same question~

I also encountered this problem,

We are also seeing this issue.

Same issue here as well.

same issue...

Sounds like it is being caused by Apple's servers, not fastlane. Unfortunately not much we can do.

I'm having this issue when running match, but fwiw I ran spaceship_logs and I'm seeing this despite entering the correct 2FA code:

INFO [16:25:16]: >> POST https://idmsa.apple.com/appleauth/auth/verify/trusteddevice/securitycode: {"securityCode":{"code":"<confirmed this was correct>"}}

DEBUG [16:25:17]: << POST https://idmsa.apple.com/appleauth/auth/verify/trusteddevice/securitycode: 400 {"service_errors"=>[{"code"=>"-21669", "title"=>"Incorrect Verification Code", "message"=>"Incorrect verification code.", "suppressDismissal"=>false}], "hasError"=>true}

I created a new Developer user on App Store connect that doesn't have 2FA and it works fine. Will use that in the meantime while this is getting fixed.

我在App Store connect上创建了一个没有2FA的新开发者用户，并且工作正常。在此修复的同时，将使用它。

How to create?

same question~

Available session is not valid any more. Continuing with normal login.
Two-factor Authentication (6 digits code) is enabled for account 'jiaokubudie587079@163.com'
More information about Two-factor Authentication: https://support.apple.com/en-us/HT204915

If you're running this in a non-interactive session (e.g. server or CI)
check out https://github.com/fastlane/fastlane/tree/master/spaceship#2-step-verification

(Input `sms` to escape this prompt and select a trusted phone number to send the code as a text message)

(You can also set the environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` to automate this)
(Read more at: https://github.com/fastlane/fastlane/blob/master/spaceship/docs/Authentication.md#auto-select-sms-via-spaceship-2fa-sms-default-phone-number)

Please enter the 6 digit code:
499298
Requesting session...
Could not login to App Store Connect
Please check your credentials and try again.
This could be an issue with App Store Connect,
Please try unsetting the FASTLANE_SESSION environment variable
(if it is set) and re-run `fastlane spaceauth`

Exception type: Spaceship::UnauthorizedAccessError

Looking for related GitHub issues on fastlane/fastlane...

➡️  fastlane cert got Unauthorized Access error
    https://github.com/fastlane/fastlane/issues/16108 [open] 9 💬
    2 hours ago

➡️  The request could not be completed because: Unauthorized Access
    https://github.com/fastlane/fastlane/issues/15411 [closed] 22 💬
    08 Jan 2020

➡️  Unauthorized Access when I use Fastlane pilot upload
    https://github.com/fastlane/fastlane/issues/15125 [closed] 6 💬
    13 Nov 2019

and 16 more at: https://github.com/fastlane/fastlane/search?q=The%20request%20could%20not%20be%20completed%20because%3A%0A%09Unauthorized%20Access&type=Issues&utf8=✓

🔗  You can ⌘ + double-click on links to open them directly in your browser.

[!] The request could not be completed because:
	Unauthorized Access

Can you confirm that logging in with the same account via the website works as expected? Maybe they changed the API again...

Can you confirm that logging in with the same account via the website works as expected? Maybe they changed the API again...

Yes, the accounts that showed 'Unauthorized Access' worked as expected when I logged in web myself

@janpio I was able to authenticate successfully by entering sms when prompted for the 2FA code and selecting the trusted phone number manually (producing a second sms), instead of entering the code that was initially generated.

Wondering if this line could be related https://github.com/fastlane/fastlane/blob/master/spaceship/lib/spaceship/two_step_or_factor_client.rb#L144

Probably the normal 2FA thing is messed up in some way, and the SMS fallback still works as before. I will have to look into that :/

Thanks @janpio !

@janpio thanks

@janpio I was able to authenticate successfully by entering sms when prompted for the 2FA code and selecting the trusted phone number manually (producing a second sms), instead of entering the code that was initially generated.

Wondering if this line could be related https://github.com/fastlane/fastlane/blob/master/spaceship/lib/spaceship/two_step_or_factor_client.rb#L144

thank you. this way works fine. Initial code can not work.

Initial code can not work.

Why not? This used to work for months and years.

https://github.com/fastlane/fastlane/blob/master/spaceship/lib/spaceship/two_step_or_factor_client.rb#L144

I don't know why this works but this workaround solved this issue for me

i have same issue. how to fix this issue @janpio :(

@janpio It seems like accounts that aren't currently logged into any devices (which is the case for my account) will fallback automatically to sms.

I took a quick look in Postman and compared account A (not logged in to a device) to account B (logged into a device), and the behavior seemed to differ:

1. For B, it seems like the system 2FA code gets displayed right after the POST https://idmsa.apple.com/appleauth/auth/signin req is made by the spaceship client, whereas for A an sms gets sent right after the GET https://idmsa.apple.com/appleauth/auth req in handle_two_step_or_factor
2. For A, the response for GET https://idmsa.apple.com/appleauth/auth has a few additional fields including "noTrustedDevices": true and "mode": "sms"

So I'm guessing we need to check for one of those fields, and if present, set the code_type and payload as if the user had entered sms, but without the PUT https://idmsa.apple.com/appleauth/auth/verify/phone req so we don't generate a second code.

same question.what can I do to resolve this question?

Please enter the 6 digit code:
545004
Requesting session...
Traceback (most recent call last):
  12: from test.rb:3:in `<main>'
  11: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/portal/spaceship.rb:103:in `login'
  10: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/portal/spaceship.rb:25:in `login'
   9: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/client.rb:346:in `login'
   8: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/client.rb:384:in `login'
   7: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/client.rb:775:in `do_login'
   6: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/portal/portal_client.rb:28:in `send_login_request'
   5: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/client.rb:496:in `send_shared_login_request'
   4: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/client.rb:518:in `fetch_olympus_session'
   3: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/client.rb:693:in `request'
   2: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/client.rb:849:in `send_request'
   1: from /usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/client.rb:625:in `with_retry'
/usr/local/lib/ruby/gems/2.6.0/gems/fastlane-2.142.0/spaceship/lib/spaceship/client.rb:857:in `block in send_request': Unauthorized Access (Spaceship::UnauthorizedAccessError)`

Thanks @jesiegel1, I could not reproduce it with my accounts.

Can you explain "aren't logged into any devices"? Does this mean if there is no active Apple device session it will automatically send and SMS, leading to it not accepting it in the prompt we display in fastlane? Would kind of make sense...

I can't reproduce the issue either. I tried with the following Apple IDs / Accounts:

• Apple ID with 2 FA and trusted device(s)
• Apple ID with 2 FA and SMS only (no trusted devices)
• Both spaceship as well as fastlane spaceauth

@janpio @max-ott Yea sorry, that was unclear (also to clarify the account has 2FA enabled, not 2SV).

Using the Apple ID that was throwing the unauthorized error (made sure to remove the fastlane cookie with each run):

• Logged into iCloud under "Passwords & Accounts" on my phone:
  • ran match, phone displayed the 2FA system prompt, and entering the displayed code authenticated successfully (without inputting sms).
• Signed out of iCloud on my phone:
  • ran match, received sms, and entering the sms code threw the unauthorized error.
  • ran match, received sms, entered sms and selected a trusted phone number, received second sms, and entering the second sms code authenticated successfully.

What works for me: I did change my password on Apple account and signout from all devices.
Then fastlane spaceauth -u "username", enter "sms" instead of the first code received by Apple, choose my phone number, and then enter the second sms received.

Having the same issue as everyone else using fastlane 2.137.0

Keep getting unauthorized access error when entering a 2FA code and when inputting 'sms' and selecting the phone number to receive the code through text. What broke :(

What works for me: I did change my password on Apple account and signout from all devices.
Then fastlane spaceauth -u "username", enter "sms" instead of the first code received by Apple, choose my phone number, and then enter the second sms received.

wow, that's work. Need to enter sms instead of digits first time. Thanks

Okay, entering sms and selecting the phone number to receive the code through text worked. thanks y'all!

We have a PR now that should fix this problem: #16162 The logic is quite complicated, so might take some time to get properly reviewed and merged. If you know ruby, take a look!

I was facing the issue and I tried changing the pwd from apple login page
https://appleid.apple.com/account/manage
and select the checkbox. But unsure, if this works for everyone.

This worked for me. Changed my password and signed out of all devices then tried again with the new password. Thanks!

I found that you should login your apple id in iPhone. Then apple would send the verification code to your iPhone, this was wroked for my case.

I tried all the methods above, but I'm unable to resolve this, I don't get the chance to type the code I receive to verify my cloud ID

you need to ignore first sms, and type 'code' instead of numbers from sms чт, 19 мар. 2020 г. в 06:29, Ismail Ghallou notifications@github.com:
…
I tried all the methods above, but I'm unable to resolve this, I don't get the chance to type the code I receive to verify my cloud ID — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#16108 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADNCXTECLJ5O3UWOSKNOWDRIFDMVANCNFSM4K7TRYVA .
-- Dima Dukhnich, programmer. +7 902 1775718 dimmduh@gmail.com Megame, Irkutsk, Russia. io-games.com

I don't get the chance to type anything

i solve with this. when the prompt asked you

"Please enter the 6 digit code:"
i type "sms" instead

it will ask you:
Please select a trusted phone number to send code to:

1. +62 ••••-••••-••72
   ?

and then I enter the 6 digit code I received earlier.

How is the progress on this issue? I am a new fastlane user and can't setup iOS project because of this

Seeing same issue also, upgraded to catalina and it worked for a few days, then stopped.

@AAverin Multiple people posted the workaround here: Type sms, hit Enter, select the phone to send the code to (if asked) and then enter the second code you are sent.

It didn't work for me the sms solution

@AAverin Multiple people posted the workaround here: Type sms, hit Enter, select the phone to send the code to (if asked) and then enter the second code you are sent.

works for me!

I was facing the issue and I tried changing the pwd from apple login page
https://appleid.apple.com/account/manage
and select the checkbox. But unsure, if this works for everyone.

This works for me!

After updating fastlane, it worked fine without any issues, also I can signin on iCloud without issues, Apple servers seem to work fine

It seems to be happening again. As per recommendations above, I changed my developer's Apple ID password, logged out from all devices, and tried typing in "sms" instead of the first code but still can't login from Fastlane 2.145.0.

fastlane spaceauth -u "myemail@example.com"
[✔] 🚀

Logging into to App Store Connect (myemail@example.com)...
Available session is not valid any more. Continuing with normal login.
The login credentials for 'myemail@example.com' seem to be wrong
Do you want to re-enter your password? (y/n)
y
Removing Keychain entry for user 'myemail@example.com'...
[...]
password has been deleted.

Password (for myemail@example.com): ***********
Available session is not valid any more. Continuing with normal login.
Two-factor Authentication (6 digits code) is enabled for account 'myemail@example.com'

Please enter the 6 digit code you received at +xx • •••• ••xx:
sms
Requesting session...
Error: Incorrect verification code

Please enter the 6 digit code you received at +xx • •••• ••xx:
123456
Requesting session...
Error: Incorrect verification code

By the way, I always receive a robocall from Apple – can't remember them sending SMS to my country but probably that doesn't make a big difference.

Since the issue is tied to SMS/call 2FA, I was able to go around it by logging into my developer's Apple ID from the System Preferences -> Internet Accounts (you can add a secondary Apple account there) and receiving the 2FA code directly in macOS.