Closed leverdeterre closed 1 year ago
This app uses the buy.itunes.apple.com
endpoint, not the one described above. I haven't experienced any issue with logging in, and I don't think this will be a problem due to backwards compatibility which I believe this endpoint provides.
The private API that ipatool uses is quite old and does not seem to support X-Apple-HC
.
What happened?
First of all sorry, I have not tested this issue on my side but I feel that it's probably a real big problem. I discover this issue on Fastlane which is using a authentication flow using Apple Website and your tool might have the same issue.
More context? : Apple requires the X-APPLE-HC header when signing in to https://idmsa.apple.com/appleauth/auth/signin. Leaving out this header results in forbidden access and possible Apple ID account lockout.
X-APPLE-HC uses a customer implementation of http://www.hashcash.org/
GET to https://idmsa.apple.com/appleauth/auth/signin Use response headers x-apple-hc-bits and x-apple-hc-challenge to make hashcash Set hashcash to X-APPLE-HC header on login
How to fix that? Implements the header chalenge & implementation. No need to reverse engineering a lof of things because this is already shared on a PR on the fastlane
Version
All
Relevant log output
No response