fastlane icon indicating copy to clipboard operation
fastlane copied to clipboard
verified publisher icon fastlane

JWT Token auth doesn't work "Please provide a properly configured and signed bearer token, and make sure that it has not expired"

Open buulka opened this issue 1 year ago β€’ 12 comments

New Issue Checklist

Issue Description

We are trying to access App Store Connect via Fastlane using JWT authentication. We have followed the instructions in the documentation, but we are encountering the following error:

β€œThe request could not be completed because: Authentication credentials are missing or invalid. Please provide a properly configured and signed bearer token, and make sure that it has not expired."

Everything worked well for some time but since 11.10.2024 we've started receiving errors.

Complete output when running fastlane, including the stack trace and command used
23:51:41 - fastlane deliver                    : INFO   [23:51:41]: Creating authorization token for App Store Connect API
23:51:44 - fastlane deliver                    : INFO   
23:51:44 - fastlane deliver                    : INFO   Looking for related GitHub issues on fastlane/fastlane...
23:51:44 - fastlane deliver                    : INFO   
23:51:44 - fastlane deliver                    : INFO   
23:51:44 - fastlane deliver                    : INFO   [!] The request could not be completed because:
23:51:44 - fastlane deliver                    : INFO   Authentication credentials are missing or invalid. - Provide a properly configured and signed bearer token, and make sure that it has not expired. Learn more about Generating Tokens for API Requests https://developer.apple.com/go/?id=api-generating-tokens
Here is our json: 
 {
                      "key_id": appstore_key_id,
                      "issuer_id": appstore_issuer_id,
                      "key": key,
                      "duration": 500,
                      "in_house": True
}
βœ… fastlane environment βœ…

Stack

Key Value
OS 14.5
Ruby 3.3.4
Bundler? false
Git git version 2.39.3 (Apple Git-146)
Installation Source /opt/homebrew/lib/ruby/gems/3.3.0/bin/fastlane
Host macOS 14.5 (23F79)
Ruby Lib Dir /opt/homebrew/Cellar/ruby/3.3.4/lib
OpenSSL Version OpenSSL 3.3.1 4 Jun 2024
Is contained false
Is homebrew false
Is installed via Fabric.app false
Xcode Path /Applications/Xcode.app/Contents/Developer/
Xcode Version 15.3
Swift Version 5.10

System Locale

Variable Value
LANG en_US.UTF-8 βœ…
LC_ALL en_US.UTF-8 βœ…
LANGUAGE

fastlane files:

No Fastfile found

No Appfile found

fastlane gems

Gem Version Update-Status
fastlane 2.225.0 βœ… Up-To-Date

Loaded fastlane plugins:

No plugins Loaded

Loaded gems
Gem Version
error_highlight 0.6.0
did_you_mean 1.6.3
syntax_suggest 2.0.0
public_suffix 5.0.5
addressable 2.8.6
artifactory 3.0.17
jmespath 1.6.2
aws-partitions 1.922.0
aws-eventstream 1.3.0
aws-sdk-core 3.194.0
aws-sdk-kms 1.80.0
aws-sdk-s3 1.149.0
babosa 1.0.4
bundler 2.5.2
rexml 3.2.8
nkf 0.1.3
base64 0.2.0
CFPropertyList 3.0.7
colored 1.2
highline 2.0.3
commander 4.6.0
dotenv 2.8.1
emoji_regex 3.2.3
excon 0.110.0
faraday-em_http 1.0.0
faraday-em_synchrony 1.0.0
faraday-excon 1.1.0
faraday-httpclient 1.0.1
multipart-post 2.4.0
faraday-multipart 1.0.4
faraday-net_http 1.0.1
faraday-net_http_persistent 1.2.0
faraday-patron 1.0.0
faraday-rack 1.0.0
faraday-retry 1.0.3
ruby2_keywords 0.0.5
faraday 1.10.3
faraday_middleware 1.2.0
domain_name 0.6.20240107
http-cookie 1.0.5
faraday-cookie_jar 0.0.7
fastimage 2.3.1
sysrandom 1.0.5
fastlane-sirp 1.0.0
gh_inspector 1.1.3
uber 0.1.0
declarative 0.0.20
trailblazer-option 0.1.2
representable 3.2.0
retriable 3.1.2
mini_mime 1.1.5
jwt 2.8.1
multi_json 1.15.0
os 1.1.4
signet 0.19.0
googleauth 1.8.1
httpclient 2.8.3
google-apis-core 0.11.3
google-apis-androidpublisher_v3 0.54.0
google-apis-playcustomapp_v1 0.13.0
google-cloud-env 1.6.0
google-cloud-errors 1.4.0
google-cloud-core 1.7.0
google-apis-iamcredentials_v1 0.17.0
google-apis-storage_v1 0.31.0
rake 13.1.0
digest-crc 0.6.5
google-cloud-storage 1.47.0
json 2.7.1
mini_magick 4.12.0
naturally 2.2.1
optparse 0.4.0
plist 3.7.1
rubyzip 2.3.2
security 0.1.5
simctl 1.6.10
terminal-notifier 2.0.0
unicode-display_width 2.5.0
terminal-table 3.0.2
tty-screen 0.8.2
tty-cursor 0.7.1
tty-spinner 0.9.3
word_wrap 1.0.0
atomos 0.1.3
claide 1.1.0
colored2 3.1.2
nanaimo 0.3.0
xcodeproj 1.24.0
rouge 2.0.7
xcpretty 0.3.0
xcpretty-travis-formatter 1.0.1
set 1.1.0
aws-sigv4 1.10.1
forwardable 1.3.3
logger 1.6.0
pathname 0.3.0
shellwords 0.2.0
cgi 0.4.1
date 3.3.4
timeout 0.4.1
stringio 3.1.1
securerandom 0.3.1
uri 0.13.0
openssl 3.2.0
digest 3.1.1
io-nonblock 0.3.0
ipaddr 1.2.6
zlib 3.1.1
resolv 0.3.0
io-wait 0.3.1
time 0.3.0
open-uri 0.4.1
mutex_m 0.2.0
net-http 0.4.1
net-protocol 0.2.2
ostruct 0.6.0
english 0.8.0
erb 4.0.3
strscan 3.0.9
abbrev 0.1.2
io-console 0.7.1
tempfile 0.2.1
delegate 0.3.1
fileutils 1.7.2
tmpdir 0.2.0
singleton 0.2.0
open3 0.2.1
prettyprint 0.2.0
pp 0.5.0
find 0.2.0
yaml 0.3.0
psych 5.1.2

generated on: 2024-11-21

buulka avatar Nov 21 '24 16:11 buulka

I downgraded Fastlane to version 2.223.0, and it helped, but I'm afraid it might cause some issues that were fixed in version 2.225.0

buulka avatar Nov 21 '24 17:11 buulka

Same problem. I couldn't test by downgrading it properly because my builds started failing with errors related to MATCH_PASSWORD. Latest version didn't work for me yet.

https://github.com/fastlane/fastlane/issues/21109#issuecomment-2489363641

ugurcanatas avatar Nov 21 '24 19:11 ugurcanatas

Same problem

li-yu avatar Nov 26 '24 08:11 li-yu

Same problem. I downgraded Fastlane to 2.223.0 as @buulka said, and it help in may case. Thanks for advice!

kamilkomnacki avatar Nov 26 '24 09:11 kamilkomnacki

I believe the issue is related to change introduced in 2.224.0: Add support for Enterprise Program API and in particular changing the hostname from api.appstoreconnect.apple.com to api.enterprise.developer.apple.com based on the in_house value of the app_store_connect_api_key token.

Given sample api token key in json format:

{
  "key_id": "XXX",
  "issuer_id": "XXX",
  "key": "XXX",
  "duration": 1200,
  "in_house": true
}

in my case changing the value true -> false for in_house helped.

But I think this is just a temporary workaround, because it's a fallback to api.appstoreconnect.apple.com and the question is why api token is not able to authenticate api.enterprise.developer.apple.com?

dees91 avatar Dec 20 '24 09:12 dees91

Same problem v2.226.0

lucasoliveiraw00 avatar Jan 07 '25 20:01 lucasoliveiraw00

I ran into this and pulled my hair out until I found a fix. We must have got it from documentation or an example somewhere.

That duration: 1200 caused our issues. Remove that line or set it to 500 (the default) to get through.

mike-odom avatar Feb 26 '25 02:02 mike-odom

I have this issue with, and without, a duration; when running as part of a GIthub Action.

madelaney avatar Mar 05 '25 20:03 madelaney

Seeing the same error. Is there a solution for this? I am unable to connect to the enterprise account with the API key.

@GevaZeichner

akshaynhegde avatar Mar 17 '25 15:03 akshaynhegde

Seeing the same error. Is there a solution for this? I am unable to connect to the enterprise account with the API key.

@GevaZeichner

Hi @akshaynhegde, have you tried these solutions?

https://github.com/fastlane/fastlane/issues/21109#issuecomment-2614513458

https://github.com/fastlane/fastlane/issues/21109#issuecomment-2505655683

GevaZeichner avatar Mar 17 '25 19:03 GevaZeichner

I have same issue. After a little research, I think fastlane generates an invalid jwt token. Because when I generate it myself according to the documentation(https://developer.apple.com/go/?id=api-generating-tokens), I don't encounter any problems. After reading the code (https://github.com/fastlane/fastlane/blob/d7f1ca8eab11fb9de96e3f02a692b4e50058c791/spaceship/lib/spaceship/connect_api/token.rb#L2) I understand that header doesn't contain "alg" key. I hope that the maintainers solve this issue quickly.

HgCl2 avatar Jun 04 '25 13:06 HgCl2

To resolve this, you can add missing keys to the token.rb file located in fastlane/spaceship/lib/spaceship/connect_api/. This solution worked for me.

HgCl2 avatar Jun 05 '25 05:06 HgCl2

To resolve this, you can add missing keys to the token.rb file located in fastlane/spaceship/lib/spaceship/connect_api/. This solution worked for me.

tried exactly this however still no luck.

I am out of ideas..

kirakoki avatar Jun 25 '25 13:06 kirakoki

@HgCl2 could you be OK to share your token.rb file please ?

because I'm facing the same issue too.

MobiliteDev avatar Aug 18 '25 14:08 MobiliteDev

Im also facing the same issue, my lane works with the majority of my builds, but there are a few that do not work and throws the error Authentication credentials are missing or invalid

gholias avatar Aug 28 '25 20:08 gholias