altool fails with "The auth server returned a bad status code"

Hi All, Trying to validate some altool credentials, produces this error message.

"Failed to get authorization for username '<username/>' and password with errors:( "Error Domain=NSCocoaErrorDomain Code=0 "Status code: 0" UserInfo={NSLocalizedDescription=Status code:0, NSLocalizedFailureReason=The auth server returned a bad status code.}")

This is returned when altool is called in the following way.

xcrun altool --notarization-history 0 -u <username/> -p <password/> --output-format xml

macOS 11.2.3 and Xcode 12.5

Things that have been tried already.

  • Making sure the Apple system status page shows no issues.
  • Different networks.
  • Checked to see if any agreements need to be "activated".
  • Recreated the app-specific password multiple times.

Any other suggestions?

@Quinn - Hi Quinn, it's Sam Rowlands (again) and this is with another App Wrapper customer experiencing this issue (so not me directly).

Replies

For debugging auth issues I recommend that you start with --list-providers because it doesn’t depend on any parameters other than the credentials. So, does the following work (substituting the credentials for CCC)?

% xcrun altool --list-providers CCC

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

  • I am using this technique and it is not clear how to resolve the auth error.

    xcrun altool --list-providers -u '<insert-apple-id>' -p '<my-password>'

    *** Error: Failed to retrieve providers info. *** Error: Unable to list providers. Failed to get authorization for username '<insert-apple-id>' and password with errors:( "Error Domain=NSCocoaErrorDomain Code=0 \"Status code: 0\" UserInfo={NSLocalizedDescription=Status code: 0, NSLocalizedFailureReason=The auth server returned a bad status code.}" ) (-1011)

Add a Comment

@Quinn As always, thank you for your prompt and helpful response. I have forwarded the information on to the customer. I'll swap out my code to use this to validate customer entered in user names and passwords in a future update.

I had the same issue, for me it helped to use "application password" generated on https://appleid.apple.com/account/manage instead of my main appleId password

Add a Comment

Application password does the trick for me too!

Hi, This error is coming often now. I have tried the following command it is giving output. xcrun altool --list-providers --username "username" --password "@keychain:NOTARIZE_PASSWORD" I am using app specific password generated for my user name. I got the following output for the above command.

2022-01-31 14:55:51.693 altool[99127:17893146] CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called

ProviderName ProviderShortname PublicID                             WWDRTeamID  ------------ ----------------- ------------------------------------ ----------  xxxxx      xxxx            69a6de70-xxxxx-xxxxxx-xxxxxxxxx 82xxxxxxxxC 

macOS: 11.0.1 Xcode: 12.3

regards Prema Kumar

Just a reminder that altool is deprecated for the purposes of notarisation [1]. If you’re notarising, use the shiny new notarytool. It is better, stronger, and faster (-:

For more background on this, see WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] It’s not deprecated for its other purposes, most notably, upload apps to the App Store.

  • Thanks for the reminder, updating App Wrapper to use notaryTool is on my list of things to do, but there's still some big ticket items above it. Thanks for the video link, I'll watch that soon (I think I've seen it already, but a refresher is always good).

Add a Comment

Hi,

This error is happening again. I have reported this in FB10806063. Please help. it is blocking everything we do.

I am using app specific password.

Upgrading to noratytool is in our list, and we will do it.

regards

Prema Kumar

I have reported this in FB10806063.

Thanks.

altool has a verbose logging mode that you enable with the --verbose option. Please retry with that and, presuming it still fails, add the results to your bug report.

Also, just for testing purposes, please try the following:

  • Running a test notarytool command with your app-specific password.

  • Running altool with an App Store Connect API key rather than an app-specific password. Specifically, run the --list-providers from my initial response, substitute the following for CCC:

      -u USER --apiIssuer ISSUER --apiKey KEY_ID
    

    Here USER is the same user name you’re currently using, ISSUER is the UUID associated with your App Store Connect API key, and KEY_ID is the ID associated with that key. The last item is a sequence of 10 alphanumerics, for example, T9GPZ92M7K.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi @eskimo,

I have uploaded the --verbose command output in the bug report. Please check.

regards

Prema Kumar

I have uploaded the --verbose command output in the bug report.

Thanks.

Did you look at that log? Upstream from the -1011 is a -1001 error indicating a network timeout. It’s hard to say exactly which service timed out, but it seems to be associated with generating an App Store Connect token (hence the generateAppleConnectToken in the log). I suspect that this is yet another case where your overly enthusiastic firewall is blocking connections to Apple services.

With regards the other tests I suggested, what results did you see?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi, I have configured a different machine (macOS12.5 and Xcode 13.4). Uploaded a new package with notarytool and I was able to get the status. I am not able to get the status of previously uploaded package (uploaded with altool) using notarytool. I get the error "Submission does not exist or does not belong to your team."

Following is the output I get xcrun altool. I am retrying 10 times in the code and I always gets following response.

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>os-version</key>
	<string>12.5.0</string>
	<key>product-errors</key>
	<array>
		<dict>
			<key>code</key>
			<integer>-19000</integer>
			<key>message</key>
			<string>The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.</string>
			<key>userInfo</key>
			<dict>
				<key>NSLocalizedDescription</key>
				<string>The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.</string>
				<key>NSLocalizedFailureReason</key>
				<string>Apple Services operation failed.</string>
				<key>NSLocalizedRecoverySuggestion</key>
				<string>The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.</string>
			</dict>
		</dict>
	</array>
	<key>tool-path</key>
	<string>/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework</string>
	<key>tool-version</key>
	<string>5.4211.13411</string>
	<key>warnings</key>
	<array>
		<dict>
			<key>code</key>
			<integer>-1030</integer>
			<key>message</key>
			<string>altool has been deprecated and, starting in fall 2023, will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software.</string>
			<key>userInfo</key>
			<dict>
				<key>NSLocalizedDescription</key>
				<string>altool has been deprecated and, starting in fall 2023, will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software.</string>
			</dict>
		</dict>
	</array>
</dict>
</plist>

regards

Prema Kumar

I am not able to get the status of previously uploaded package (uploaded with altool) using notarytool.

That’s expected. The two system both use a UUID to track requests but they are in different namespaces.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi OP, did you resolve this problem? My CI suddenly stopped working today, I've re-created the app-specific password multiple times and it's still not working. I'm forced to upload the build to the app store manually.

  • Same problem this afternoon, I created a new app password but doesn't work. I'm trying to notarize my app, it fails with the same error message about authentication again the auth server. I did get a "Your Mac software has been notarized" email but it was like the notarization process did not get an reply from the server anyway...

Add a Comment

Same problem for me this afternoon. I created a new app password it does not change anything. I get the "Error: Unable to upload your app for notarization. Failed to get authorization for username" message. I did get once an email saying the notarization was successful but the command line did not seem to get a reply from the server...

Same problem with me I got the error using fastlane

Error uploading '/var/folders/bq/b2snsfy95fv3slfctpg5p6q5fxcb6q/T/x.ipa'. [15:51:09]: Unable to upload archive. Failed to get authorization for username and password. ( [15:51:09]: The call to the altool completed with a non-zero exit status: 1. This indicates a failure. [15:51:09]: Could not download/upload from App Store Connect!