Spaceship::UnauthorizedAccessError: Unauthorized Access thrown 8 hours after deployment
abardallis opened this issue · 3 comments
The issue:
We've deployed boarding to a Docker container hosted on our internal application platform and we are able to successfully add new Beta Testers after deployment.
However, after about 8 hours, users trying to sign up start to see the following error in the UI:
Something went wrong, please contact the application owner: Unauthorized Access
I checked the application logs after a failed sign up attempt and I see the following:
April 6th 2020, 09:59:14.101 | #<Spaceship::UnauthorizedAccessError: Unauthorized Access>
April 6th 2020, 09:59:14.101 | /usr/local/bundle/ruby/2.6.0/gems/fastlane-2.126.0/spaceship/lib/spaceship/client.rb:844:in `send_request'
April 6th 2020, 09:59:14.101 | /boarding/app/services/boarding_service.rb:57:in `block in add_tester'
April 6th 2020, 09:59:14.101 | Could not add (email address) to app: (our app name)
What I'd like to be able to do:
Deploy boarding in a way that doesn't require frequent maintenance to resolve these issues.
What I've tried:
- I've seen some chatter of 2FA being enabled having some impact on this, however, the ITC_USER specified is an App Manager role that does not have 2FA enabled so I don't believe this is related.
- I've also tried passing in a valid FASTLANE_SESSION (generated via command line) by setting
export FASTLANE_SESSION=(the fastlane session)prior tobundle exec puma -C config/puma.rbbeing executed by our app platform. In doing so, I seeSession loaded from environment variable is not valid. Continuing with normal login.in the application logs – Googling this leads me right back to the 2FA conversations.
I've also looked through the docs and seemingly related GitHub issues, however, I haven't been able to find anything conclusive.
Thanks in advance for your help in resolving this.
@abardallis did you ever find a solution to this?
@rodgutierrez not by using boarding unfortunately. Ended up just building out a sign up form and calling the App Store Connect API directly. This way the JWT token can be refreshed if needed prior to sending the POST to the /betaTesters endpoint.
thank you @abardallis, this is helpful!