Codesigning completes, Notarization fails using notary tool

New AppID and password created

Can you clarify what you mean by this?

From the perspective of Apple development, there are three things you might mean by “AppID”:

• The Apple ID you use to authentication with the Developer website, App Store Connect, and so on. This looks like an email address, for example, quinn@example.com.

• The App ID of your app. macOS apps don’t necessarily have an App ID but you need one if you use any restricted entitlements. This is of the form TTT.BBB, where TTT is your App ID prefix, typically your Team ID, and BBB is your bundle ID. For example, the App ID for Apple Configurator is K36BKF7T3D.com.apple.configurator.ui.

• The Apple ID of your app. This identifies your app on the App Store. It is a long decimal number. For example, the Apple ID of Apple Configurator is 1037126344. If you’re notarising your app, and thus shipping it independently, it probably won’t have one of these.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

APPID SHApple ID USED IS - xxxxx-Mac-mini:jenkins xxxx$ security find-identity -v

1. CA0414FE6A87AD4BDE61801456F9591331AA4CD1 "Apple Development: xxxxx (6H2MQ53ZS9)"

APP ID USED IS - 6H2MQ53ZS9

The confusion for this account, is that I see the following:

xxxxx-Mac-mini:jenkins xxxx$ security find-identity -v

1. CA0414FE6A87AD4BDE61801456F9591331AA4CD1 "Apple Development:xxxxx 6H2MQ53ZS9)"
2. BE25C224DDE929EDDB472048344FCD34EAB33BED "Apple Development: Kenneth xxxx (7GAZHP6C8Z)"
3. 5B36649627DE35DFB05E91794B325D0051C0DAB9 "Developer ID Installer: xxxx LLC (J336G5CQSU)"
4. D95B910DF676BA763780001E37CFC0B2690A4857 "Apple Distribution: xxxxx LLC (J336G5CQSU)"
5. BE6BA2786F798BC1D01D4E6FC60DB50F45DF7750 "Apple Development: James xxxxx (7QA8DXY37V)"
6. 7D2D3624CE5E40BB4C68C01958F513B0C41DF155 "Developer ID Application: xxxxx LLC (J336G5CQSU)" 6 valid identities found

I don't know the state of this account and it might be corrupted: Is there an easy way to tell?

Error: HTTP status code: 401. Invalid credentials. Username or password is incorrect. Use the app-specific password generated at appleid.apple.com. Ensure that all authentication arguments are correct. xxxxx-Mac-mini:jenkins xxxxx$

APP ID USED IS - 6H2MQ53ZS9

That’s not any of the things in my list O-: In fact, I’m not even sure what that’s called officially; it’s simply a unique ID assigned to your user by the Developer website.

When debugging notary authentication issues, I recommend that you start with the history command, for example:

% xcrun notarytool history CREDENTIALS

where CREDENTIALS is the credentials you’re authenticating with. This lets you test your credentials without having to worry about whether your app is structured correctly. Once you have the history command working, use the same credentials for the submit command.

If you want to authenticate with a user name and password, supply three options:

• --apple-id AAA
• --team-id TTT
• --password PPP

To get the AAA value, go to the Apple Developer website, click Account, and log in. During the login process, the value you enter into the Apple ID field is… well… your Apple ID. Typically this is your email address.

Once you’re logged in, click the menu next to your name at the top right. This displays a list of teams that you’re a member of. Select the right one. Now scroll down a bit and you’ll see a Team ID field. That’s the value you need for TTT. It’s a 10 character alphanumeric, like SKMME9E2Y8.

Finally, you’ll need an app-specific password for PPP. This is not the same as your Apple ID password. Rather, generate it by following the instructions in the How to generate an app-specific password section of Sign in to apps with your Apple ID using app-specific passwords. It’ll look something like pzah-rhqg-dauz-rqlq.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"