Apple 2FA login session token lasts for few minutes(not for 30 days as mentioned in circleci documentation)

Hello,
I have been facing Apple 2FA issue, I have generated login session token by spaceauth and used it with pipeline successfully, but the problem is that token is valid for only 30minutes while on documentation it is written that session lasts for 30 days.

I have gone through several GitHub issues(posted below) as well but found no help.

So every time I push the commit, it triggers the build and it is getting failed because login session token(generated by spaceauth) is not working anymore !

can anyone suggest me what am I missing?

Thanks

I have the same problem. It seems like any Apple ID created since sometime in late 2019 will have 2FA enabled and there’s no way to disable it.

Fastlane has some support for using an app specific password, but that’s not working for me - even when I add the FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD environment varaible, I still get prompted for 2FA mid-build.

Anyone using Fastlane successfully with an Apple ID that has 2FA enabled?

We do. At one point we accidently enabled 2FA on the account we use for builds and discovered that 'bundle exec fastlane spaceauth -u ‘ios-dev@…’ gives tokens that last for several hours max. We just created a new account and we were careful to not enable 2FA.

FYI the variable is FASTLANE_SESSION

This describes everything in great detail https://drobinin.com/posts/keep-using-fastlane-with-apples-2fa-changes/

Thanks Chris - so I’ve discovered that things have changed since that post was written:

  • You can no longer create an Apple ID that doesn’t have 2FA enabled, through any means.
  • The FASTLANE_SESSION variable only lasts for an hour or so, whereas it used to last a month.

I solved this yesterday for us. Here’s what we had to do:

  • Specify the FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD as acquired from https://id.apple.com
  • Change the upload_to_testflight call to add the skip_waiting_for_build_processing and apple_id parameters:

upload_to_testflight(skip_waiting_for_build_processing: true, apple_id: "12345")

Some of the App Store Connect endpoints will work with an app-specific password, and some won’t. Specifying those options causes upload_to_testflight to only make calls that work with the app-specific password.

None of this is required if your Apple ID doesn’t have 2FA enabled, so when Apple prompts you to do that, look for a “No thanks” button. I wouldn’t be surprised if they made it mandatory at some point.

Hope this helps save someone else some time.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.