that certain iOS build steps can automate the process of building, signing, and deploying iOS apps. The included functionality does work and even functions with 2FA. However, there are certain drawbacks to this method. First, a user must provide their AppleId credentials to Bitrise. And while we trust Bitrise with several other secrets, it would be preferable to not share this one if possible. Second, the user must remember to go and refresh the Apple Developer Account connection every 30 days since the token it obtains expires in as much time. This will cause builds to break and is a nuisance.

I would very much appreciate it if someone would look into this and see if it is a possibility. As a test, I did go and try to use an Application Specific password to connect my account to Bitrise but it did not work.

Thank you,
Dustin


Mandatory 2FA (Two Factor Authentication) for Apple Developer Accounts
#2

Thanks for the #feature-request @dgraham, don’t forget to vote for it!


#3

Yes please!
Not that apple is mandating 2FA for developer accounts, re-authentication in Bitrise every 30 days is not practical.


#4

There are quite a few limitations for App Specific Password - we’ll use their new official API instead. This is already in the works but unfortunately it doesn’t support anything code signing related, which is our primary use case for the connected apple account today.

As soon as the code signing related APIs are available we’ll switch to the new apple api completely https://developer.apple.com/app-store-connect/api/ and that will resolve all the issues listed here :slight_smile:

Thanks everyone for sharing details here, we really appreciate it!
Happy Building! :rocket: