[PR #758] [MERGED] feat(web): detach experimental Apple web-session auth and app creation #771

New issue

Closed

opened 2026-02-26 22:32:29 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 22:32:29 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/758
Author: @JoshuaRileyDev
Created: 2/24/2026
Status: ✅ Merged
Merged: 2/25/2026
Merged by: @rudrankriyam

Base: main ← Head: srp-auth

---

📝 Commits (5)

• 000908e feat: add SRP authentication for app creation via IRIS API
• 839d1f5 ci(lint): use golangci-lint v1 config format
• 5eaaa84 add detached experimental web session command group
• 1aad2d5 docs: sync command reference after web command updates
• e101f6b Merge origin/main into srp-auth

📊 Changes

14 files changed (+2352 additions, -28 deletions)

View changed files

📝 .golangci.yml (+23 -5)
📝 docs/COMMANDS.md (+2 -2)
📝 go.mod (+8 -5)
📝 go.sum (+44 -6)
📝 internal/asc/client_apps.go (+56 -0)
📝 internal/asc/notary.go (+1 -1)
📝 internal/cli/apps/apps.go (+340 -0)
📝 internal/cli/cmdtest/validate_testflight_test.go (+6 -6)
📝 internal/cli/cmdtest/web_commands_test.go (+3 -3)
➕ internal/iris/apps.go (+274 -0)
➕ internal/iris/auth.go (+981 -0)
➕ internal/iris/auth_test.go (+186 -0)
➕ internal/iris/errors.go (+45 -0)
➕ internal/iris/session_cache.go (+383 -0)

📄 Description

Summary

• Move unofficial Apple web-session app creation out of the official asc apps flow into a detached asc web command family (web auth, web apps create).
• Mark the flow as experimental / unofficial / discouraged in command help and docs.
• Implement SRP + 2FA login and the internal web-session client in internal/web (Apple endpoint remains /iris/v1).
• Add web-session caching (keychain/file backends), resume/status/logout behavior, secure password input (--password-stdin / ASC_WEB_PASSWORD), and duplicate-name auto-retry.
• Add/adjust tests for command registration, auth behavior, and web app-create validation, and sync generated command docs.
• Keep CI lint configuration compatible with the current runner.

Why

App creation is not available in the official public App Store Connect API. This PR keeps the unofficial path available for advanced workflows while isolating it from official API-key commands so users do not accidentally depend on unstable internals.

Usage

# Check cached session
asc web auth status

# Login (detached experimental flow)
asc web auth login --apple-id "user@example.com" --password-stdin

# Create app via internal web API
asc web apps create \
  --name "My App" \
  --bundle-id "com.example.app" \
  --sku "MYAPP123" \
  --apple-id "user@example.com" \
  --password-stdin

Test plan

• make format
• make lint
• ASC_BYPASS_KEYCHAIN=1 make test
• ASC_BYPASS_KEYCHAIN=1 go test ./internal/web ./internal/cli/web ./internal/cli/cmdtest -run Web
• make check-command-docs

Notes

• This remains an unofficial integration and can break without notice if Apple changes internal behavior.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/rudrankriyam/App-Store-Connect-CLI/pull/758 **Author:** [@JoshuaRileyDev](https://github.com/JoshuaRileyDev) **Created:** 2/24/2026 **Status:** ✅ Merged **Merged:** 2/25/2026 **Merged by:** [@rudrankriyam](https://github.com/rudrankriyam) **Base:** `main` ← **Head:** `srp-auth` --- ### 📝 Commits (5) - [`000908e`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/000908ef9dcc61f1d4c09f17a9f01d93d37af53c) feat: add SRP authentication for app creation via IRIS API - [`839d1f5`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/839d1f5c7158383984cfb70a2dc302d08c23303d) ci(lint): use golangci-lint v1 config format - [`5eaaa84`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/5eaaa84ab35786a3297a906ffe0a1c677e490713) add detached experimental web session command group - [`1aad2d5`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/1aad2d586ff579cdfb775c1cd7a03c1d0bd6eb0b) docs: sync command reference after web command updates - [`e101f6b`](https://github.com/rudrankriyam/App-Store-Connect-CLI/commit/e101f6b56199da6fd249ba490572aa5fd67e45d1) Merge origin/main into srp-auth ### 📊 Changes **14 files changed** (+2352 additions, -28 deletions) <details> <summary>View changed files</summary> 📝 `.golangci.yml` (+23 -5) 📝 `docs/COMMANDS.md` (+2 -2) 📝 `go.mod` (+8 -5) 📝 `go.sum` (+44 -6) 📝 `internal/asc/client_apps.go` (+56 -0) 📝 `internal/asc/notary.go` (+1 -1) 📝 `internal/cli/apps/apps.go` (+340 -0) 📝 `internal/cli/cmdtest/validate_testflight_test.go` (+6 -6) 📝 `internal/cli/cmdtest/web_commands_test.go` (+3 -3) ➕ `internal/iris/apps.go` (+274 -0) ➕ `internal/iris/auth.go` (+981 -0) ➕ `internal/iris/auth_test.go` (+186 -0) ➕ `internal/iris/errors.go` (+45 -0) ➕ `internal/iris/session_cache.go` (+383 -0) </details> ### 📄 Description ## Summary - Move unofficial Apple web-session app creation out of the official `asc apps` flow into a detached `asc web` command family (`web auth`, `web apps create`). - Mark the flow as **experimental / unofficial / discouraged** in command help and docs. - Implement SRP + 2FA login and the internal web-session client in `internal/web` (Apple endpoint remains `/iris/v1`). - Add web-session caching (keychain/file backends), resume/status/logout behavior, secure password input (`--password-stdin` / `ASC_WEB_PASSWORD`), and duplicate-name auto-retry. - Add/adjust tests for command registration, auth behavior, and web app-create validation, and sync generated command docs. - Keep CI lint configuration compatible with the current runner. ## Why App creation is not available in the official public App Store Connect API. This PR keeps the unofficial path available for advanced workflows while isolating it from official API-key commands so users do not accidentally depend on unstable internals. ## Usage ```bash # Check cached session asc web auth status # Login (detached experimental flow) asc web auth login --apple-id "user@example.com" --password-stdin # Create app via internal web API asc web apps create \ --name "My App" \ --bundle-id "com.example.app" \ --sku "MYAPP123" \ --apple-id "user@example.com" \ --password-stdin ``` ## Test plan - [x] `make format` - [x] `make lint` - [x] `ASC_BYPASS_KEYCHAIN=1 make test` - [x] `ASC_BYPASS_KEYCHAIN=1 go test ./internal/web ./internal/cli/web ./internal/cli/cmdtest -run Web` - [x] `make check-command-docs` ## Notes - This remains an **unofficial** integration and can break without notice if Apple changes internal behavior. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 22:32:29 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-02-26 22:32:30 +03:00

[PR #772] [MERGED] fix: increase upload timeout default and improve timeout hints #775

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.1

1.1.0

1.0.1

1.0.0

0.49.1

0.49.0

0.48.1

0.48.0

0.47.1

0.47.0

0.46.2

0.46.1

0.46.0

0.45.4

0.45.3

0.45.2

0.45.1

0.45.0

0.44.2

0.44.1

0.44.0

0.43.0

0.42.0

0.41.4

0.41.3

0.41.2

0.41.1

0.41.0

0.40.1

0.40.0

0.39.1

0.39.0

0.38.3

0.38.2

0.38.1

0.38.0

0.37.3

0.37.2

0.37.1

0.37.0

0.36.3

0.36.2

0.36.1

0.36.0

0.35.3

0.35.2

0.35.1

0.35.0

0.34.1

0.34.0

0.33.2

0.33.1

0.33.0

0.32.0

0.31.3

0.31.2

0.31.1

0.31.0

0.30.0

0.29.3

0.29.2

0.29.1

0.29.0

0.28.14

0.28.13

0.28.12

0.28.11

0.28.10

0.28.9

0.28.8

0.28.7

0.28.6

0.28.5

0.28.4

0.28.3

0.28.2

0.28.1

0.28.0

0.27.0

0.26.4

0.26.3

0.26.2

0.26.1

0.26.0

0.25.4

0.25.3

0.25.1

0.25.0

0.24.3

0.24.2

0.24.1

0.24.0

0.23.5

0.23.4

0.23.3

0.23.2

0.23.1

0.23.0

0.22.1

0.22.0

0.21.0

0.20.2

0.20.1

0.20.0

0.19.3

0.19.2

0.19.1

0.19.0

0.18.2

0.18.1

0.18.0

0.17.0

0.16.0

0.15.0

0.14.0

0.13.0

0.12.4

0.12.3

0.12.2

0.12.1

0.12.0

0.11.0

0.10.2

0.10.1

0.10.0

0.9.0

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.3.1

0.3.0

0.2.0

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Labels

Clear labels   

bug

  

bug

  

documentation

  

enhancement

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

bug

documentation

enhancement

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/App-Store-Connect-CLI#771

No description provided.