I'm signing my macOS application with a Developer ID Application Certificate and sending it to Apple's notary service. When I'm uploading the build from XCode I'm getting the following error:
Failed retrieving request UUID for upload. You may have outstanding
agreements to sign on App Store Connect.
I've checked the following URLs and I don't have any new prompts for new agreements:
https://developer.apple.com/account/
https://appstoreconnect.apple.com/
https://appstoreconnect.apple.com/agreements/#/
Is this a bug from Xcode/App Store Connect or does the message refer to other agreements that must be signed?
After failing to solve this with an Apple Support person, I removed an admin who did not have a current individual Apple Development account from the Team. Solved the issue instantly.
Had the same issue and also no outstanding agreements to sign.
In the end, the problem was, that the user who wanted to upload the build for notarization didn't have "Access to Cloud Managed Developer ID Certificate" in the Users and Access section on App Store Connect. It worked before for that user, so something in the backend must have changed in the meanwhile.
I had the same problem, no agreements to sign, I had Access to Cloud Managed Developer ID Certificate and still got the error.
To fix it I went to Xcode->Preferences-> removed my developer account from Xcode the re-added my developer account to Xcode and it worked.
Update from November 2022: I no longer receive the error from the question, it was probably fixed by Apple on their side.
Related
The Apple Push Services certifcate is about to expire in a few days.
To renew the certificate a new certificate has to be requested, and then the current certificate can be rewoked (or left to expire..). The new certificate then has to be uploaded to the service used to handle the notifications (in my case Firebase Messaging).
I have a hard time wrapping my head around who can update the certificates, without breaking the push-notifications and causing the app to be updated.
Does the new certificate has to be requested by the same APPLE-ID as the current? Or can anyone else of the mantainers with role "Admin" or "App Manager" (https://appstoreconnect.apple.com/access/users) update it with their account?
The .CSR file from Apple Keychain can be created by any APPLE-ID, or only by the APPLE-ID who created the original? Do I need the original .CSR from the current certificate?
The Apple ID of the requester does not really matter. As long as they belong to the same team on App Store Connect and have the necessary rights, they can do that. The fastest way is probably using a tool like https://docs.fastlane.tools/actions/pem/ or kind of the "web version" of that https://onesignal.com/provisionator
Can anyone help me with the following error message?
I have seen a few of these messages in Xcode (and on Stackoverflow) but not exactly this one. I have an admin role (but I am not the account holder). Does anyone know why Xcode has problems with the creation of the Developer ID Application certificate?
In Xcode I signed in with the admin account but still no success. Any help is highly appreciated!
The documentation on this is pretty clear from this chart (see https://developer.apple.com/support/roles/):
You are not the account holder so you do not have the ability to create Developer ID certificates. The Account Holder must create them. The certificate belongs to the team as a whole so you will be able to use it.
We have a web app that uses OAuth to sync user's gmail account asking for some credentials. Now since last week we are getting this message that "sign in with Google is temporarily disabled for app" but we haven't changed anything from our settings at all. Also we have everything approved and configured because it was working fine before that time.
You need to follow the process described [here][1] to request verification for your app.
[1] https://support.google.com/cloud/answer/7454865?hl=en
Also see https://gsuite-developers.googleblog.com/2018/06/new-oauth-protections-to-reduce-risk.html
I'm developing an IOS app for a client who got his IOS Developer Account and don't want to share the credentials, is there a way to sign that app without the credentials, I already got the certificate and provisioning profile but on the archiving stage the account is required.
Thanks in advance.
Yes there is a way, you can ask your client to log in through Team viewer. Through team viewer your screen will be shared with your client, you both can see what is ongoing on your screen. As password is secure field you can not see password but you will get signed in on your system.
I was having some code signing problems and in a rash decision I decided to delete all my certificates and private keys and to start over. I read and understood that this would mean a lot of work to set things up again, but I didn't think this would create an irreversible situation:
I have 10 un-revokable Developer ID certificates: 5 Developer ID Application certificates and 5 Developer ID Installer certificates, with different expiration dates (2017 to 2019).
If I click the + button to add a certificate the radio button for Developer ID is unselectable (grayed out).
So, my problem is that I don't have the private key for these certificates, I can't revoke them, and I can't create new Developer ID certificates. One other thing: I'm the only member of the team.
I called Apple Developer Support and they weren't sure how to fix this. They said they'd have to get back to me.
Anyone else have any suggestions?
Thanks
Philip
Okay, in case anyone else missed this in the App Distribution Guide here's what I found:
You can’t revoke Developer ID or Passbook certificates using Member
Center. Instead, send a request to Apple at product-security#apple.com
to revoke these types of certificates. If Apple revokes your
Developer ID certificate, users can no longer install applications
that have been signed with that certificate. Instead of revoking a
Developer ID certificate, you can create additional Developer ID
certificates using Member Center as described in “Requesting
Additional Developer ID Certificates.
I didn't realize 5 Developer ID Application and 5 Developer ID Installer certificates were the limit. Hopefully, Apple will revoke them for me.
I got some extra certificates also (5). It took about two weeks and various emails to and back from Apple support, but I got them in the end.
Its very important when creating your new certificate using KeyChain to immediately backup the private and public keys that are created with your name when you do the "Request a Certificate from a Certificate Authority" stage within the KeyChain app. This will enable you (hopefully anyways) to re-use your developer id certificates when you change machine.
I deleted all private and public keys in my name (again using the KeyChain app) prior to doing this step so to reduce confusion but that may not be necessary and might even be unadvisable.