expo
Unable to add device using `eas device:create` using federated Apple accounts
Build/Submit details page URL
No response
Summary
Unable to add an iOS device through eas device:create using a federated apple account. My apple account is authenticated through Microsoft login on my company's domain. When attempting to login I was being prompted to supply both an Apple ID email and a password so I created an App Specific Password for use with the EAS CLI.
It looks like the request is failing with a 400 status code from Apple when attempting to initialise the login process.
Managed or bare?
Managed
Environment
expo-env-info 2.0.7 environment info: System: OS: macOS 15.7 Shell: 5.9 - /bin/zsh Binaries: Node: 20.19.3 - ~/.nvm/versions/node/v20.19.3/bin/node Yarn: 1.22.22 - ~/.nvm/versions/node/v20.19.3/bin/yarn npm: 10.8.2 - ~/.nvm/versions/node/v20.19.3/bin/npm Managers: CocoaPods: 1.16.2 - /opt/homebrew/bin/pod SDKs: iOS SDK: Platforms: DriverKit 24.2, iOS 18.2, macOS 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2 IDEs: Android Studio: 2025.1 AI-251.26094.121.2513.14007798 Xcode: 16.2/16C5032a - /usr/bin/xcodebuild npmPackages: expo: 50.0.20 => 50.0.20 react: 18.2.0 => 18.2.0 react-dom: 18.2.0 => 18.2.0 react-native: 0.73.6 => 0.73.6 react-native-web: 0.19.6 => 0.19.6 npmGlobalPackages: eas-cli: 16.19.3 Expo Workflow: bare
Error output
EXPO_DEBUG=true EXPO_APP_STORE_DEBUG=true eas device:create -- Enabled debug logging -- This command lets you register your Apple devices (iPhones, iPads and Macs) for internal distribution of your app. Internal distribution means that you won't need to upload your app archive to App Store / Testflight. Your app archive (.ipa) will be installable on your equipment as long as you sign your application with an adhoc provisioning profile. The provisioning profile needs to contain the UDIDs (unique identifiers) of your iPhones, iPads and Macs.
First of all, choose the Expo account under which you want to register your devices. Later, authenticate with Apple and choose your desired Apple Team (if your Apple ID has access to multiple teams).
✔ You're inside the project directory. Would you like to use the snip account? … yes › Log in to your Apple Developer account to continue ✔ Apple ID: … snip › Using password for snip from your local Keychain Learn more: https://docs.expo.dev/distribution/security#keychain ⠋ Logging in...GET https://idmsa.apple.com/appleauth/auth/signin?widgetKey=e0b80c3bf78523bfe[...]add02e1bff88ec2166c6bd5a706c42 ⠋ Logging in...200 (GET https://idmsa.apple.com/appleauth/auth/signin?widgetKey=e0b80c3bf78523bfe[...]add02e1bff88ec2166c6bd5a706c42) ⠙ Logging in...POST https://idmsa.apple.com/appleauth/auth/signin/init ⠸ Logging in...Error: Request failed with status code 400 (POST https://idmsa.apple.com/appleauth/auth/signin/init) ✖ Logging in... Authentication with Apple Developer Portal failed! The first argument must be of type string or an instance of Buffer, ArrayBuffer, or Array or an Array-like Object. Received undefined TypeError [ERR_INVALID_ARG_TYPE]: The first argument must be of type string or an instance of Buffer, ArrayBuffer, or Array or an Array-like Object. Received undefined
Reproducible demo or steps to reproduce from a blank project
Run npx eas device:create either inside or outside an EAS project.
I think this may potentially be a duplicate issue showing symptoms of #1118.
Also related to #1483
Even creating the device in EAS does not work, as future builds will be unable to provision the device which was added.
I was able to get around federation for build/submission by providing ascAppId, but sadly that does not seem to work for device registration.
Edit: Looks like modifying an existing distribution profile via the Apple developer site (if you have one) to include the device may work, so long as you've also added the device to your Apple team manually. However, that isn't a permanent fix, as those profiles expire.
