Apple ID is locked after signing in: Unable to Sign In

[wvabrinskas]

Describe the bug I am unable to sign into my apple id. My apple ID has 2FA and when i go to sign into Xcodes with my password, I get the proper popups for the 2FA code but then Xcodes seems to fail to login. This worked before.

To Reproduce

1. Login with an account with 2FA.
2. Observe error

Expected behavior Successful log in Screenshots

Version

• OS: 13.2.1
• Xcodes: 1.9.0

[MattKiazyk]

Hi @wvabrinskas

That url in the error gives - https://support.apple.com/en-ca/HT212522 which says If you see this message after attempting to sign in with a new device or web browser, wait for at least 24 hours, then try to sign in again.

I'm guessing your Apple ID is locked for a bit? If it doesn't work on Xcodes, another way to test is to log into developer.apple.com and make sure it works there.

Thanks

[wvabrinskas]

Ah I did reset my password. What was weird was Xcodes is what triggered the lock actually... so weird

[dhinakg]

I got my account locked by something else, but I'm also experiencing this issue. I changed my password and while I can log in on the developer page, I can't log in to Xcodes nor the thing that got me locked in the first place. Both show me this error but I still get the 2FA code prompt on my devices anyway. Will wait 24 hours and see what happens

[carmichaelalonso]

I am experiencing the same issue, but it seems that signing in through Xcodes caused the account to be locked. I tried with two separate Apple IDs (personal and work) and both were locked after trying to sign in this way.

Worth noting that I was trying to sign in through a build server in a cloud data centre, which could also be a reason why the account was locked. Just sharing my experience here in case it helps narrow things down.

[wvabrinskas]

Yeah it seems however Xcodes is authenticating is causing accounts to be locked. At least that's what happened with me, and it seems a few others

[MattKiazyk]

Thanks everybody.. it happens to me too. I'll see what i can find. Hopefully it's just a temporary thing.

[MattKiazyk]

Update: After getting locked out of the Apple ID, via my Mac, I was forced to reset my Apple ID password (via my phone). Xcodes seems to be working as it should and I can now download normally.

Is this what everyone else is seeing?

[carmichaelalonso]

Mixed results here (unfortunately)

After getting locked out and resetting my password, I'm seeing the message @wvabrinskas is getting in his original post (-36607) on the build server I mentioned. I tried it again now and still getting the -36607 error. I've tried restarting Xcodes.app, tried using xcodes in the CLI, tried restarting the machine, but nothing solves it.

On my personal machine, it worked earlier today without any errors and I was able to download Xcode 14.2. However I just tried logging in again now and I'm getting the same error.

Thanks for looking into it!

[wvabrinskas]

Update: After getting locked out of the Apple ID, via my Mac, I was forced to reset my Apple ID password (via my phone). Xcodes seems to be working as it should and I can now download normally.

Is this what everyone else is seeing?

Will try again. I'm almost afraid to get locked out again. I have so many devices 😆

[MattKiazyk]

Will try again. I'm almost afraid to get locked out again. I have so many devices 😆

Yeah I hear you!

The password I had for my Apple ID I had been using for a really long time. (I probably shouldn't say that). Wondering if that had anything to do with it? Perhaps Apple cracking down?

[MattKiazyk]

It's not just Xcodes - Fastlane is having similar issues! https://github.com/fastlane/fastlane/issues/21071

[MattKiazyk]

Via the fastlane issue above, users are also getting locked out of their accounts using Xcode archiver!

Happy Thursday!

[carmichaelalonso]

Nice find, happy Thursday indeed :)

[ptrkstr]

I used 3 different apple accounts and all were locked out the moment I attempted to sign into Xcodes.

[wvabrinskas]

Okay so then I won't be trying lol

[wvabrinskas]

It's not just Xcodes - Fastlane is having similar issues! fastlane/fastlane#21071

Woah wild. I wonder what's going on...

[dhinakg]

Spent my afternoon digging through this, here's notes on the new hashcash addition: https://github.com/fastlane/fastlane/issues/21071#issuecomment-1442442083

[MattKiazyk]

@dhinakg I saw that - thanks for all your work! I'm looking at implementing it.

Do you happen to have some of those values so that I can write a proper test? I was trying to follow it through on the website, but I'm not seeing any header with the final x-apple-hc header value

[dhinakg]

X-Apple-HC-Bits: 10
X-Apple-HC-Challenge: bb63edf88d2f9c39f23eb4d6f0281158

With this case, if you set the timestamp to 20230224001754, you'd construct 1:10:20230224001754:bb63edf88d2f9c39f23eb4d6f0281158::COUNTER, and if you start from 0 you should end up at the counter being 866, so you'd set X-APPLE-HC to 1:10:20230224001754:bb63edf88d2f9c39f23eb4d6f0281158::866

X-APPLE-HC is set on the request to https://idmsa.apple.com/appleauth/auth/signin?isRememberMeEnabled=true in a browser:

[MattKiazyk]

@dhinakg I'll prefix with I think I'm doing something wrong but I tried to implement the hashcash algorithm with your inputs and I'm not getting the same counter as what you have.

https://github.com/RobotsAndPencils/XcodesApp/pull/361

So I'm getting 1:10:20230224001754:bb63edf88d2f9c39f23eb4d6f0281158::1092 instead of 866. If you have some time to perhaps see what is wrong with my code?

[joshdholtz]

@MattKiazyk There is logic for this in this fastlane PR 👉 https://github.com/fastlane/fastlane/pull/21073

Appfigures was nice enough to share the spec with us 😊

[alexcroox]

I was locked out of my Apple account yesterday when using "login with apple" on a random website, never happened before. I'm guessing something went live to cause that across all platforms and integrations.

[MattKiazyk]

Thanks @joshdholtz and Appfigures!

Work has me busy today but I hope to get the PR up this weekend!

[wvabrinskas]

I was locked out of my Apple account yesterday when using "login with apple" on a random website, never happened before. I'm guessing something went live to cause that across all platforms and integrations.

that's wild

[fbara]

Same thing just happened to me when trying to use Xcodes. I should've checked here first, now I have to re-login to all my Apple devices and apps that use iCloud.

[MattKiazyk]

Hey Everybody

Implemented the fix in https://github.com/RobotsAndPencils/XcodesApp/pull/361

If somebody would be so kind as to download that PR and see if that works?

Note: If your account is locked already this doesn't FIX your account. You must unlock your account and from that point forward the Xcodes login won't lock your account. 🤞

[wvabrinskas]

@MattKiazyk trying now

[wvabrinskas]

@MattKiazyk worked a treat!! Thank you so much

[shimastripe]

Thanks for the great improvements! Does this need to be addressed for the CLI tool as well? https://github.com/RobotsAndPencils/Xcodes