altool fails with "The auth server returned a bad status code"

For debugging auth issues I recommend that you start with --list-providers because it doesn’t depend on any parameters other than the credentials. So, does the following work (substituting the credentials for CCC)?

% xcrun altool --list-providers CCC

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@Quinn As always, thank you for your prompt and helpful response. I have forwarded the information on to the customer. I'll swap out my code to use this to validate customer entered in user names and passwords in a future update.

I had the same issue, for me it helped to use "application password" generated on https://appleid.apple.com/account/manage instead of my main appleId password

Application password does the trick for me too!

Hi, This error is coming often now. I have tried the following command it is giving output. xcrun altool --list-providers --username "username" --password "@keychain:NOTARIZE_PASSWORD" I am using app specific password generated for my user name. I got the following output for the above command.

2022-01-31 14:55:51.693 altool[99127:17893146] CFURLRequestSetHTTPCookieStorageAcceptPolicy_block_invoke: no longer implemented and should not be called

ProviderName ProviderShortname PublicID                             WWDRTeamID  ------------ ----------------- ------------------------------------ ----------  xxxxx      xxxx            69a6de70-xxxxx-xxxxxx-xxxxxxxxx 82xxxxxxxxC 

macOS: 11.0.1 Xcode: 12.3

regards Prema Kumar

Just a reminder that altool is deprecated for the purposes of notarisation [1]. If you’re notarising, use the shiny new notarytool. It is better, stronger, and faster (-:

For more background on this, see WWDC 2021 Session 10261 Faster and simpler notarization for Mac apps.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] It’s not deprecated for its other purposes, most notably, upload apps to the App Store.

Hi,

This error is happening again. I have reported this in FB10806063. Please help. it is blocking everything we do.

I am using app specific password.

Upgrading to noratytool is in our list, and we will do it.

regards

Prema Kumar

I have reported this in FB10806063.

Thanks.

altool has a verbose logging mode that you enable with the --verbose option. Please retry with that and, presuming it still fails, add the results to your bug report.

Also, just for testing purposes, please try the following:

• Running a test notarytool command with your app-specific password.

• Running altool with an App Store Connect API key rather than an app-specific password. Specifically, run the --list-providers from my initial response, substitute the following for CCC:

    -u USER --apiIssuer ISSUER --apiKey KEY_ID
  

  Here USER is the same user name you’re currently using, ISSUER is the UUID associated with your App Store Connect API key, and KEY_ID is the ID associated with that key. The last item is a sequence of 10 alphanumerics, for example, T9GPZ92M7K.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi @eskimo,

I have uploaded the --verbose command output in the bug report. Please check.

regards

Prema Kumar

I have uploaded the --verbose command output in the bug report.

Thanks.

Did you look at that log? Upstream from the -1011 is a -1001 error indicating a network timeout. It’s hard to say exactly which service timed out, but it seems to be associated with generating an App Store Connect token (hence the generateAppleConnectToken in the log). I suspect that this is yet another case where your overly enthusiastic firewall is blocking connections to Apple services.

With regards the other tests I suggested, what results did you see?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi, I have configured a different machine (macOS12.5 and Xcode 13.4). Uploaded a new package with notarytool and I was able to get the status. I am not able to get the status of previously uploaded package (uploaded with altool) using notarytool. I get the error "Submission does not exist or does not belong to your team."

Following is the output I get xcrun altool. I am retrying 10 times in the code and I always gets following response.

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>os-version</key>
	<string>12.5.0</string>
	<key>product-errors</key>
	<array>
		<dict>
			<key>code</key>
			<integer>-19000</integer>
			<key>message</key>
			<string>The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.</string>
			<key>userInfo</key>
			<dict>
				<key>NSLocalizedDescription</key>
				<string>The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.</string>
				<key>NSLocalizedFailureReason</key>
				<string>Apple Services operation failed.</string>
				<key>NSLocalizedRecoverySuggestion</key>
				<string>The server returned an invalid response. This may indicate that a network proxy is interfering with communication, or that Apple servers are having issues. Please try your request again later.</string>
			</dict>
		</dict>
	</array>
	<key>tool-path</key>
	<string>/Applications/Xcode.app/Contents/SharedFrameworks/ContentDeliveryServices.framework/Versions/A/Frameworks/AppStoreService.framework</string>
	<key>tool-version</key>
	<string>5.4211.13411</string>
	<key>warnings</key>
	<array>
		<dict>
			<key>code</key>
			<integer>-1030</integer>
			<key>message</key>
			<string>altool has been deprecated and, starting in fall 2023, will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software.</string>
			<key>userInfo</key>
			<dict>
				<key>NSLocalizedDescription</key>
				<string>altool has been deprecated and, starting in fall 2023, will no longer be supported by the Apple notary service. You should start using notarytool to notarize your software.</string>
			</dict>
		</dict>
	</array>
</dict>
</plist>

regards

Prema Kumar

I am not able to get the status of previously uploaded package (uploaded with altool) using notarytool.

That’s expected. The two system both use a UUID to track requests but they are in different namespaces.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Hi OP, did you resolve this problem? My CI suddenly stopped working today, I've re-created the app-specific password multiple times and it's still not working. I'm forced to upload the build to the app store manually.

Same problem for me this afternoon. I created a new app password it does not change anything. I get the "Error: Unable to upload your app for notarization. Failed to get authorization for username" message. I did get once an email saying the notarization was successful but the command line did not seem to get a reply from the server...

Same problem with me I got the error using fastlane

Error uploading '/var/folders/bq/b2snsfy95fv3slfctpg5p6q5fxcb6q/T/x.ipa'. [15:51:09]: Unable to upload archive. Failed to get authorization for username and password. ( [15:51:09]: The call to the altool completed with a non-zero exit status: 1. This indicates a failure. [15:51:09]: Could not download/upload from App Store Connect!

same for me, stopped working today

Same issue here. I tried creating app-specific passwords to no avail and tried using a different developer account in the same org as well. We had a successful app build using xcrun altool --upload-app 9 days ago. Did something change in the past week?

Same for me. I was working for years. Looking forward to hearing about the news here. Thx!

Same problem this afternoon. I also tried with a new app password but doesn't change anything.

Facing the same issue on our CI. Five hours ago all builds were uploading fine.

Also seeing this exact same problem ("The auth server returned a bad status code") since at least 17 Feb 2023 02:10:00 -0600 (CST). Sounds like Apple's servers are having a meltdown.

Same problem for me since about 12h: Nothing changed on the CI, upload using xcrun altool --upload-app stopped working. Creating a new app specific password did not help.

Have the same problem today. App specific password stoped to work with the error: Bad status code: <MZWebServiceDAWTokenForUsernameAndPassword: 0x1420177c0> *** Error: Failed to list providers. *** Error: Failed to list providers. Failed to get authorization for username

Having the same issue too.

So I had the same failures yesterday (Feb 17), but as of 5:52am GMT on Feb 18th, 2023, I was able to use altool to notarize again successfully using altool. So maybe it was a temporary glitch.

Tagging @eskimo and previous posters below so maybe they'll get a notification.

@rowlands @mateofp @derekdkim @molnardavid84 @dpo1 @NickNikonenok @sbnoble @steven7 @tien6b0 @Johnny7531