Apple Authentication error

[andrewchester1]

Build/Submit details page URL

No response

Summary

When trying to create a new build with eas cli, apple authentication fails when requesting SMS 6 digit pin instead of device. We made sure eas cli is updated. This issue just started showing up yesterday.

Managed or bare?

managed

Environment

expo-env-info 1.2.1 environment info:
System:
OS: Windows 10 10.0.19045
Binaries:
Node: 18.18.0 - C:\Program Files\nodejs\node.EXE
Yarn: 1.22.22 - ~\AppData\Roaming\npm\yarn.CMD
npm: 9.8.1 - C:\Program Files\nodejs\npm.CMD
IDEs:
Android Studio: AI-221.6008.13.2211.9477386
npmPackages:
expo: ~51.0.35 => 51.0.39
react: 18.2.0 => 18.2.0
react-native: 0.74.5 => 0.74.5
react-native-web: ~0.19.6 => 0.19.13
Expo Workflow: managed

✔ Check package.json for common issues
✔ Check Expo config for common issues
✔ Check native tooling versions
✔ Check if the project meets version requirements for submission to app stores
✔ Check for common project setup issues
✖ Check dependencies for packages that should not be installed directly
✔ Check for app config fields that may not be synced in a non-CNG project
✔ Check for issues with Metro config
✔ Check npm/ yarn versions
✔ Check Expo config (app.json/ app.config.js) schema
✔ Check that packages match versions required by installed Expo SDK
✔ Check that native modules do not use incompatible support packages
✔ Check for legacy global CLI installed locally
✔ Check that native modules use compatible support package versions for installed Expo SDK

Detailed check results:

The package "@types/react-native" should not be installed directly in your project, as types are included with the "react-native" package.

One or more checks failed, indicating possible issues with the project.

Error output

√ How do you want to validate your account? ... device / sms

Internal Server Error: 'h', 'Received an internal server error from Apple's App Store Connect / Developer Portal servers, please try again later'. Retrying after 3 seconds (remaining: 3)

× Logging in...
Authentication with Apple Developer Portal failed!
Received an internal server error from Apple's App Store Connect / Developer Portal servers, please try again later
Error: build command failed.

Reproducible demo or steps to reproduce from a blank project

Run eas cli for an apple build, and request sms for authentication

[noahkurz]

I'm seeing this issue as well

[jameskennethrobinson]

Also experiencing this. Coming back to expo after 5 years and experiencing this with a new app 😂

[bmills2023]

Also having this issue with my project as well. It just started happening lately. I have never had a problem with it in the past

[andrewchester1]

Is anyone looking into this issue? It has been three days and multiple people are having the same issue. It doesn't seem like anyone from expo is even looking into this issue.

[szdziedzic]

Hey,

I can't reproduce it on my end so far. These errors are often not easily reproducible between Apple accounts, and it makes it hard to debug.

Can you run the command with EXPO_DEBUG=1 env var so we have more error details to work with?

[andrewchester1]

@szdziedzic I just ran the command. It is returning a 500, is it okay if I paste the response in this issue? Not sure if there is any sensitive data in the error

[szdziedzic]

It's best to strip any cookies/session IDs, and so on just in case. You can just post stuff relevant to an error message/error code, without any data that is specific to you like an actual phone number.

[szdziedzic]

If it's 500 it seems to be an internal server error on Apple's end 🤔 Based on the error code itself it doesn't seem that it's something wrong with the payload that is sent from EAS CLI to Apple servers because then it would be some different error code related to validation error 🤔.

Can you log in to developer.apple.com normally through the website using SMS 2FA?

[andrewchester1]

h [Error]: Received an internal server error from Apple's App Store Connect / Developer Portal servers, please try again later
at t.getAppleResponseError (C:\Users\AppData\Roaming\nvm\v18.18.0\node_modules\eas-cli\node_modules@expo\apple-utils\build\index.js:1:856515)
at block (C:\Users\AppData\Roaming\nvm\v18.18.0\node_modules\eas-cli\node_modules@expo\apple-utils\build\index.js:1:864626)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async j (C:\Users\AppData\Roaming\nvm\v18.18.0\node_modules\eas-cli\node_modules@expo\apple-utils\build\index.js:1:865138)
at async T (C:\Users\AppData\Roaming\nvm\v18.18.0\node_modules\eas-cli\node_modules@expo\apple-utils\build\index.js:1:863991)
at async t.requestAsync (C:\Users\AppData\Roaming\nvm\v18.18.0\node_modules\eas-cli\node_modules@expo\apple-utils\build\index.js:1:862469)
at async t.idmsaRequestAsync (C:\Users\AppData\Roaming\nvm\v18.18.0\node_modules\eas-cli\node_modules@expo\apple-utils\build\index.js:1:736419)
at async t.sendRequestTokenToSMSAsync (C:\Users\AppData\Roaming\nvm\v18.18.0\node_modules\eas-cli\node_modules@expo\apple-utils\build\index.js:1:751279)
at async y (C:\Users\AppData\Roaming\nvm\v18.18.0\node_modules\eas-cli\node_modules@expo\apple-utils\build\index.js:1:747910)
at async y (C:\Users\AppData\Roaming\nvm\v18.18.0\node_modules\eas-cli\node_modules@expo\apple-utils\build\index.js:1:748254) {
response: {
status: 500,
statusText: '',
headers: {
server: 'Apple',
date: 'Mon, 18 Nov 2024 16:30:28 GMT',
'content-type': 'application/json;charset=UTF-8',
'transfer-encoding': 'chunked',
connection: 'close',
'x-apple-i-request-id': xxx,
'x-frame-options': 'DENY',
'x-content-type-options': 'nosniff',
'x-xss-protection': '1; mode=block',
'strict-transport-security': 'max-age=31536000; includeSubDomains; preload',
'referrer-policy': 'origin',
'x-buildversion': 'R2',
'set-cookie': [Array],
pragma: 'no-cache',
expires: 'Thu, 01 Jan 1970 00:00:00 GMT',
'cache-control': 'no-cache, no-store, no-store',
'x-apple-id-account-country': 'USA',
vary: 'accept-encoding',
},
config: {
url: 'https://idmsa.apple.com/appleauth/auth/verify/phone',
method: 'put',
data: '{"phoneNumber":{"id":1},"mode":"sms"}',
headers: [Object],
transformRequest: [Array],
transformResponse: [Array],
timeout: 0,
withCredentials: true,
adapter: [Function (anonymous)],
xsrfCookieName: 'XSRF-TOKEN',
xsrfHeaderName: 'X-XSRF-TOKEN',
maxContentLength: -1,
maxBodyLength: -1,
jar: [M],
maxRedirects: 0,
baseURL: 'https://idmsa.apple.com/',
validateStatus: [Function: validateStatus]
},
request: ClientRequest {
_events: [Object: null prototype],
_eventsCount: 2,
_maxListeners: undefined,
outputData: [],
outputSize: 0,
writable: true,
destroyed: false,
_last: true,
chunkedEncoding: false,
shouldKeepAlive: false,
maxRequestsOnConnectionReached: false,
_defaultKeepAlive: true,
useChunkedEncodingByDefault: true,
sendDate: false,
_removedConnection: false,
_removedContLen: false,
_removedTE: false,
strictContentLength: false,
_contentLength: 37,
_hasBody: true,
_trailer: '',
finished: true,
_headerSent: true,
_closed: false,
socket: [TLSSocket],
_header: 'PUT /appleauth/auth/verify/phone HTTP/1.1\r\n' +
'Accept: application/json\r\n' +
'Content-Type: application/json\r\n' +
'User-Agent: Xcode\r\n' +
'X-Xcode-Version: 7.0 (7A120f)\r\n' +
'Content-Length: 37\r\n' +
'Host: idmsa.apple.com\r\n' +
'Connection: close\r\n' +
'\r\n',
_keepAliveTimeout: 0,
_onPendingData: [Function: nop],
agent: [Agent],
socketPath: undefined,
method: 'PUT',
maxHeaderSize: undefined,
insecureHTTPParser: undefined,
joinDuplicateHeaders: undefined,
path: '/appleauth/auth/verify/phone',
_ended: true,
res: [IncomingMessage],
aborted: false,
timeoutCb: null,
upgradeOrConnect: false,
parser: null,
maxHeadersCount: null,
reusedSocket: false,
host: 'idmsa.apple.com',
protocol: 'https:',
[Symbol(kCapture)]: false,
[Symbol(kBytesWritten)]: 0,
[Symbol(kNeedDrain)]: false,
[Symbol(corked)]: 0,
[Symbol(kOutHeaders)]: [Object: null prototype],
[Symbol(errored)]: null,
[Symbol(kHighWaterMark)]: 16384,
[Symbol(kRejectNonStandardBodyWrites)]: false,
[Symbol(kUniqueHeaders)]: null
},
data: {
phoneNumber: [Object],
securityCode: [Object],
mode: 'sms',
type: 'verification',
authenticationType: 'hsa2',
autoVerified: false,
showAutoVerificationUI: false,
hideSendSMSCodeOption: false,
supervisedChangePasswordFlow: false,
supportsRecovery: true,
hsa2Account: true,
restrictedAccount: false,
managedAccount: false,
serviceErrors: [Array]
}
}
}

[andrewchester1]

@szdziedzic The entire team can authentication directly to the apple portal with SMS without an issue! I added the Error logs above and cleaned out any sensitive information

[andrewchester1]

@szdziedzic have you gotten a chance to look into this issue more? All of our agreements are to up date for Apple. It is concerning that other people are experiencing this issue as well.

[szdziedzic]

It's really hard for me to move forward without the reproducible example. I tested auth with multiple Apple accounts I have access to and it always works. Additionally, the error code signals some bug on the Apple end, because it's 500.

Is there any chance you can show me the payload (without sensitive information) sent to Apple servers from your browser when applying the SMS code? We could diff the payload then and see what's different.

[szdziedzic]

Can you try to change the domain in your ~/.app-store/auth/apple-developer-portal-domain.json from https://developer.apple.com to https://developer-mdn.apple.com? Maybe this one will help. This error might occur when apple is doing maintenance on one of these URLs sometimes.

[andrewchester1]

"~/.app-store/auth/apple-developer-portal-domain.json" is this file in unmanaged expo projects? I am unfamiliar with this file and its location. For the mean time our team has switched from sms verification to device verification and everything is working as expected, but there is a issue

[szdziedzic]

This is a file in the .app-store folder in your home directory, created by EAS CLI Apple auth utils.

[andrewchester1]

I found it. I can test this in 30 minutes, and I'll let you know if this changes anything

[jameskennethrobinson]

@szdziedzic for the record, I don't see any .app-store folder in my home.

It also seems that only some folks are experiencing this issue? If there was downtime on Apple's part, it seems that issue should be affecting everyone.

[szdziedzic]

for the record, I don't see any .app-store folder in my home.

Are you using Mac/Linux? 🤔

It also seems that only some folks are experiencing this issue? If there was downtime on Apple's part, it seems that issue should be affecting everyone.

We've seen stories in the past that auth was broken only for certain accounts on Apple and it was magically working a few days later because they fixed something on their end.

It would be helpful if you could compare the payload sent to https://idmsa.apple.com/appleauth/auth/verify/phone when authenticating using the browser vs the payload sent by EAS CLI.

[jameskennethrobinson]

@szdziedzic Yes, using MacOS

[andrewchester1]

I tested eas apple authentication with https://developer-mdn.apple.com, but I am still seeing the same error

[ahmadelafify]

Any solution??

[andrewchester1]

Any solution??

Sadly no. According to the Expo team this is probably an issue on Apple's side of things. With the amount of traction this issue has been getting, I'm doubtful this is an apple issue, since sms authentication works on the portal without an issue.

[kylealwyn]

+1 on the issue and subscribing - will try to post helpful debug info when possible

[jameskennethrobinson]

Disappointing! Seems less likely than not Apple is returning random 500 codes, but nothing is impossible. Back to good old Xcode 🤓

…

On Wed, Nov 20, 2024 at 16:14 Kyle Alwyn ***@***.***> wrote: +1 on the issue and subscribing - will try to post helpful debug info when possible — Reply to this email directly, view it on GitHub <#2698 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AB53IROZHMBGNYSYW6QCNIL2BUQXXAVCNFSM6AAAAABR3NTNUGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIOBZHAYDGMBUGQ> . You are receiving this because you commented.Message ID: ***@***.***>

[smisaacs]

hitting this as well. Changing the url in that file did not work.

[szdziedzic]

I asked a couple of people to try to repro this internally, but no luck, unfortunately 😞

I also manually analyzed the /appleauth/auth/verify/phone request sent by EAS CLI and the one sent by the browser. It seems like they match 🤔 Can you try to inspect network traffic and see what request with what payload is made by Apple's web app when authenticating through the browser and selecting SMS 2FA for you?

I really want to help solve it, but it's tough for me to even understand what's going on if I can't reproduce it on my end.

You can also try to set EXPO_APP_STORE_DEBUG to 1 for extra Apple auth debug logs.

[szdziedzic]

If I could see what's different between these 2 requests or be able to repro it, it would be really helpful.

[oogunjob]

Having the same issue still @JayOfemi

[Dhivas-Sugumar]

Having the same issue as well. Was able to resolve this by logging into the apple account associated with the Apple developer account. Not ideal, but a quick workaround. Would be great to have a permanent fix!

[JavaScriptJohn]

Having the same issue as well. Was able to resolve this by logging into the apple account associated with the Apple developer account. Not ideal, but a quick workaround. Would be great to have a permanent fix!

For the record I have done this multiple times and it has not fixed my issue.

[camsjams]

For those of us without Macs, there are no solutions. One of the key features of the Expo platform that we admire is the fact that we aren't beholden to having an Apple product.

On the Apple website where this issue occurs, I found that pressing "resend" does send a 2FA SMS code.

The error message in the eas-cli also seems to suggest same feature:

Verification codes can’t be sent to this phone number at this time. Please try again later.'. Retrying after 3 seconds 

Could add a retry option (maybe ENV var or something) to attempt sending the code again.

[tmeduho]

same issue here

[szdziedzic]

We were running into this same issue when trying to use work Apple accounts tied to our personal phone numbers. We were able to get around the issue by logging into those Apple accounts directly via systems settings on our macOS machines and running eas again.

Just to make sure I understand it correctly - you started to use the device 2FA method using your Mac as the selected device, right? It's not like the SMS method started to work after you did it, correct?

[szdziedzic]

From our observations, it seems to only occur for American phone numbers for now. Let me know if this observation isn't correct.

[szdziedzic]

When it comes to the affected account we have access to internally (mentioned here), we were able to see that there are some headers different in the requests done via the website and ones done through CLI. We are trying to find the right combination of headers to fix the issue, but the bad thing is that we can only try different requests 4 times before getting locked out. It makes it pretty hard to fix.

[szdziedzic]

We've just published 14.0.3 with the fix to this problem. Can you please confirm that it works for you as well on the latest version? 🙏

[JavaScriptJohn]

Still not working for me

eas -v
eas-cli/14.0.3 linux-x64 node-v18.20.4

Authentication with Apple Developer Portal failed!
Received an internal server error from Apple's App Store Connect / Developer Portal servers, please try again later. Service errors:

• Verification codes can’t be sent to this phone number at this time. Please try again later.
  Error: build command failed.

[tmeduho]

Unfortunately I'm still receiving the same error on 14.0.3

✔ Please select a trusted phone number to send code to › +1 ...

Internal Server Error: 'h', 'Received an internal server error from Apple's App Store Connect / Developer Portal servers, please try again later. Service errors:

• Verification codes can’t be sent to this phone number at this time. Please try again later.'. Retrying after 3 seconds (remaining: 3)

✖ Logging in...
Authentication with Apple Developer Portal failed!
Received an internal server error from Apple's App Store Connect / Developer Portal servers, please try again later. Service errors:

• Verification codes can’t be sent to this phone number at this time. Please try again later.
  Error: build command failed.

[david529smith]

This may be redundant, but make sure in your https://account.apple.com, there is a phone number in your "email & phone numbers". I have been getting this error, and when I tried to log in using a different account that has my phone attached, it worked. Now I'm stuck trying to find a phone number that isn't linked to an account already.

Apple sends this error:
Authentication with Apple Developer Portal failed!
Received an internal server error from Apple's App Store Connect / Developer Portal servers, please try again later. Service errors:

• Verification codes can’t be sent to this phone number at this time. Please try again later.

if there is no phone number there, even if you have a "trusted phone number" set up. It has to be a phone number linked to your account. Hope this helps, cause this is where I found my problem.

[EvanBacon]

I was able to reproduce the issue before (American phone number, located in America) and can confirm that eas-cli/14.0.3 darwin-arm64 node-v20.12.2 works. This shouldn't be needed, but you can try clearing the local auth caches on your computer with rm -rf ~/.app-store/, and signing in again.

[tmeduho]

I was able to reproduce the issue before (American phone number, located in America) and can confirm that eas-cli/14.0.3 darwin-arm64 node-v20.12.2 works. This shouldn't be needed, but you can try clearing the local auth caches on your computer with rm -rf ~/.app-store/, and signing in again.

Okay this is good actually, I did get it to work when using node 20..

[JavaScriptJohn]

eas-cli/14.0.3 linux-x64 node-v20.18.1

I was able to reproduce the issue before (American phone number, located in America) and can confirm that eas-cli/14.0.3 darwin-arm64 node-v20.12.2 works. This shouldn't be needed, but you can try clearing the local auth caches on your computer with rm -rf ~/.app-store/, and signing in again.

Okay this is good actually, I did get it to work when using node 20..

Still not working for me:
eas-cli/14.0.3 linux-x64 node-v20.18.1

[ateethk]

It's working now for me on node v22.12.0 and eas-cli/14.0.3

[TrevPennington]

Would not work on eas-cli/14.0.3 for me. Downgraded to 14.0.0 and it works

[camsjams]

Amazing! 🎉 🚀

Updating to eas-cli/14.0.3 solved the login with SMS issue for me!

Thank you so much - we can build!

Full version - eas-cli/14.0.3 linux-x64 node-v18.20.5

[alimek]

14.0.3 solved problem with eas build for me, but i still getting error when eas submit for stores.

✔ Apple ID: … XXXX
› Restoring session /Users/alimek/.app-store/auth/XXX/cookie
› Session expired Local session
› Using password for XXX from your local Keychain
  Learn more: https://docs.expo.dev/distribution/security#keychain
✔ Logged in New session
✔ Select a Team › XXX
✔ Select a Provider › XXX
✖ Couldn't switch to provider XXX
Authentication with Apple Developer Portal failed!
Apple 401 detected - You are either not logged in, your account doesn't have access to the requested data, or the page doesn't exist
Submission failed

[szdziedzic]

@alimek can you try to do rm -rf ~/.app-store/ to clear the cache?

[alimek]

@alimek can you try to do rm -rf ~/.app-store/ to clear the cache?

Tried, asking for device/sms verification (tried both - device and sms) and still getting same issue.

Same error was for eas build and last version of eas-cli solved it, i am pretty sure I am admin in the Team so I dont think so its problem with my account.

➜  expo git:(main) eas --version             
eas-cli/14.0.3 darwin-arm64 node-v22.11.0

[willhamilton24]

Same issue, going to try messing with the version.

[rcuff-genesis]

√ Logged in, verify your Apple account to continue

Internal Server Error: 'h', 'Received an internal server error from Apple's App Store Connect / Developer Portal servers, please try again later. Apple service errors:

• Verification codes can’t be sent to this phone number at this time. Please try again later.
  If you encounter persistent issues with Apple 2FA SMS authentication, you can try using these workarounds: https://expo.fyi/apple-2fa-sms-issues-workaround.md.'. Retrying after 3 seconds (remaining: 3)

× Logging in...
Authentication with Apple Developer Portal failed!
Received an internal server error from Apple's App Store Connect / Developer Portal servers, please try again later. Apple service errors:

• Verification codes can’t be sent to this phone number at this time. Please try again later.
  If you encounter persistent issues with Apple 2FA SMS authentication, you can try using these workarounds: https://expo.fyi/apple-2fa-sms-issues-workaround.md.
  Error: build command failed.

Still getting this bug but do not have access to a apple product to login to developer account. I have updated to newest eas-cli version and still no luck 👎.

[FreddyJohn]

Yeah, really deeply need this fixed, can't add new provision profile changes and cannot push to App Stores, this is blocking our release date. Please fix this quickly

[JavaScriptJohn]

I was able to get it working by taking one of my test apple devices, factory resetting it and logging in under the same apple credentials I use for eas. When I did an EAS build it asked me if i wanted to use 2fa from my device and it worked.

For the record, I don't condone this fix because it required an apple device.

[brentvatne]

14.0.3 solved problem with eas build for me, but i still getting error when eas submit for stores.

✔ Apple ID: … XXXX
› Restoring session /Users/alimek/.app-store/auth/XXX/cookie
› Session expired Local session
› Using password for XXX from your local Keychain
  Learn more: https://docs.expo.dev/distribution/security#keychain
✔ Logged in New session
✔ Select a Team › XXX
✔ Select a Provider › XXX
✖ Couldn't switch to provider XXX
Authentication with Apple Developer Portal failed!
Apple 401 detected - You are either not logged in, your account doesn't have access to the requested data, or the page doesn't exist
Submission failed

can you clear the ~/.app-store directory and retry?

[brentvatne]

if you are encountering any issues related to those discussed in this thread, please do the following, in order:

1. update to the latest eas-cli: npm i -g eas-cli (or the equivalent for whatever pkg manager you use)
2. verify you are using the latest eas-cli: eas -v - this should be 14.1.0 or greater
3. delete ~/.app-store (eg: rm -rf ~/.app-store) (on windows, this should be: C:\Users\YourUsername\.app-store - you can use rmdir in your terminal)
4. try building again

if you are still having problems after doing this, please create a new issue with more information. thank you!