69

Hi we're getting this error when using fastlane sigh/get_provisioning_profile. I don't think it is a fastlane issue as it happened before case1 case2 and got fixed by accepting the agreement or other unknown reason..

Need to acknowledge to Apple's Apple ID and Privacy statement. Please manually log into https://appleid.apple.com (or https://appstoreconnect.apple.com) to acknowledge the statement.

We went to

but there's nothing to approve there.

Any ideas?

Ted
  • 22,696
  • 11
  • 95
  • 109

7 Answers7

35

Summary:

Case 1:

* You don't want 2FA enabled

  1. Update Gemfile with fastlane 2.173.0 and run bundle install, bundle update fastlane, or bundle update
  2. Use SPACESHIP_SKIP_2FA_UPGRADE=1 in your CI

Case 2:

* You have 2FA enabled

* You only need non-enterprise account

  1. Generate APP_STORE_CONNECT_API_KEY from appstore connect using an Account Holder role.

enter image description here

It looks like

-----BEGIN PRIVATE KEY-----\nabcdef12345abcdef12345\n-----END PRIVATE KEY-----
  1. Add it to your CI as APP_STORE_CONNECT_API_KEY environment variable
lane :get_app_store_connect_api_key do
  ensure_env_vars(
    env_vars: [
      'APP_STORE_CONNECT_API_KEY'
    ]
  ) 
  app_store_connect_api_key(
    key_id: "12345ABCDEF",
    issuer_id: "1234abcd-12ab-12ab-12ab-123456abcdef",
    key_content: "#{ENV["APP_STORE_CONNECT_API_KEY"]}".gsub('\n', '\\n'),
    in_house: false,
  )
end
  1. Pass it to your lanes
get_provisioning_profile(api_key: get_app_store_connect_api_key)

sigh(api_key: get_app_store_connect_api_key)

pilot(api_key: get_app_store_connect_api_key)

Case 3:

* You have 2FA enabled

* You need enterprise account and fetch profiles

  1. Run
fastlane spaceauth -u user@email.com

  1. Use the output as FASTLANE_SESSION environment variable on your CI.

  2. You still need to include FASTLANE_PASSWORD

Note that this only lasts for 8 hours

Case 4:

* You have 2FA enabled

* You need enterprise or non-enterprise account

* You need to upload to appstore

  1. Create FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD from https://appleid.apple.com/account/manage

  2. Set it as environment variable in your ci

Case 5:

* You have 2FA enabled

* You need to download dsyms from appstore connect

  1. Run
fastlane spaceauth -u user@email.com

  1. Use the output as FASTLANE_SESSION environment variable on your CI.

  2. You still need to include FASTLANE_USER and FASTLANE_PASSWORD

Note that this only lasts for 8 hours

Ted
  • 22,696
  • 11
  • 95
  • 109
  • Nice explanation! Do you also have a solution for when I need download_dsyms ? I have 2FA enabled accidentially – blackjacx Feb 09 '21 at 18:25
  • Hi @blackjacx I added it as case 5 – Ted Feb 10 '21 at 06:20
  • Is it normal to use app_store_connect_api_key and fastlane to prompt me for apple userID and password? I thought that I am using the api key in order to avoid 2FA. – PoppyAnc Feb 10 '21 at 15:43
  • For upload_to_testflight, no username required – Ted Feb 10 '21 at 19:28
  • hmm.. looks like its sending 2FA on pem action. Is there anything I can do? – PoppyAnc Feb 11 '21 at 08:39
  • @PoppyAnc can you try case 5 for pem as well? – Ted Feb 12 '21 at 09:14
  • @PoppyAnc nope this should not happen – blackjacx Feb 12 '21 at 11:05
  • I'm not able to get pass this problem. I've added the spaceship reference into my fastlane file and I've created my app store connect key and added it into my fastlane teams connection setting for the app and then triggered a new build but it still fails. Any help much appreciated, what am I missing? Thank you – Jack Feb 18 '21 at 15:22
  • Hey @Jack note that you don't need FASTLANE_PASSWORD when you are using the api key. You may contact me in https://www.linkedin.com/in/gonzalezted/ lets debug it – Ted Feb 18 '21 at 18:55
  • Thanks Ted, I've sent you an email! – Jack Feb 18 '21 at 20:40
  • 1
    Thanks @Ted, I had to use both #5 for pem and #2 for pilot! – PoppyAnc Feb 23 '21 at 14:04
22

I had the same exact issue using Bitrise (another CI/CD tool). The error message was misleading because it wasn't related to accepting some new policies, but to the new authentication system used by the App Store Connect API.

To fix the issue I logged in Bitrise and I had to switch to the new authentication method as shown in the image below.

enter image description here

The old auth method was based on the credentials of a single Apple Developer user, the new method instead is based on the generation of an API Key. As you see from the screenshot below, I had to create an API key under User and Access -> Keys and then upload it to Bitrise.

enter image description here

I hope my case can help someone else to fix the issue. I am pretty sure you have to follow more or less the same procedure even if you're using a different tool.

toioski
  • 1,094
  • 10
  • 21
  • thanks for sharing.. Just a question was your bitrise build failing at the auto provision step or later at the itunes connect deployment step? – VMA92 Feb 03 '21 at 15:47
  • 2
    @VMA92 at the Auto Provision step. Indeed I had to change it to its "new" version as the Bitrise documentation is saying here: https://devcenter.bitrise.io/getting-started/configuring-bitrise-steps-that-require-apple-developer-account-data/ – toioski Feb 03 '21 at 15:58
10

I was experiencing it with an Apple account to authenticate and authorize the fastlane actions.

Changing my CI to use Apple API key seems to solve the issue.

Fasltane should use app_store_connect_api_key

Here the docs: http://docs.fastlane.tools/actions/app_store_connect_api_key/#app_store_connect_api_key

Gianluca
  • 2,379
  • 3
  • 25
  • 41
9

Have you checked your 2FA settings?

Apple announced that: "Starting February 2021, additional authentication will be required for all users to sign in to App Store Connect."

Robert
  • 91
  • 1
4

For Azure DevOps users a temporary SPACESHIP_SKIP_2FA_UPGRADE=1 works while we wait for AppStoreConnect Api key support to be merged:

https://github.com/microsoft/app-store-vsts-extension/pull/189

spaceship skip 2FA upgrade

EDIT

Pull request has been merged and API authentication now works and is the preferred way to authenticate.

AppStoreConnect API authentication

Kent Robin
  • 2,066
  • 20
  • 19
3

For those, who using Pilot there is a simple solution:

Just add this to Pilot:

skip_waiting_for_build_processing: true,
apple_id: "123456789"

You can find apple_id on AppStoreConnect in General > App information

Reference: https://dev.to/dumazy/upload-to-testflight-with-fastlane-and-2fa-11k8

Дмитрий Рудюк
  • 31
  • 1
  • 4
  • @prapin can you take a look at my solution "upload_ip"a in the below section and it worked for me successfully. Let us know for any help – Gangadhar Feb 04 '21 at 21:16
  • @Gangadhar Yes, I did today something similar to your solution, with a JSON file referred from `Fastfile` by `api_key_path`, and it worked. – prapin Feb 04 '21 at 21:30
0

In my case the following solution worked for uploading the ipa files

lane :upload_ipa do |options|
  api_key = app_store_connect_api_key(
    key_id: "xxxxx",
    issuer_id: "xxxxxx",
    key_filepath: "./fastlane/AuthKey_xxxxx.p8", #Mention the relative path
    duration: 1200, # optional
    in_house: false, # optional but may be required if using match/sigh
  )
  # The ipa and team_id are sent as options parameters to the method
  pilot(api_key: api_key, 
    ipa: options[:ipa],
    team_id: options[:team_id],
        skip_waiting_for_build_processing: true,
    wait_processing_interval: 120,
         app_platform: options[:app_platform])
end
Gangadhar
  • 86
  • 9