Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Authentication Best Practices #804

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

[WIP] Authentication Best Practices #804

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
87040b8
initial structure
janpio Mar 20, 2019
89e8872
thoughts on session in CI
janpio Mar 20, 2019
4aa7661
add some docs about SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER, rewrite t…
janpio Apr 4, 2019
ea0ebcf
Update authentication.md
janpio Apr 4, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions docs/best-practices/authentication.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
# Authentication

## General

- Use separate accounts for fastlane
- On CI it might be helpful to use accounts that have no 2 Factor Authentication enabled, see CI

## Apple

### 2FA


#### Avoid 2FA via separate account

#### Avoid 2FA via App Specific Password

`FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD`

This only works for some actions in specific configurations where only iTMSTransporter or avgtool (TODO check name) are used. As soon as the normal API is used, the app specific password will not be enough.

#### Pushed security Token



#### Trusted Phone Numbers

If you have trusted phone numbers added to your Apple ID you can exit the normal input of the pushed security code by typing `sms`. This will let you manually choose one of your trusted phone numbers to receive the security code.

##### Set `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` to automatically select a phone number for the security code to be sent to

If you know beforehand that you always want to do this and select the same phone number, set the environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` to your phone number. The phone number should be specified in the same format as it is displayed in your [Apple ID console](https://appleid.apple.com/) under `TRUSTED PHONE NUMBERS`, e.g. `+49 162 2850123`, `+1-123-456-7866` or similar. Do not leave off the country code or add or remove any numbers, otherwise fastlane will not be able to match the masked value from Apple's API and select the correct number.

#### Use `FASTLANE_SESSION` to reuse a 2FA session on CI

See ...
5 changes: 5 additions & 0 deletions docs/best-practices/continuous-integration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,11 @@ Note: The application specific password will _not_ work if your action usage doe

##### `spaceauth`

CI system is built from scratch for each build, so no way to run an action once to create a "session" manually and then just reuse that for future non itneractive runs. That is why fastlane includes a way to create the session on an interactive command line, and then transfer it to the CI environment where it can be "consumed" via an environment variable.




All other actions interacting with Apple's APIs do not accept application specific passwords.

As your CI machine will not be able to prompt you for your two-factor authentication or two-step verification information, you need to generate a login session for Apple ID in advance. You can get on your local machine this by running:
Expand Down