diff --git a/docs/best-practices/authentication.md b/docs/best-practices/authentication.md new file mode 100644 index 0000000000..2871a8b72e --- /dev/null +++ b/docs/best-practices/authentication.md @@ -0,0 +1,35 @@ +# Authentication + +## General + +- Use separate accounts for fastlane +- On CI it might be helpful to use accounts that have no 2 Factor Authentication enabled, see CI + +## Apple + +### 2FA + + +#### Avoid 2FA via separate account + +#### Avoid 2FA via App Specific Password + +`FASTLANE_APPLE_APPLICATION_SPECIFIC_PASSWORD` + +This only works for some actions in specific configurations where only iTMSTransporter or avgtool (TODO check name) are used. As soon as the normal API is used, the app specific password will not be enough. + +#### Pushed security Token + + + +#### Trusted Phone Numbers + +If you have trusted phone numbers added to your Apple ID you can exit the normal input of the pushed security code by typing `sms`. This will let you manually choose one of your trusted phone numbers to receive the security code. + +##### Set `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` to automatically select a phone number for the security code to be sent to + +If you know beforehand that you always want to do this and select the same phone number, set the environment variable `SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER` to your phone number. The phone number should be specified in the same format as it is displayed in your [Apple ID console](https://appleid.apple.com/) under `TRUSTED PHONE NUMBERS`, e.g. `+49 162 2850123`, `+1-123-456-7866` or similar. Do not leave off the country code or add or remove any numbers, otherwise fastlane will not be able to match the masked value from Apple's API and select the correct number. + +#### Use `FASTLANE_SESSION` to reuse a 2FA session on CI + +See ... diff --git a/docs/best-practices/continuous-integration.md b/docs/best-practices/continuous-integration.md index 7f5bcd3532..9a8ffd6151 100644 --- a/docs/best-practices/continuous-integration.md +++ b/docs/best-practices/continuous-integration.md @@ -64,6 +64,11 @@ Note: The application specific password will _not_ work if your action usage doe ##### `spaceauth` +CI system is built from scratch for each build, so no way to run an action once to create a "session" manually and then just reuse that for future non itneractive runs. That is why fastlane includes a way to create the session on an interactive command line, and then transfer it to the CI environment where it can be "consumed" via an environment variable. + + + + All other actions interacting with Apple's APIs do not accept application specific passwords. As your CI machine will not be able to prompt you for your two-factor authentication or two-step verification information, you need to generate a login session for Apple ID in advance. You can get on your local machine this by running: