eas-cli
eas-cli copied to clipboard
expo
Cannot log in to Apple Developer with a federated account
Build/Submit details page URL
No response
Summary
When attempting to run an iOS build, I'm prompted to sign in with my Apple Developer account; however, my account is federated so there is no password (I think this is a fairly new Apple ID feature).
I also tried asking the EAS CLI not to sign in and just allow me to populate whatever information is needed manually, but it ends up just asking for my Apple ID password again, at which point I'm stuck.
Here's the output of the sign-in attempt:
eas build -p ios main...origin/main
✔ Linked to project @rownd/rownd-sandbox (https://expo.dev/accounts/rownd/projects/rownd-sandbox)
Specifying "ios.bundleIdentifier" in app.json is deprecated for bare workflow projects.
EAS Build depends only on the value in the native code. Please remove the deprecated configuration.
✔ Using remote iOS credentials (Expo server)
If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the missing values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … no
No problem! 👌 If any of the next steps will require Apple account access we will ask you again about it.
› Log in to your Apple Developer account to continue
✔ Apple ID: … <email redacted>
› The password is only used to authenticate with Apple and never stored on EAS servers
Learn more: https://bit.ly/2VtGWhU
✔ Password (for [email protected]): … *******
› Saving Apple ID password to the local Keychain
Learn more: https://docs.expo.dev/distribution/security#keychain
✖ Logging in...
Authentication with Apple Developer Portal failed!
Failed to set up credentials.
Error: Apple Service Error -22320. Federated Authentication is required
Managed or bare?
bare
Environment
expo-env-info 1.0.3 environment info: System: OS: macOS 12.4 Shell: 5.8.1 - /bin/zsh Binaries: Node: 16.10.0 - ~/.nvm/versions/node/v16.10.0/bin/node Yarn: 1.22.11 - ~/.nvm/versions/node/v18.0.0/bin/yarn npm: 7.24.0 - ~/.nvm/versions/node/v16.10.0/bin/npm Managers: CocoaPods: 1.11.3 - /usr/local/bin/pod SDKs: iOS SDK: Platforms: DriverKit 21.4, iOS 15.5, macOS 12.3, tvOS 15.4, watchOS 8.5 IDEs: Android Studio: 2021.1 AI-211.7628.21.2111.8309675 Xcode: 13.4/13F17a - /usr/bin/xcodebuild npmPackages: expo: ~44.0.0 => 44.0.6 react: 17.0.1 => 17.0.1 react-dom: 17.0.1 => 17.0.1 react-native: 0.64.3 => 0.64.3 react-native-web: 0.17.1 => 0.17.1 npmGlobalPackages: eas-cli: 0.52.0 expo-cli: 5.4.6 Expo Workflow: bare
Error output
No response
Reproducible demo or steps to reproduce from a blank project
N/A - it's just the CLI
you can use credentials.json and provide all the files there
if you want to use managed credentials without logging to apple it should be possible for some cases e.g app store build, but we are requiring logging in if you are building internal distribution
This issue is stale because it has been open for 30 days with no activity. If there is no activity in the next 7 days, the issue will be closed.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@wkozyra95 I'm fairly new to this, so not sure I fully follow you. Are you saying I should be able to create a credentials.json file somewhere and add some values to that? I'm not sure what I would add or where I would get the creds.
I'm not sure what I would add or where
https://docs.expo.dev/app-signing/local-credentials/
or where I would get the creds.
you generate them on apple developer portal, there are a lot of tutorials how to do that e.g. https://devcenter.bitrise.io/en/code-signing/ios-code-signing/generating-ios-code-signing-files.html
Thanks for the pointers, I'll give this a try. Do you know if there are plans to support Apple's ID federation at some point? I know it's a fairly new capability within Apple ID, but seems important going forward as more companies begin using it.
@wkozyra95 I attempted to configure credentials.json using the instructions provided. I keep getting the following error when trying to build:
eas build main...origin/main
✔ Select platform › iOS
✔ Linked to project @rownd/rollorflop
Specifying "ios.bundleIdentifier" in app.json is deprecated for bare workflow projects.
EAS Build depends only on the value in the native code. Please remove the deprecated configuration.
✔ Using remote iOS credentials (Expo server)
If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the missing values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … no
No problem! 👌 If any of the next steps will require Apple account access we will ask you again about it.
Skipping Distribution Certificate validation on Apple Servers because we aren't authenticated.
Provisioning profile is not associated with uploaded Distribution Certificate.
› Log in to your Apple Developer account to continue
At which point, I'm stuck since I can't sign into my federated Apple ID.
I uploaded a provisioning profile and what should be an associated key/cert to EAS, and as far as I can tell, everything matches up. Not sure where to go from here...
Using remote iOS credentials (Expo server)
it's using remote credentials, you need to set credentialsSource to local to use values from credentials.json https://docs.expo.dev/build-reference/eas-json/#credentialssource
I am also facing this issue.
Does eas-cli support logging via SSO?
npx eas-cli credentials
npx: installed 321 in 10.349s
✔ Select platform › iOS
✔ Which build profile do you want to configure? › development
✔ Using build profile: development
If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the missing values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … yes
› Log in to your Apple Developer account to continue
✔ Apple ID: … [email protected]
› Using password for [email protected] from your local Keychain
Learn more: https://docs.expo.dev/distribution/security#keychain
✖ Logging in...
Authentication with Apple Developer Portal failed!
Error: Apple Service Error -22320. Federated Authentication is required
maybe this is since apple switched to using passkey type auth? doesn't work for me either.
