fix(auth): append trailing slash to native/fast authenticate endpoint#507
Merged
Conversation
Apple's account bag now returns the authentication endpoint as https://auth.itunes.apple.com/auth/v1/native/fast. That endpoint only responds correctly when the path has a trailing slash; posting to it without the slash makes Apple's edge return a 301/204 with an empty or HTML body, so 'ipatool auth login' fails to parse the response and silently dies (observed as the 'plist: unexpected hex digit' error or a -5000 with no usable message). ipatool posted the endpoint verbatim as received from the bag. Add authenticateURL() to normalize /native/ endpoints by appending the trailing slash (legacy MZFinance endpoint left untouched), and use it in loginRequest. Also improve http client diagnostics: when an XML response body is not a property list, return 'unexpected response from Apple (HTTP <code>): <snippet>' instead of the opaque plist parse error. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Confirmed this fixes the auth login failure on Windows. Environment:
Thanks for the fix. |
This was referenced Jul 5, 2026
Closed
chrismessina
added a commit
to chrismessina/raycast-ios-apps
that referenced
this pull request
Jul 6, 2026
Two related robustness improvements to how the extension detects and
validates the ipatool CLI:
- Typed IpatoolSetupError propagation. validateIpatoolInstallation()
now accepts { throwOnFailure } and can throw a typed error instead of
silently returning false. ensureAuthenticated() re-throws it; the
search/details paths degrade gracefully ([] / null); the download
hook surfaces it as a failure toast. Setup-error toasts now offer
"Open Preferences" plus a new "Copy Logs" action (log-actions.ts)
that tails recent Raycast logs for bug reports. Removes the old
console-only installation-instructions toast.
- Require ipatool 2.3.1 as the minimum version. 2.3.1 restored App
Store login after Apple moved the authenticate endpoint
(majd/ipatool#507), so older builds can no longer authenticate. The
gate switches from strict equality to a >= comparison via a new
compareVersions() helper, so 2.3.1 and every future release pass.
Error copy changes from "version mismatch" to "outdated / need vX or
newer" with a `brew upgrade ipatool` hint.
- paths.ts: expandHomePath() so a ~-prefixed ipatoolPath preference
resolves, complementing the "Open Preferences" CTA.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Apple's account bag now returns the authentication endpoint as https://auth.itunes.apple.com/auth/v1/native/fast. That endpoint only responds correctly when the path has a trailing slash; posting to it without the slash makes Apple's edge return a 301/204 with an empty or HTML body, so 'ipatool auth login' fails to parse the response and silently dies (observed as the 'plist: unexpected hex digit' error or a -5000 with no usable message).
ipatool posted the endpoint verbatim as received from the bag. Add authenticateURL() to normalize /native/ endpoints by appending the trailing slash (legacy MZFinance endpoint left untouched), and use it in loginRequest.
Also improve http client diagnostics: when an XML response body is not a property list, return 'unexpected response from Apple (HTTP
): ' instead of the opaque plist parse error.Summary by cubic
Fix login failures against Apple’s native auth endpoint by appending a trailing slash. Also make XML error responses readable when Apple returns HTML instead of a plist.
/native/auth endpoints viaauthenticateURL()to append a trailing slash; used inloginRequestand leaves legacy MZFinance endpoints unchanged.pkg/httpXML handling: when the body isn’t a plist, returnunexpected response from Apple (HTTP <code>): <snippet>with HTML stripped, avoiding the opaque “plist: unexpected hex digit” error.Written for commit a69db1ab97731d50037c1cfaf9152ca75119d60d. Summary will update on new commits.