Apple appears to have locked down the https://gsa.apple.com/auth endpoint, as it now returns a generic 403 error every time across multiple accounts, IPs and anisette generators. This isn't a huge deal, but it was used to resolve the available phone numbers for 2FA and their corresponding IDs, which are necessary for submission.
I have just tried an (unreleased) fix which simply takes the phone numbers from the SPD data in the initial auth response. This works but there are no IDs in that data, so it's currently just incrementing starting from 1. That should work for most accounts with only a single phone number.
Maybe it's worth looking into an alternative source of this data altogether; calling that endpoint had the annoying side effect of implicitly requesting a 2FA code every time you called it, which is not really compatible with the library's API design.
Apple appears to have locked down the
https://gsa.apple.com/authendpoint, as it now returns a generic 403 error every time across multiple accounts, IPs and anisette generators. This isn't a huge deal, but it was used to resolve the available phone numbers for 2FA and their corresponding IDs, which are necessary for submission.I have just tried an (unreleased) fix which simply takes the phone numbers from the SPD data in the initial auth response. This works but there are no IDs in that data, so it's currently just incrementing starting from 1. That should work for most accounts with only a single phone number.
Maybe it's worth looking into an alternative source of this data altogether; calling that endpoint had the annoying side effect of implicitly requesting a 2FA code every time you called it, which is not really compatible with the library's API design.