401 Notary Service: xcrun notarytool store-credentials

Hi everyone,

I'm trying to use the Notary Service using xcrun notarytool. As part of that process I want to store the credentials using xcrun notarytool store-credentials. When entering the correct credentials, I receive following error:

Error: HTTP status code: 401. Unable to authenticate. Invalid session. Ensure that all authentication arguments are correct.

I am using Xcode 14.2 (14C18). Output from running the command with the --verbose argument:

[13:12:09.377Z] Debug [MAIN] Running notarytool version: 1.0.0 (27), date: 2023-03-03T13:12:09Z, command: /Applications/Xcode.app/Contents/Developer/usr/bin/notarytool store-credentials --verbose

This process stores your credentials securely in the Keychain. You reference these credentials later using a profile name.

Profile name:
<profile-name>
We recommend using App Store Connect API keys for authentication. If you'd like to authenticate with an Apple ID and app-specific password instead, leave this unspecified.

Path to App Store Connect API private key:

Switching prompts to app-specific password credentials.
Developer Apple ID:
<apple-id>
App-specific password for <apple-id>:
Developer Team ID:
<team-id>
Validating your credentials...
[13:12:39.468Z] Info [API] Initialized Notary API with base URL: https://appstoreconnect.apple.com/notary/v2/
[13:12:39.469Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/test?, Parameters: [:], Custom Headers: private<Dictionary<String, String>>
[13:12:39.470Z] Debug [AUTHENTICATION] Delaying current request to refresh app-specific password token.
[13:12:39.470Z] Info [API] Preparing GET request to URL: https://appstoreconnect.apple.com/notary/v2/asp?, Parameters: [:], Custom Headers: private<Dictionary<String, String>>
[13:12:39.471Z] Debug [AUTHENTICATION] Authenticating request to '/notary/v2/asp' with Basic Auth. Username: <apple-id>, Password: private<String>, Team ID: <team-id>
[13:12:39.472Z] Debug [TASKMANAGER] Starting Task Manager loop to wait for asynchronous HTTP calls.
[13:12:44.032Z] Debug [API] Received response status code: 401, message: unauthorized, URL: https://appstoreconnect.apple.com/notary/v2/asp?, Correlation Key: 7DPE2ASCQ7LLQ2FL4QANKNEBHI
[13:12:44.033Z] Error [TASKMANAGER] Completed Task with ID 2 has encountered an error.
[13:12:44.033Z] Debug [TASKMANAGER] Ending Task Manager loop.
Error: HTTP status code: 401. Unable to authenticate. Invalid session. Ensure that all authentication arguments are correct.

What can I do to fix this issue?

Up vote post of macOS16 Down vote post of macOS16
1.8k views
Posted by
macOS16
Reply
Add a Comment

Accepted Reply

This was fixed by switching over to using an App Store Connect API key.

Posted by
macOS16
Up vote reply of macOS16 Down vote reply of macOS16
Post marked as solved
Add a Comment

Replies

This was fixed by switching over to using an App Store Connect API key.

Posted by
macOS16
Up vote reply of macOS16 Down vote reply of macOS16
Post marked as solved
Add a Comment

Had the same problem and fixed using the solution provided. I leave the error log so other users can find it:

$ xcrun altool  --list-providers -u "gf****@***.com" 
gf****@***.com's password: 

2023-06-17 18:33:31.516 *** Error: Failed to list providers.
2023-06-17 18:33:31.518 *** Error: Failed to list providers. Failed to get authorization for username 'gf****@***.com' and password. (
    "Error Domain=ITunesConnectionOperationErrorDomain Code=-19000 \"Sign in with the app-specific password you generated. If you forgot the app-specific password or need to create a new one, go to appleid.apple.com\" UserInfo={NSLocalizedRecoverySuggestion=Sign in with the app-specific password you generated. If you forgot the app-specific password or need to create a new one, go to appleid.apple.com, NSLocalizedDescription=Sign in with the app-specific password you generated. If you forgot the app-specific password or need to create a new one, go to appleid.apple.com, NSLocalizedFailureReason=App Store operation failed.}"
) (-1011)
 {
    NSLocalizedDescription = "Failed to list providers.";
    NSLocalizedFailureReason = "Failed to get authorization for username 'gf****@***.com' and password. (\n    \"Error Domain=ITunesConnectionOperationErrorDomain Code=-19000 \\\"Sign in with the app-specific password you generated. If you forgot the app-specific password or need to create a new one, go to appleid.apple.com\\\" UserInfo={NSLocalizedRecoverySuggestion=Sign in with the app-specific password you generated. If you forgot the app-specific password or need to create a new one, go to appleid.apple.com, NSLocalizedDescription=Sign in with the app-specific password you generated. If you forgot the app-specific password or need to create a new one, go to appleid.apple.com, NSLocalizedFailureReason=App Store operation failed.}\"\n)";
}
Posted by
GFSoftware
Up vote reply of GFSoftware Down vote reply of GFSoftware
Add a Comment

Are you still using altool for notarisation? If so, be aware that it’s been deprecated for that purpose and will stop working on 2023-11-01. Switch to notarytool now. For specific advice on how to do this, see TN3147 Migrating to the latest notarization tool.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment