Error: Apple Service Error -22320. Federated Authentication is required

[mikemountjoy99]

Summary

Expected behaviour: Allow login to Apple Developer Account with SSO configured.

Actual behaviour: Login fails

npx eas-cli credentials
npx: installed 321 in 10.349s
✔ Select platform › iOS
✔ Which build profile do you want to configure? › development
✔ Using build profile: development
If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the missing values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … yes

› Log in to your Apple Developer account to continue
✔ Apple ID: … myAppleId@example.com
› Using password for myAppleId@example.com from your local Keychain
  Learn more: https://docs.expo.dev/distribution/security#keychain
✖ Logging in...
Authentication with Apple Developer Portal failed!
    Error: Apple Service Error -22320. Federated Authentication is required

Environment

npx eas-cli build

Output

npx: installed 321 in 10.349s
✔ Select platform › iOS
✔ Which build profile do you want to configure? › development
✔ Using build profile: development
If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the missing values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … yes

› Log in to your Apple Developer account to continue
✔ Apple ID: … myAppleId@example.com
› Using password for myAppleId@example.com from your local Keychain
  Learn more: https://docs.expo.dev/distribution/security#keychain
✖ Logging in...
Authentication with Apple Developer Portal failed!
    Error: Apple Service Error -22320. Federated Authentication is required

Please specify your device/emulator/simulator platform, model and version

macos 12.5

Error output

command:

EXPO_DEBUG=true npx eas-cli build

Output:

npx: installed 321 in 13.927s
✔ Select platform › iOS
- Linking to project @my-account/my-app
✔ Linked to project @my-account/my-app (https://expo.dev/accounts/my-account/projects/my-app)
ios.infoPlist: withIntrospectionBaseMods ➜ withIosBaseMods ➜ withGeneratedBaseMods ➜ withIosInfoPlistBaseMod
ios.infoPlist: withIosExpoPlugins ➜ withPlugins ➜ withStaticPlugin ➜ withVersion ➜ withInfoPlist
ios.infoPlist: withIosExpoPlugins ➜ withPlugins ➜ withStaticPlugin ➜ withBuildNumber ➜ withInfoPlist
ios.infoPlist: withIosExpoPlugins ➜ withPlugins ➜ withStaticPlugin ➜ withUsesNonExemptEncryption ➜ withInfoPlist
ios.infoPlist: withIosExpoPlugins ➜ withPlugins ➜ withStaticPlugin ➜ withScheme ➜ withInfoPlist
ios.infoPlist: withIosExpoPlugins ➜ withPlugins ➜ withStaticPlugin ➜ withRequiresFullScreen ➜ withInfoPlist
ios.infoPlist: withIosExpoPlugins ➜ withPlugins ➜ withStaticPlugin ➜ withOrientation ➜ withInfoPlist
ios.infoPlist: withIosExpoPlugins ➜ withPlugins ➜ withStaticPlugin ➜ withDisplayName ➜ withInfoPlist
ios.infoPlist: withIosExpoPlugins ➜ withPlugins ➜ withStaticPlugin ➜ withGoogle ➜ withInfoPlist
ios.infoPlist: withStaticPlugin ➜ withRunOnce ➜ withDevClient ➜ withGeneratedIosScheme ➜ withInfoPlist
ios.infoPlist: withStaticPlugin ➜ withIosSplashScreen ➜ withPlugins ➜ withStaticPlugin ➜ withIosSplashInfoPlist ➜ withInfoPlist
ios.infoPlist: withFallback ➜ withPlugins ➜ withStaticPlugin ➜ withIosUserInterfaceStyle ➜ withInfoPlist
ios.infoPlist: withFallback ➜ withPlugins ➜ withStaticPlugin ➜ withIosRootViewBackgroundColor ➜ withInfoPlist
ios.infoPlist: withFallback ➜ withPlugins ➜ withStaticPlugin ➜ withIosFacebook ➜ withInfoPlist
ios.infoPlist: withFallback ➜ withPlugins ➜ withStaticPlugin ➜ withIosBranch ➜ withInfoPlist
ios.infoPlist: withFallback ➜ withPlugins ➜ withStaticPlugin ➜ withIosAdMob ➜ withInfoPlist
ios.infoPlist: withFallback ➜ withPlugins ➜ withStaticPlugin ➜ withMaps ➜ withGoogleMapsKey ➜ withInfoPlist
ios.entitlements: withIntrospectionBaseMods ➜ withIosBaseMods ➜ withGeneratedBaseMods ➜ withIosEntitlementsBaseMod
ios.entitlements: withIosExpoPlugins ➜ withPlugins ➜ withStaticPlugin ➜ withAssociatedDomains ➜ withEntitlementsPlist
ios.entitlements: withFallback ➜ withPlugins ➜ withStaticPlugin ➜ withNotificationsEntitlement ➜ withEntitlementsPlist
ios.entitlements: withStaticPlugin ➜ withExpoContacts ➜ withRunOnce ➜ withAccessesContactNotes ➜ withEntitlementsPlist
ios.entitlements: withStaticPlugin ➜ withExpoAppleAuthentication ➜ withRunOnce ➜ withAppleSignInWarning ➜ withEntitlementsPlist
ios.expoPlist: withIntrospectionBaseMods ➜ withIosBaseMods ➜ withGeneratedBaseMods ➜ withIosExpoPlistBaseMod
ios.expoPlist: withExpoUpdates ➜ withStaticPlugin ➜ withRunOnce ➜ withUpdates ➜ withUpdates ➜ withExpoPlist
ios.splashScreenStoryboard: withPlugins ➜ withStaticPlugin ➜ withIosSplashScreenStoryboardBaseMod ➜ withGeneratedBaseMods ➜ withIosSplashScreenStoryboardBaseMod
ios.splashScreenStoryboard: withStaticPlugin ➜ withIosSplashScreen ➜ withPlugins ➜ withStaticPlugin ➜ withIosSplashScreenImage ➜ withIosSplashScreenStoryboard
ios.podfileProperties: withIntrospectionBaseMods ➜ withIosBaseMods ➜ withGeneratedBaseMods ➜ withIosPodfilePropertiesBaseMod
ios.podfileProperties: withIosExpoPlugins ➜ withPlugins ➜ withStaticPlugin ➜ withJsEnginePodfileProps ➜ withPodfileProperties
✔ Using remote iOS credentials (Expo server)

If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the missing values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … yes

› Log in to your Apple Developer account to continue
✔ Apple ID: … myAppleId@example.com
› Using password for myAppleId@example.com from your local Keychain
  Learn more: https://docs.expo.dev/distribution/security#keychain
✖ Logging in...
Authentication with Apple Developer Portal failed!
    Error: Apple Service Error -22320. Federated Authentication is required

Reproducible demo or steps to reproduce from a blank project

n/a

[smn-snkl]

Any update on this? We're facing the same issues and have no clue how to log in again after migrating to federated accounts ...

[ajsmth]

@smn-snkl I just ran into this myself - I'm not sure if the login works with Apple Business Manager.

I was able to get things to work by skipping the prompt to log into Apple in the CLI and using local credentials, although I'll bet that you can use remote credentials on EAS still. https://docs.expo.dev/app-signing/local-credentials/

[yugisu-flux]

Hi, encountering this issue as well. My organization has set up federated login for Apple accounts via Google, but it seems like it does not work with EAS cli.

Are there any ways to circumvent this limitation so I could use remote credentials, or use federated login with the EAS cli?

[welschmoor]

Same here +1

[chekdotdev]

We're also having this issue CC @blumenthaler

[brentvatne]

the likely solution for us here is to support performing all operations with the App Store Connect (ASC) API key, rather than the older API that we still use in many cases due to it being well battle-tested. using the ASC API instead, you would not have to sign into your account except for once to generate the key (alternatively, if you are using federated auth then you could generated that key through the Apple Developer portal and then upload it to EAS). after that is done, you would be able to perform all operations without additional authentication. we're working on this and have rolled out some improvements recently. we'll share updates as we have them

[plambert-kooth]

We've recently migrated to federated accounts, and are now running into this set of problems.

[uyend]

Any updates on this @brentvatne ?

Alternatively is there a way to create the builds via xcode locally?