I am trying to create custom expo client. When it comes to chosing a way to generate push keys, two options are shown:
Provide my own key
Let expo handle the process
If I choose Provide my own key option (that I get from my expo developer page on the expo website), I get an error saying that:
✖ This Push Key is no longer valid on the Apple Developer Portal
If I choose to Let expo handle the process, it says that:
You can have only two Apple Keys generated on your Apple Developer
account. Please revoke the old ones or reuse existing from your other
apps. Please remember that Apple Keys are not application specific!
When I log into my developer account and look at two of my keys, they are indeed different from the one that is shown on my expo page - their IDs are different. Seems like existing authentication key that is shown on expo is invalid for some reason.
If my current APN authentication key is invalid, then how do notifications in my app still work? And how should I build my custom expo client without breaking my existing, published app?
Related
I am trying to implement Sign in with Apple for my IOS app using realm sync. I am using the sign in to authenticate the user into realm. The thing I do not understand is that I am following these steps from the mongodb setup Apple ID signin:
In Step 2 on creating a services ID for the app in dev portal of apple. We must activate the Sign in with Apple service within the service identifier:
In order to do this we have to provide domains and return URLs? This is all done to create a JWT to put into realm for when activating the apple signing method on realm's side. I am confused by this - isn’t this only for web apps? Do I have to setup a web service on a cloud for this part? I see numerous tutorials on implementing Apple Sign In with Firebase and that's not required.
I genuinely don’t understand what I am supposed to do here. After reading Apple's docs, it shows that you have to do these steps if you are signing in through Apple on a different platform (we are signing in from iOS).
I tried finding tutorials or video examples of people implementing this on their realm database with iOS and I could not find any. I also tried to skip the step of creating a service ID and use the app ID in the script to create the JWT but it ends up being invalid.
Questions:
What is the correct procedure here?
Do both the developer and account-holder need paid Apple Developer accounts?
(As said in blow context, My Client already has one, do I need a paid account as well?)
How will I ever be able to deploy the app if my customer does not have a business account?
Context:
I'm trying to build my first iOS app with Expo.
I tried to run expo build:ios and got You have no team associated with your Apple account, cannot proceed.
I have an unpaid Apple ID
My customer created a paid developer account of type 'individual'.
He added me to his team and gave me the 'Admin' role.
The checkbox to give me access to certificates was grayed out. Apparently (according to Stack Overflow) because his account is of type 'individual'
I know I am part of a team because I can log in to App Store Connect and manage everything in my customer's account (except certificates).
Expo output:
reto#Retos-Mac-mini test1 % expo build:ios
✔ Choose the build type you would like: › archive
Checking if there is a build in progress...
Accessing credentials for ****** in project test1
✔ Do you have access to the Apple account that will be used for submitting this app to the App Store? … yes
› Log in to your Apple Developer account to continue
✔ Apple ID: … ******
› Restoring session ******
› Session expired Local session
› Using password for ****** from your local Keychain
Learn more: https://docs.expo.io/distribution/security#keychain
✔ Logged in New session
Authentication with Apple Developer Portal failed!
You have no team associated with your Apple account, cannot proceed.
(Do you have a paid Apple Developer account?)
Error: You have no team associated with your Apple account, cannot proceed.
(Do you have a paid Apple Developer account?)
...
Outcome
Based on all the answers, I will:
not create another paid account
customer will change his Apple ID password and give me complete access to his Apple Developer account
use customer's Apple Developer account to run expo-cli build:ios and let expo handle all the certificate and profile generation (which I have never done before).
maybe export all the necessary certificates and keys so I can give back control of the Apple ID and still deploy in the future (hopefully)
Individual Apple developer accounts are ineligible of adding an additional member who has access to certificates, identifiers and provisioning profiles.
Choose one of below few options:
Tell your customer to generate and send you provisioning profile (source):
Provisioning Profiles can be shared without problems between developers. For them to be valid and usable, though, having both Public and Private keys is needed.
The Public key is stored in the Certificate whilst the Private has to be exported from the certificate's creator Keychain App.
Enroll your own Developer account -> build the app -> publish it -> transfer the app to his account (see requirements at: https://developer.apple.com/programs/enroll/).
Your customer can request to upgrade his membership to an organisation. This requires him to have:
A D-U-N-S® number
Which depending on the process, would take
from days to months to get.
Legal Entity Status
Legal Binding Authority
A Website
Login with your customers developer account in Xcode which would allow Xcode to automatically manage the certificates. (Requires from your client to trust you)
Customer can assign you as an account holder for small amount of time until app will be deployed to AppStore. (Also requires from your client to trust you enough).
What is the correct procedure here?
There are few options
your customer needs to be registered as an organization not an individual
your customer can generate credentials for you on apple developer portal and provide them to you as files
your customer can generate credentials by running expo-cli build:ios and authenticating with apple on their account.
Do I also need a paid account?
That wouldn't help, you would be able to build/publish that app under your name, but not as the customer.
Also, if you are working for a client you shouldn't do that on your expo account, instead ask them to create an expo organization and to add you there, or create it for them and provide them with access to that organization, it makes it easier to transfer ownership in the future. Alternatively you could use separate expo account for every client.
I have developed an app that verifies a user by their phone number using Firebase phone number authentication.
The Android version is working correctly after it was published of Google Play but the iOS version does not receive SMS messages, despite it working correctly during development testing.
Why might this occur?
When uploaded to Google Play, I was asked to provide SHA key details for my app, but I was not asked or even know what the App Store equivalent is of this procedure.
I had the same problem.
Check that you have APN certificate for production application set in Firebase or event better set APNs Authentication Key instead of handling separate certificates.
Check here how to generate certificate: https://developer.clevertap.com/docs/how-to-create-an-ios-apns-auth-key
After upload this key to Firebase -> Settings -> Cloud messaging under APN Auth key sections.
I created an server side application which is generating PkPass files using Apple WWDRCA and Pass Type ID cert. My certificates are installed on the server and they are valid until end of 2017 but my Apple Developer account will expire in a few days. I'm wondering will my application continue to work without any issues or I will need to renew my subscription.
Thanks.
You will continue to be able to issue and update passes until your certificate expires. However, we have experienced problems with clients who have let their developer account lapse and have subsequently lost the PassTypeID.
If you anticipate the need to issue or update these particular passes after the expiry of your certificate, then I'd strongly recommend to renew your Apple developer account now.
So even I accepted PassKit answer, here I want to add one note. The accepted answer is correct, no doubts, after my account expired, wallet file generator continued to work because certificates were valid and everything was just fine.
But what happened to me is either bad luck or I don't know. So, when my account expired as I said, everything was fine, except opening wallet files on iPhone. So I was always getting an error "Safari can't download this file". I tried everything but only one thing solved my problem:
New developer account subscription
After I order my new subscription I just generated new Pass Type certificate, updated my web service and server to work with new certs and with new team id and at that point I was able again to load my generated wallet files into iPhone Wallet App.
I started a few weeks ago to develop my first IOS app and it requires Twitter and Facebook Login.
I am very surprised about the different approaches that both platforms take in terms of security/authentication.
Facebook uses the IOS Bundle ID approach, which seems great, since every Bundle ID is unique and you cannot publish an app Bundle ID in behalf of another user, so is pretty easy for Facebook to figure out if your are who you say you are.
Twitter uses his traditional Key/Secret pair that uses in Web/REST applications in IOS as well, while it works for the Web because you don't need to expose those keys to the Client, that is not the case for IOS applications.
According with the official documentation
"To initialize the Twitter Kit with your app’s credentials, pass them
to startWithConsumerKey:consumerSecret:"
"Calling startWithConsumerKey:consumerSecret: will override any keys
which were automatically configured. Automatically configured keys
live in your app’s Info.plist under the key"
My understanding is that even if I use my keys, or I use the keys generated by Fabric, those will be exposed on the plist which is a non-secure method to store private keys.
I am sure I am missing something here, please clarify me how it works.