Fix login failures caused by Apple's native auth endpoint migration#505
Closed
BarMalka wants to merge 2 commits into
Closed
Fix login failures caused by Apple's native auth endpoint migration#505BarMalka wants to merge 2 commits into
BarMalka wants to merge 2 commits into
Conversation
Normalize authenticateAccount from Bag responses, discover alternate endpoints from malformed login responses, handle browser sign-in redirects, and remove stale zero-byte cookie-jar lock files. Co-authored-by: Cursor <cursoragent@cursor.com>
Author
|
I am not a Go developer but I ran this locally it looks stable to me and the authentication issue is resolved. |
Exercise Bag and Login against Apple's production endpoints to confirm the normalized auth URL is used and login no longer fails with plist decode errors. Co-authored-by: Cursor <cursoragent@cursor.com>
Author
Test plan verificationCompleted the remaining manual test plan items: Bag endpoint (live)
Login endpoint (live)
Browser sign-in error
Added go test -tags=integration -v ./pkg/appstore/ -run TestLive |
Owner
|
Closing in favor of a simpler fix in #507 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR proposes a fix for recent authentication failures reported in #480 and #485.
Apple appears to have migrated App Store login away from the legacy
buy.itunes.apple.com/.../authenticateendpoint toward a native auth service athttps://auth.itunes.apple.com/auth/v1/native/fast/. When ipatool still targets the old endpoint (or an outdated value from Bag), Apple can return HTML/JSON instead of a plist, which surfaces as misleading errors such as:This change:
authenticateAccountfrom Bag responses (including the root-level field) to the native/fast/endpoint, with a safe fallback when Apple omits itResponseDecodeError)AMD-Action::SPwith a clearer message when Apple requires browser-based sign-in (2FA or Apple ID review)Test plan
go test ./...go vet ./...ipatool auth loginagainst an account that previously failed with the plist unmarshal error — verified via live integration test and CLI with test credentials; login now reaches Apple's native auth endpoint and returns a valid plist response (auth code is required/ 2FA prompt) instead offailed to unmarshal xmlauthenticateAccountis present or missing — live Bag fetch frominit.itunes.apple.comcurrently omitsauthenticateAccount; fallback normalization returnshttps://auth.itunes.apple.com/auth/v1/native/fast/(seeTestLiveBagReturnsNativeAuthEndpoint)store API requires browser sign-in); live reproduction requires an account in Apple ID review / browser-only sign-in stateLive verification commands
Fixes #480
Fixes #485