EAS build (managed workflow) for iOS disables Sign In with Apple (and Associated Domains)

meisty · May 25, 2021, 9:10am

SDK 41
eas-cli/0.15.0 darwin-x64 node-v15.14.0
Platfrom iOS

I’m trying to build my app for iOS for internal distribution with the following command:

ENVIRONMENT=STAGING eas build -p ios --profile staging

eas.json:

{
  "builds": {
    "ios": {
      ...
      "staging": {
        "workflow": "managed",
        "distribution": "internal",
        "releaseChannel": "staging",
        "env": {
          "ENVIRONMENT": "STAGING"
        }
      }
      ...
    }
  }
}

app.config.ts:

...
  return {
    ...config,
    //...
    ios: {
      ...config.ios,
      //...
      usesAppleSignIn: true,
      associatedDomains: [
        process.env.ENVIRONMENT === 'PROD' ? 'applinks:PROD-URL.cosmicoda.com' : process.env.ENVIRONMENT === 'STAGING' ? 'applinks:STAGING-URL.cosmicoda.com' : ''
      ]
      //...
    }
  }

In Apple Developer portal I configured the Identifier for this app to have Associated Domains and Sign In with Apple enabled.

I also made sure the Key has the Sign In with Apple service enabled.

When I run the command above I can see in the output that for some reasons it disables Sign In with Apple and Associated Domains:

The build then fails with the errors:

error: Provisioning profile "*[expo] com.cosmicoda.STAGING AdHoc XXXXXXXXXXXXX" doesn't support the Associated Domains and Sign in with Apple capability.

error: Provisioning profile "*[expo] com.cosmicoda.STAGING AdHoc XXXXXXXXXXXXX" doesn't include the com.apple.developer.applesignin and com.apple.developer.associated-domains entitlements.

And then in the Apple Developer the Identifier and Key for the App have Sign In with Apple and Associated Domains disabled.

Using expo build with the following command is working:

ENVIRONMENT=STAGING expo build:ios -t archive --release-channel staging

Any suggestions to get eas build working will be really appreciated.

notbrent · May 25, 2021, 5:14pm

hi there! upgrade eas-cli to 0.15.1 and this should handle syncing your capabilities correctly

meisty · May 25, 2021, 5:50pm

Hi @notbrent
Thanks for the quick response.

This actually resolved the problem with Associated Domains but it still disables Sign In with Apple:

When I run the command below in my GitLab CI:

ENVIRONMENT="$ENVIRONMENT" npx eas-cli build --platform all --profile "$PROFILE" --non-interactive

$ENVIRONMENT=STAGING
$PROFILE=staging

Sign In with Apple is not disabled but I get the same error in the build output (Run fastlane):

error: Provisioning profile "*[expo] com.cosmicoda.STAGING AdHoc XXXXXXXXXXXXX" doesn't support the Associated Domains and Sign in with Apple capability.

error: Provisioning profile "*[expo] com.cosmicoda.STAGING AdHoc XXXXXXXXXXXXX" doesn't include the com.apple.developer.applesignin and com.apple.developer.associated-domains entitlements.

Any other suggestions?

notbrent · May 25, 2021, 6:04pm

how do you have sign in with apple configured in your app.json? do you have expo-apple-authentication installed in your app?

edit: oh i see you have usesAppleSignIn in your app.json

notbrent · May 25, 2021, 6:06pm

can you run expo config --type introspect and share what exists under the entitlements field?

meisty · May 25, 2021, 6:10pm

I actually use app.config.ts, but I tested it with usesAppleSignIn directly in app.json to make sure it was not overwritten and the result was the same.

from package.json:

"expo-apple-authentication": "~3.1.0",

entitlements:

entitlements: {
      'com.apple.developer.associated-domains': [
        'applinks:STAGING-URL.cosmicoda.com'
      ],
      'aps-environment': 'development',
      'com.apple.developer.applesignin': [
        'Default'
      ]
    }

notbrent · May 25, 2021, 6:15pm

this looks correct, and it should sync as expected. in a new project with a minimal app.json, i see this:

✔ Bundle identifier registered xyz.bront.app
✔ Synced capabilities: Enabled: Sign In with Apple

{
  "expo": {
    "name": "app",
    "slug": "app",
    "version": "1.0.0",
    "ios": {
      "bundleIdentifier": "xyz.bront.app",
      "usesAppleSignIn": true
    }
  }
}

my guess is that somehow when you run eas build the usesAppleSignIn field isn’t being set in app config, try looking over the logic in your app.config.ts to be sure

meisty · May 25, 2021, 6:24pm

I moved usesAppleSignIn to app.json but still same issue:

{
  "expo": {
    "version": "1.0.1",
    "ios": {
      "buildNumber": "1.0.1",
      "usesAppleSignIn": true
    },
    "android": {
      "versionCode": 2
    }
  }
}

The rest of the configurations are still coming from app.config.ts.

I will check if I can find any issue with my app.config.ts but let me know if you have any other suggestions as I’m running out of ideas.

Thanks

notbrent · May 25, 2021, 6:27pm

can you share your entire app.config.ts?

meisty · May 25, 2021, 6:39pm

So I just found that if the Sign In with Apple is disabled in my Identifier, expo will enable it:

If I run the command again, then it will disable it…

if I run it again it will enable it again etcetera…

meisty · May 25, 2021, 6:56pm

app.config.ts

import { ConfigContext, ExpoConfig } from '@expo/config';

export default ({ config }: ConfigContext): ExpoConfig => {
  return {
    ...config,
    name: 'GameOn',
    slug: 'GameOn',
    owner: 'cosmicoda',
    privacy: 'hidden',
    orientation: 'portrait',
    scheme: process.env.ENVIRONMENT === 'PROD' ? 'gameon' : process.env.ENVIRONMENT === 'STAGING' ? 'gameon-staging' : 'gameon-dev',
    icon: process.env.ENVIRONMENT === 'PROD' ? './assets/icons/gameon.png' : process.env.ENVIRONMENT === 'STAGING' ? './assets/icons/gameon-staging.png' : './assets/icons/gameon-dev.png',
    splash: {
      image: './assets/images/welcome-initial.png',
      resizeMode: 'contain',
      backgroundColor: '#414863'
    },
    updates: {
      fallbackToCacheTimeout: 0
    },
    assetBundlePatterns: [
      'assets/*'
    ],
    notification: {
      icon: process.env.ENVIRONMENT === 'PROD' ? './assets/icons/gameon.png' : process.env.ENVIRONMENT === 'STAGING' ? './assets/icons/gameon-staging.png' : './assets/icons/gameon-dev.png'
    },
    hooks: {
      postPublish: [{
        file: 'sentry-expo/upload-sourcemaps',
        config: {
          organization: 'cosmicoda',
          project: process.env.ENVIRONMENT === 'PROD' ? 'gameon' : 'gameon-staging',
          authToken: '...'
        }
      }]
    },
    ios: {
      ...config.ios,
      supportsTablet: false,
      infoPlist: {
        NSUserTrackingUsageDescription: '',
        UIBackgroundModes: [
          'remote-notification',
          'fetch'
        ]
      },
      icon: process.env.ENVIRONMENT === 'PROD' ? './assets/icons/gameon.png' : process.env.ENVIRONMENT === 'STAGING' ? './assets/icons/gameon-staging.png' : './assets/icons/gameon-dev.png',
      bundleIdentifier: process.env.ENVIRONMENT === 'PROD' ? 'com.cosmicoda.gameon' : process.env.ENVIRONMENT === 'STAGING' ? 'com.cosmicoda.gameon-staging' : 'com.cosmicoda.gameon-dev',
      googleServicesFile: process.env.ENVIRONMENT === 'PROD' ? './FirebaseService-Info.plist' : process.env.ENVIRONMENT === 'STAGING' ? './FirebaseService-Info-staging.plist' : '',
      usesAppleSignIn: true,
      config: {
        usesNonExemptEncryption: false,
        googleSignIn: {
          reservedClientId: process.env.ENVIRONMENT === 'PROD' ? 'com.googleusercontent.apps.PROD' : process.env.ENVIRONMENT === 'STAGING' ? 'com.googleusercontent.apps.STAGING' : ''
        },
        googleMobileAdsAppId: 'ca-app-pub-XXXXXXXXXXXXXXXX~XXXXXXXXXX',
        branch: {
          apiKey: process.env.ENVIRONMENT === 'PROD' ? 'PROD-KEY' : process.env.ENVIRONMENT === 'STAGING' ? 'STAGING-KEY' : ''
        }
      },
      associatedDomains: [
        process.env.ENVIRONMENT === 'PROD' ? 'applinks:PROD.cosmicoda.com' : process.env.ENVIRONMENT === 'STAGING' ? 'applinks:STAGING.cosmicoda.com' : ''
      ]
    },
    android: {
      ...config.android,
      useNextNotificationsApi: true,
      icon: process.env.ENVIRONMENT === 'PROD' ? './assets/icons/gameon.png' : process.env.ENVIRONMENT === 'STAGING' ? './assets/icons/gameon-staging.png' : './assets/icons/gameon-dev.png',
      package: process.env.ENVIRONMENT === 'PROD' ? 'com.cosmicoda.gameon' : process.env.ENVIRONMENT === 'STAGING' ? 'com.cosmicoda.gameon_staging' : 'com.cosmicoda.gameon_dev',
      googleServicesFile: process.env.ENVIRONMENT === 'PROD' ? './firebase-services.json' : process.env.ENVIRONMENT === 'STAGING' ? './firebase-services-staging.json' : '',
      config: {
        googleMobileAdsAppId: 'ca-app-pub-XXXXXXXXXXXXXXXX~XXXXXXXXXX',
        branch: {
          apiKey: process.env.ENVIRONMENT === 'PROD' ? 'PROD-KEY' : process.env.ENVIRONMENT === 'STAGING' ? 'STAGING-KEY' : ''
        }
      }
    },
    facebookScheme: process.env.ENVIRONMENT === 'PROD' ? 'PROD-KEY' : 'STAGING-KE',
    facebookAppId: process.env.ENVIRONMENT === 'PROD' ? 'PROD-KEY' : 'STAGING-KE',
    facebookDisplayName: process.env.ENVIRONMENT === 'PROD' ? 'GameOn' : 'GameOn - Staging',
    extra: {
      environment: process.env.ENVIRONMENT ? process.env.ENVIRONMENT : '',
      firebase: {
        apiKey: process.env.ENVIRONMENT === 'PROD' ? 'PROD-KEY' : 'STAGING-KEY',
        authDomain: process.env.ENVIRONMENT === 'PROD' ? 'PROD-URL' : 'STAGING-URL',
        databaseURL: process.env.ENVIRONMENT === 'PROD' ? 'PROD-URL' : 'STAGING-URL',
        projectId: process.env.ENVIRONMENT === 'PROD' ? 'PROD-URL' : 'STAGING-URL',
        storageBucket: process.env.ENVIRONMENT === 'PROD' ? 'PROD-URL' : 'STAGING-URL',
        messagingSenderId: process.env.ENVIRONMENT === 'PROD' ? 'PROD-KEY' : 'STAGING-KEY',
        appId: process.env.ENVIRONMENT === 'PROD' ? 'PROD-KEY' : 'STAGING-KEY',
        measurementId: process.env.ENVIRONMENT === 'PROD' ? 'PROD-KEY' : 'STAGING-KEY'
      },
      sentry: {
        dsn: process.env.ENVIRONMENT === 'PROD' ? 'PROD-KEY' : 'STAGING-URL'
      }
    }
  }
};

I removed all sensitive information.

and app.json:

{
  "expo": {
    "version": "1.0.1",
    "ios": {
      "buildNumber": "1.0.1"
    },
    "android": {
      "versionCode": 2
    }
  }
}

Let me know if you find something suspicious in the file.

Thanks

meisty · May 25, 2021, 7:29pm

@notbrent

When the build enables Sign In with Apple, it builds successfully and Apple Auth is working in the app.

But when it disables it, the build will fail with the same errors as described above.

notbrent · May 25, 2021, 7:31pm

sorry i’m not quite following

When the build enables Sign In with Apple, it builds successfully and Apple Auth is working in the app.

But when it disables it, the build will fail with the same errors as described above.

when is the build enabling it vs disabling it? why would it not just always be enabled?

btw, you can roll back to eas-cli@0.14 to opt out of this capability syncing for now

meisty · May 25, 2021, 7:34pm

@notbrent

meisty · May 25, 2021, 7:45pm

rolling back to eas-cli@0.14 solves this issue.

it looks like for some reasons eas-cli@0.15 just switch the Sign In with Apple capability on each run.

I will keep using 0.14 for the moment but let me know if you find and fix the issue or if you want me to provide any extra information to help with the investigation of the issue.

Thanks for you assistance.

notbrent · May 25, 2021, 9:03pm

we sync the capabilities based off your entitlements each time you run build, because you may change entitlements between builds and so this ensures it’s working as expected. are you running the identical build command with the same environment vars and profile on your second build?

in my case i cannot repro what you’re describing:

╭─~/code/thingy ‹main›
╰─$ eas build -p ios                                                                                                                1 ↵
✔ Linked to project @notbrent/thingy
✔ Using remote iOS credentials (Expo server)
If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … yes

› Log in to your Apple Developer account to continue
✔ Apple ID: … brentvatne@gmail.com
› Restoring session /Users/brentvatne/.app-store/auth/brentvatne@gmail.com/cookie
✔ Select a Team › Brent Vatne - Individual (GQ4S96SE9Z)
› Provider Brent Vatne (1560983)
✔ Switched to provider: Brent Vatne (1560983)
✔ Logged in Local session
✔ Bundle identifier registered xyz.bront.app
✔ Synced capabilities: Enabled: Sign In with Apple
⠙ Fetching Apple distribution certificates
╭─~/code/thingy ‹main›
╰─$ eas build -p ios                                                                                                              130 ↵
✔ Linked to project @notbrent/thingy
✔ Using remote iOS credentials (Expo server)
If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … yes

› Log in to your Apple Developer account to continue
✔ Apple ID: … brentvatne@gmail.com
› Restoring session /Users/brentvatne/.app-store/auth/brentvatne@gmail.com/cookie
✔ Select a Team › Brent Vatne - Individual (GQ4S96SE9Z)
› Provider Brent Vatne (1560983)
✔ Switched to provider: Brent Vatne (1560983)
✔ Logged in Local session
✔ Bundle identifier registered xyz.bront.app
✔ Synced capabilities: Enabled: Sign In with Apple
^C

meisty · May 25, 2021, 10:00pm

yes I run the exact same command:

Meisty-MacBook-Pro:GameOn meisty$ ENVIRONMENT=STAGING eas build --platform ios --profile staging
✔ Linked to project @cosmicoda/GameOn
✔ Using remote iOS credentials (Expo server)
If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … yes

› Log in to your Apple Developer account to continue
✔ Apple ID: … romain.meisterhans@cosmicoda.com
› Restoring session /Users/meisty/.app-store/auth/romain.meisterhans@cosmicoda.com/cookie
› Team Cosmicoda Sarl (XXXXXXXXXX)
› Provider Cosmicoda Sarl (XXXXXXXXX)
✔ Logged in Local session
✔ Bundle identifier registered com.cosmicoda.gameon-staging
✔ Synced capabilities: Disabled: Sign In with Apple
...
Meisty-MacBook-Pro:GameOn meisty$ ENVIRONMENT=STAGING eas build --platform ios --profile staging
✔ Linked to project @cosmicoda/GameOn
✔ Using remote iOS credentials (Expo server)
If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … yes

› Log in to your Apple Developer account to continue
✔ Apple ID: … romain.meisterhans@cosmicoda.com
› Restoring session /Users/meisty/.app-store/auth/romain.meisterhans@cosmicoda.com/cookie
› Team Cosmicoda Sarl (XXXXXXXXXX)
› Provider Cosmicoda Sarl (XXXXXXXXX)
✔ Logged in Local session
✔ Bundle identifier registered com.cosmicoda.gameon-staging
✔ Synced capabilities: Enabled: Sign In with Apple
...
Meisty-MacBook-Pro:GameOn meisty$ ENVIRONMENT=STAGING eas build --platform ios --profile staging
✔ Linked to project @cosmicoda/GameOn
✔ Using remote iOS credentials (Expo server)
If you provide your Apple account credentials we will be able to generate all necessary build credentials and fully validate them.
This is optional, but without Apple account access you will need to provide all the values manually and we can only run minimal validation on them.
✔ Do you want to log in to your Apple account? … yes

› Log in to your Apple Developer account to continue
✔ Apple ID: … romain.meisterhans@cosmicoda.com
› Restoring session /Users/meisty/.app-store/auth/romain.meisterhans@cosmicoda.com/cookie
› Team Cosmicoda Sarl (XXXXXXXXXX)
› Provider Cosmicoda Sarl (XXXXXXXXX)
✔ Logged in Local session
✔ Bundle identifier registered com.cosmicoda.gameon-staging
✔ Synced capabilities: Disabled: Sign In with Apple
...
Meisty-MacBook-Pro:GameOn meisty$

notbrent · May 25, 2021, 10:02pm

that’s very strange indeed. could you possibly share your project with me on github or try to create a minimal reproducible example repository?

meisty · May 25, 2021, 10:05pm

Yes I can add you to the GitLab repo.
To what email address should I send the invite?

notbrent · May 25, 2021, 10:06pm

brent@expo.io

Topic		Replies	Views
EAS Build failed on iOS : Associated Domains capability Expo Application Services (EAS) permissions	5	376	May 20, 2022
EAS Build IOS failing Expo Application Services (EAS)	3	237	November 13, 2021
EAS Build failing for iOS because of apple-authentication Expo Application Services (EAS)	0	237	November 29, 2021
EAS ios build fails with provisioning profile error Expo Application Services (EAS) appauth , appleauthentication , permissions	0	288	March 8, 2023
Docs clarification - using EAS Build for iOS associatedDomains Expo Application Services (EAS)	0	174	March 31, 2022

EAS build (managed workflow) for iOS disables Sign In with Apple (and Associated Domains)

Related Topics