2 Factor Authentication does not work

[emendamus]

It is not possible to submit an app with 2-Factor-Authentication.
There is no way to enter the verificatin code. So an app specific password should be used.

[lkillgore]

This feature is now available as of version 1.116.0.

[zhankezk]

This is great news! However how to use this?

[lkillgore]

Hi @zhankezk, I hope we made adding 2FA to a build as easy as possible. It requires you to set up an 'app specific password' and get a 'fastlane session' (which should be easy enough to do on your developer box). These can be added to your Service Endpoint, or you can add them in the fields made when selecting two-step verification.

See: https://github.com/Microsoft/app-store-vsts-extension#app-store-release.

(PS - Thanks to fastlane for doing the heavy lifting in making this possible.)

[zhankezk]

Thanks! I saw the options when I opened the Endpoint setups. However don't see any instructions about 2FA in the github link you sent :-( not sure I am looking at wrong places.

And Not sure how to use Deliverfile with the extension?

[lkillgore]

Two places to look for documentation beyond the help in the plugin:

1. Apple's developer website and account website. This might be a good place to start: https://support.apple.com/en-us/HT204397. (Also: https://appleid.apple.com/account/manage, https://support.apple.com/en-us/HT204915.)
2. fastlane's documentation. FASTLANE_SESSION is a requirement for the 2FA, so that'll be a requirement to know how to setup. Their documentation is here: https://github.com/fastlane/fastlane/tree/master/spaceship

FWIW, I agree this is a weakness in our documentation for our plugin. I'll look into fleshing it in.

As for Deliverfile, you'll find the option to 'Upload Metadata' when distributing 'Production' builds. If you select that, you'll see there's an option to supply a path to the metadata. (See: https://github.com/fastlane/fastlane/tree/master/deliver#usage)

[zhankezk]

Thanks for sharing all the documentations. I was using them already, was just hoping for more information specific to the VSTS extension. I pretty much know how to setup now. But while trying to generate a session using fastlane, keep getting errors... give up for now. Fight another day.. Thanks again!

[lkillgore]

@zhankezk, I feel your pain! Fight on! 😄

[duckwaffle]

Hey guys, just want to jump on this, I'm trying to use the new 2fa auth in a Release definintion, but no matter if I use username + password or service endpoint, I'm still hanging on the prompt to select a verification device.

The documentation on how to create a service endpoint is pretty unclear, but I have created one which is:
Username: my apple id
Password: the regular password to that apple id
App-specific password: a valid one that I have generated for this task
Web session: ---\n- !ruby/object:HTTP::Cookie\n name: [the hash of the name]\n value: [the value]\n domain: idmsa.apple.com\n for_domain: true\n path: "/"\n secure: true\n httponly: true\n expires: \n max_age: 2592000\n created_at: &1 2017-05-11 16:34:33.179130000 +10:00\n accessed_at: *1\n

Is there anything I am missing here? It still asks me to select a device to verify my identity.

I am using v116 of the task.

[lkillgore]

Hi @duckwaffle, it appears to me that you've configured it correctly. How did you setup your fastlane session? It should look something like: fastlane spaceauth -u [apple-id-user-email]. Your configuration sounds correct, so my question is 'is your session connected to the same username / password for the build?'

[duckwaffle]

Hi @lkillgore thats exactly how I set up the web session.

I'm not sure I understand your question, I'm definitely using the same username/password for the web session and the release definition task settings. The only thing I can think of is that the user account is connected to multiple teams, however I would think that this wouldn't stop me from getting past the login of fastlane.

[duckwaffle]

Hi @lkillgore I just tried again with a clean release environment, a brand new service endpoint, and a brand new web session from fastlane. I even removed my fastlane installation and installed it again via brew (I was using the sudo gem install method previously).

The process still hangs with the following output:

2017-05-12T02:36:35.9790140Z [19:36:35]: Login to iTunes Connect (********)
2017-05-12T02:36:37.4402540Z Two Step Verification for account '********' is enabled
2017-05-12T02:36:37.4461230Z Please select a device to verify your identity
2017-05-12T02:36:37.4569000Z 1. +•• •••••••03 SMS (630)
2017-05-12T04:05:59.6436680Z ?
2017-05-12T04:05:59.9560270Z ##[error]The operation was canceled.
2017-05-12T04:06:00.0336260Z ##[section]Finishing: Publish to the App Store TestFlight track

[duckwaffle]

I have also tried with a different apple id which only has one team against it (I created a new websession and app password), and even tried to switch from a release definition to a build definition. Nothing is working for 2fa.

[lkillgore]

Hi @duckwaffle, I'm sorry this isn't working for you. I did some testing on this, and I can't reproduce your error.

Does it work on your developer machine? To get the basics set up:

1. Install 'fastlane'
2. Use these environment variables:
   a) 'FASTLANE_PASSWORD',
   b) 'FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD',
   c) 'FASTLANE_SESSION'
3. Run this command: fastlane pilot upload -u [username] -i [path/to/.ipa]

Also, could you tell me which version of fastlane you're using?

[duckwaffle]

Hi @lkillgore , I did a quick test on the mac, and the pilot upload command works as expected, I even tried again using the the same arguments that the build agent was using which were

2017-05-15T00:24:23.1363620Z ##[debug]fastlane arg: ["--changelog","**Prod ENVIRONMENT** \n\n[Enter release notes here]"]
2017-05-15T00:24:23.1383920Z ##[debug]fastlane arg: ["-q","YCDSDGA3LX"]
2017-05-15T00:24:23.1404050Z ##[debug]fastlane arg: ["-r","Built To Roam"]
2017-05-15T00:24:23.1424360Z ##[debug]fastlane arg: ["--skip_waiting_for_build_processing","true"]

Didn't have any issues on the local machine.

Checking the log output from the macincloud agent I can see that all the variables should be getting set:

2017-05-15T00:23:57.7810390Z ##[debug]authType=UserAndPass
2017-05-15T00:23:57.7829220Z ##[debug]username=**omitted**
2017-05-15T00:23:57.7850050Z ##[debug]password=**omitted**
2017-05-15T00:23:57.7868650Z ##[debug]isTwoFactorAuth=true
2017-05-15T00:23:57.7887190Z ##[debug]appSpecificPassword=**omitted**
2017-05-15T00:23:57.7907100Z ##[debug]fastlaneSession=---\n- !ruby/object:HTTP::Cookie\n name: **omitted**\n value: **omitted**\n domain: idmsa.apple.com\n for_domain: true\n path: "/"\n secure: true\n httponly: true\n expires: \n max_age: 2592000\n created_at: &1 2017-05-12 14:34:41.075014000 +10:00\n accessed_at: *1\n

[duckwaffle]

Oh, and the version of fastlane on the local machine is 2.30.1 and the macincloud agent is installing the latest version of 2.30.2 when it runs.

[lkillgore]

OK, I ran a few more tests matching my test to what you have in your logs here, and the authentication works. Unfortunately, I can't easily test the multiple teams part of this, yet. Could you try something else?

Try setting your developer machine up as a build agent:
https://www.visualstudio.com/en-us/docs/build/actions/agents/v2-osx

That should help us determine if we're dealing with a code problem or an environmental problem.

[duckwaffle]

@lkillgore it looks like the issue is with my macincloud agent, I ran the test using my local mac set up as a VSTS agent and it didn't have any issues.

I would assume that the issue is that my macincloud agent isn't setting environment variables correctly for the app-password and web session for fastlane to pick up. I'll try raising a support ticket with them.

Thanks for all your help!

[lkillgore]

My pleasure, @duckwaffle. Could you please keep me updated in the event that it is a bug in our extension or if there is a way that we can work around it? Thanks!