eas-cli 0.48.2 → 0.51.0

package/build/credentials/ios/appstore/AppStoreApi.js

@@ -1,16 +1,39 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+const log_1 = tslib_1.__importDefault(require("../../../log"));
 const ascApiKey_1 = require("./ascApiKey");
 const authenticate_1 = require("./authenticate");
+const authenticateTypes_1 = require("./authenticateTypes");
 const distributionCertificate_1 = require("./distributionCertificate");
 const ensureAppExists_1 = require("./ensureAppExists");
 const provisioningProfile_1 = require("./provisioningProfile");
 const provisioningProfileAdhoc_1 = require("./provisioningProfileAdhoc");
 const pushKey_1 = require("./pushKey");
+const resolveCredentials_1 = require("./resolveCredentials");
 class AppStoreApi {
+    constructor() {
+        this.defaultAuthenticationMode = (0, resolveCredentials_1.hasAscEnvVars)()
+            ? authenticateTypes_1.AuthenticationMode.API_KEY
+            : authenticateTypes_1.AuthenticationMode.USER;
+    }
+    async ensureUserAuthenticatedAsync(options) {
+        if (this.authCtx && !(0, authenticate_1.isUserAuthCtx)(this.authCtx)) {
+            // already authenticated, but with the wrong type
+            log_1.default.log(`Only user authentication is supported. Reauthenticating as user...`);
+            this.authCtx = undefined;
+        }
+        const updatedAuthCtx = await this.ensureAuthenticatedAsync({
+            ...options,
+            mode: authenticateTypes_1.AuthenticationMode.USER,
+        });
+        return (0, authenticate_1.assertUserAuthCtx)(updatedAuthCtx);
+    }
     async ensureAuthenticatedAsync(options) {
+        var _a;
         if (!this.authCtx) {
-            this.authCtx = await (0, authenticate_1.authenticateAsync)(options);
+            const mode = (_a = options === null || options === void 0 ? void 0 : options.mode) !== null && _a !== void 0 ? _a : this.defaultAuthenticationMode;
+            this.authCtx = await (0, authenticate_1.authenticateAsync)({ mode, ...options });
         }
         return this.authCtx;
     }
@@ -31,16 +54,16 @@ class AppStoreApi {
         return await (0, distributionCertificate_1.revokeDistributionCertificateAsync)(ctx, ids);
     }
     async listPushKeysAsync() {
-        const ctx = await this.ensureAuthenticatedAsync();
-        return await (0, pushKey_1.listPushKeysAsync)(ctx);
+        const userCtx = await this.ensureUserAuthenticatedAsync();
+        return await (0, pushKey_1.listPushKeysAsync)(userCtx);
     }
     async createPushKeyAsync(name) {
-        const ctx = await this.ensureAuthenticatedAsync();
-        return await (0, pushKey_1.createPushKeyAsync)(ctx, name);
+        const userCtx = await this.ensureUserAuthenticatedAsync();
+        return await (0, pushKey_1.createPushKeyAsync)(userCtx, name);
     }
     async revokePushKeyAsync(ids) {
-        const ctx = await this.ensureAuthenticatedAsync();
-        return await (0, pushKey_1.revokePushKeyAsync)(ctx, ids);
+        const userCtx = await this.ensureUserAuthenticatedAsync();
+        return await (0, pushKey_1.revokePushKeyAsync)(userCtx, ids);
     }
     async useExistingProvisioningProfileAsync(bundleIdentifier, provisioningProfile, distCert) {
         const ctx = await this.ensureAuthenticatedAsync();
@@ -63,20 +86,20 @@ class AppStoreApi {
         return await (0, provisioningProfileAdhoc_1.createOrReuseAdhocProvisioningProfileAsync)(ctx, udids, bundleIdentifier, distCertSerialNumber);
     }
     async listAscApiKeysAsync() {
-        const ctx = await this.ensureAuthenticatedAsync();
-        return await (0, ascApiKey_1.listAscApiKeysAsync)(ctx);
+        const userCtx = await this.ensureUserAuthenticatedAsync();
+        return await (0, ascApiKey_1.listAscApiKeysAsync)(userCtx);
     }
     async getAscApiKeyAsync(keyId) {
-        const ctx = await this.ensureAuthenticatedAsync();
-        return await (0, ascApiKey_1.getAscApiKeyAsync)(ctx, keyId);
+        const userCtx = await this.ensureUserAuthenticatedAsync();
+        return await (0, ascApiKey_1.getAscApiKeyAsync)(userCtx, keyId);
     }
     async createAscApiKeyAsync({ nickname }) {
-        const ctx = await this.ensureAuthenticatedAsync();
-        return await (0, ascApiKey_1.createAscApiKeyAsync)(ctx, { nickname });
+        const userCtx = await this.ensureUserAuthenticatedAsync();
+        return await (0, ascApiKey_1.createAscApiKeyAsync)(userCtx, { nickname });
     }
     async revokeAscApiKeyAsync(keyId) {
-        const ctx = await this.ensureAuthenticatedAsync();
-        return await (0, ascApiKey_1.revokeAscApiKeyAsync)(ctx, keyId);
+        const userCtx = await this.ensureUserAuthenticatedAsync();
+        return await (0, ascApiKey_1.revokeAscApiKeyAsync)(userCtx, keyId);
     }
 }
 exports.default = AppStoreApi;

package/build/credentials/ios/appstore/ascApiKey.d.ts

@@ -1,9 +1,25 @@
 /// <reference types="@expo/apple-utils/ts-declarations/expo__app-store" />
 import { ApiKey, ApiKeyProps } from '@expo/apple-utils';
 import { AscApiKey, AscApiKeyInfo } from './Credentials.types';
-import { AuthCtx } from './authenticate';
-export declare function listAscApiKeysAsync(authCtx: AuthCtx): Promise<AscApiKeyInfo[]>;
-export declare function getAscApiKeyAsync(authCtx: AuthCtx, keyId: string): Promise<AscApiKeyInfo | null>;
-export declare function createAscApiKeyAsync(authCtx: AuthCtx, { nickname, allAppsVisible, roles, keyType, }: Partial<Pick<ApiKeyProps, 'nickname' | 'roles' | 'allAppsVisible' | 'keyType'>>): Promise<AscApiKey>;
-export declare function revokeAscApiKeyAsync(authCtx: AuthCtx, keyId: string): Promise<AscApiKeyInfo>;
+import { AuthCtx, UserAuthCtx } from './authenticateTypes';
+/**
+ * List App Store Connect API Keys.
+ * **Does not support App Store Connect API (CI).**
+ */
+export declare function listAscApiKeysAsync(userAuthCtx: UserAuthCtx): Promise<AscApiKeyInfo[]>;
+/**
+ * Get an App Store Connect API Key.
+ * **Does not support App Store Connect API (CI).**
+ */
+export declare function getAscApiKeyAsync(userAuthCtx: UserAuthCtx, keyId: string): Promise<AscApiKeyInfo | null>;
+/**
+ * Create an App Store Connect API Key.
+ * **Does not support App Store Connect API (CI).**
+ */
+export declare function createAscApiKeyAsync(userAuthCtx: UserAuthCtx, { nickname, allAppsVisible, roles, keyType, }: Partial<Pick<ApiKeyProps, 'nickname' | 'roles' | 'allAppsVisible' | 'keyType'>>): Promise<AscApiKey>;
+/**
+ * Revoke an App Store Connect API Key.
+ * **Does not support App Store Connect API (CI).**
+ */
+export declare function revokeAscApiKeyAsync(userAuthCtx: UserAuthCtx, keyId: string): Promise<AscApiKeyInfo>;
 export declare function getAscApiKeyInfo(apiKey: ApiKey, authCtx: AuthCtx): AscApiKeyInfo;

package/build/credentials/ios/appstore/ascApiKey.js

@@ -6,13 +6,17 @@ const apple_utils_1 = require("@expo/apple-utils");
 const log_1 = tslib_1.__importDefault(require("../../../log"));
 const ora_1 = require("../../../ora");
 const authenticate_1 = require("./authenticate");
-async function listAscApiKeysAsync(authCtx) {
+/**
+ * List App Store Connect API Keys.
+ * **Does not support App Store Connect API (CI).**
+ */
+async function listAscApiKeysAsync(userAuthCtx) {
     const spinner = (0, ora_1.ora)(`Fetching App Store Connect API Keys.`).start();
     try {
-        const context = (0, authenticate_1.getRequestContext)(authCtx);
+        const context = (0, authenticate_1.getRequestContext)(userAuthCtx);
         const keys = await apple_utils_1.ApiKey.getAsync(context);
         spinner.succeed(`Fetched App Store Connect API Keys.`);
-        return keys.map(key => getAscApiKeyInfo(key, authCtx));
+        return keys.map(key => getAscApiKeyInfo(key, userAuthCtx));
     }
     catch (error) {
         spinner.fail(`Failed to fetch App Store Connect API Keys.`);
@@ -20,14 +24,18 @@ async function listAscApiKeysAsync(authCtx) {
     }
 }
 exports.listAscApiKeysAsync = listAscApiKeysAsync;
-async function getAscApiKeyAsync(authCtx, keyId) {
+/**
+ * Get an App Store Connect API Key.
+ * **Does not support App Store Connect API (CI).**
+ */
+async function getAscApiKeyAsync(userAuthCtx, keyId) {
     var _a;
     const spinner = (0, ora_1.ora)(`Fetching App Store Connect API Key.`).start();
     try {
-        const context = (0, authenticate_1.getRequestContext)(authCtx);
+        const context = (0, authenticate_1.getRequestContext)(userAuthCtx);
         const apiKey = await apple_utils_1.ApiKey.infoAsync(context, { id: keyId });
         spinner.succeed(`Fetched App Store Connect API Key (ID: ${keyId}).`);
-        return getAscApiKeyInfo(apiKey, authCtx);
+        return getAscApiKeyInfo(apiKey, userAuthCtx);
     }
     catch (error) {
         const message = (_a = error === null || error === void 0 ? void 0 : error.message) !== null && _a !== void 0 ? _a : '';
@@ -41,10 +49,14 @@ async function getAscApiKeyAsync(authCtx, keyId) {
     }
 }
 exports.getAscApiKeyAsync = getAscApiKeyAsync;
-async function createAscApiKeyAsync(authCtx, { nickname, allAppsVisible, roles, keyType, }) {
+/**
+ * Create an App Store Connect API Key.
+ * **Does not support App Store Connect API (CI).**
+ */
+async function createAscApiKeyAsync(userAuthCtx, { nickname, allAppsVisible, roles, keyType, }) {
     const spinner = (0, ora_1.ora)(`Creating App Store Connect API Key.`).start();
     try {
-        const context = (0, authenticate_1.getRequestContext)(authCtx);
+        const context = (0, authenticate_1.getRequestContext)(userAuthCtx);
         const key = await apple_utils_1.ApiKey.createAsync(context, {
             nickname: nickname !== null && nickname !== void 0 ? nickname : `[expo] ${new Date().getTime()}`,
             allAppsVisible: allAppsVisible !== null && allAppsVisible !== void 0 ? allAppsVisible : true,
@@ -68,7 +80,7 @@ async function createAscApiKeyAsync(authCtx, { nickname, allAppsVisible, roles,
         const fullKey = await apple_utils_1.ApiKey.infoAsync(context, { id: key.id });
         spinner.succeed(`Created App Store Connect API Key.`);
         return {
-            ...getAscApiKeyInfo(fullKey, authCtx),
+            ...getAscApiKeyInfo(fullKey, userAuthCtx),
             keyP8,
         };
     }
@@ -78,14 +90,18 @@ async function createAscApiKeyAsync(authCtx, { nickname, allAppsVisible, roles,
     }
 }
 exports.createAscApiKeyAsync = createAscApiKeyAsync;
-async function revokeAscApiKeyAsync(authCtx, keyId) {
+/**
+ * Revoke an App Store Connect API Key.
+ * **Does not support App Store Connect API (CI).**
+ */
+async function revokeAscApiKeyAsync(userAuthCtx, keyId) {
     const spinner = (0, ora_1.ora)(`Revoking App Store Connect API Key.`).start();
     try {
-        const context = (0, authenticate_1.getRequestContext)(authCtx);
+        const context = (0, authenticate_1.getRequestContext)(userAuthCtx);
         const apiKey = await apple_utils_1.ApiKey.infoAsync(context, { id: keyId });
         const revokedKey = await apiKey.revokeAsync();
         spinner.succeed(`Revoked App Store Connect API Key.`);
-        return getAscApiKeyInfo(revokedKey, authCtx);
+        return getAscApiKeyInfo(revokedKey, userAuthCtx);
     }
     catch (error) {
         log_1.default.error(error);

package/build/credentials/ios/appstore/authenticate.d.ts

@@ -1,30 +1,21 @@
 /// <reference types="@expo/apple-utils/ts-declarations/expo__app-store" />
 import { RequestContext, Session } from '@expo/apple-utils';
+import { MinimalAscApiKey } from '../credentials';
+import { AppleTeamType, AuthCtx, AuthenticationMode, UserAuthCtx } from './authenticateTypes';
 export declare type Options = {
     appleId?: string;
     teamId?: string;
+    teamName?: string;
+    teamType?: AppleTeamType;
+    ascApiKey?: MinimalAscApiKey;
     /**
      * Can be used to restore the Apple auth state via apple-utils.
      */
     cookies?: Session.AuthState['cookies'];
+    /** Indicates how Apple network requests will be made. */
+    mode?: AuthenticationMode;
 };
-export declare type Team = {
-    id: string;
-    name: string;
-    inHouse?: boolean;
-};
-export declare type AuthCtx = {
-    appleId: string;
-    appleIdPassword?: string;
-    team: Team;
-    /**
-     * Defined when using Fastlane
-     */
-    fastlaneSession?: string;
-    /**
-     * Can be used to restore the Apple auth state via apple-utils.
-     */
-    authState?: Session.AuthState;
-};
+export declare function isUserAuthCtx(authCtx: AuthCtx | undefined): authCtx is UserAuthCtx;
+export declare function assertUserAuthCtx(authCtx: AuthCtx | undefined): UserAuthCtx;
 export declare function getRequestContext(authCtx: AuthCtx): RequestContext;
 export declare function authenticateAsync(options?: Options): Promise<AuthCtx>;

package/build/credentials/ios/appstore/authenticate.js

@@ -1,14 +1,26 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.authenticateAsync = exports.getRequestContext = void 0;
+exports.authenticateAsync = exports.getRequestContext = exports.assertUserAuthCtx = exports.isUserAuthCtx = void 0;
 const tslib_1 = require("tslib");
 const apple_utils_1 = require("@expo/apple-utils");
 const assert_1 = tslib_1.__importDefault(require("assert"));
 const chalk_1 = tslib_1.__importDefault(require("chalk"));
 const log_1 = tslib_1.__importDefault(require("../../../log"));
 const prompts_1 = require("../../../prompts");
+const authenticateTypes_1 = require("./authenticateTypes");
 const resolveCredentials_1 = require("./resolveCredentials");
 const APPLE_IN_HOUSE_TEAM_TYPE = 'in-house';
+function isUserAuthCtx(authCtx) {
+    return !!authCtx && typeof authCtx.appleId === 'string';
+}
+exports.isUserAuthCtx = isUserAuthCtx;
+function assertUserAuthCtx(authCtx) {
+    if (isUserAuthCtx(authCtx)) {
+        return authCtx;
+    }
+    throw new Error('Expected user authentication context (login/password).');
+}
+exports.assertUserAuthCtx = assertUserAuthCtx;
 function getRequestContext(authCtx) {
     var _a;
     (0, assert_1.default)((_a = authCtx.authState) === null || _a === void 0 ? void 0 : _a.context, 'Apple request context must be defined');
@@ -26,7 +38,7 @@ async function loginAsync(userCredentials = {}, options) {
         }
     }
     // Resolve the user credentials, optimizing for password-less login.
-    const { username, password } = await (0, resolveCredentials_1.resolveCredentialsAsync)(userCredentials);
+    const { username, password } = await (0, resolveCredentials_1.resolveUserCredentialsAsync)(userCredentials);
     (0, assert_1.default)(username);
     // Clear data
     apple_utils_1.Auth.resetInMemoryData();
@@ -82,6 +94,35 @@ async function loginWithUserCredentialsAsync({ username, password, teamId, provi
     return newSession;
 }
 async function authenticateAsync(options = {}) {
+    if (options.mode === authenticateTypes_1.AuthenticationMode.API_KEY) {
+        return await authenticateWithApiKeyAsync(options);
+    }
+    else {
+        return await authenticateAsUserAsync(options);
+    }
+}
+exports.authenticateAsync = authenticateAsync;
+async function authenticateWithApiKeyAsync(options = {}) {
+    // Resolve the user credentials, optimizing for password-less login.
+    const ascApiKey = await (0, resolveCredentials_1.resolveAscApiKeyAsync)(options.ascApiKey);
+    const team = await (0, resolveCredentials_1.resolveAppleTeamAsync)(options);
+    const jwtDurationSeconds = 1200; // 20 minutes
+    return {
+        team,
+        authState: {
+            context: {
+                token: new apple_utils_1.Token({
+                    key: ascApiKey.keyP8,
+                    issuerId: ascApiKey.issuerId,
+                    keyId: ascApiKey.keyId,
+                    duration: jwtDurationSeconds,
+                }),
+            },
+        },
+        ascApiKey,
+    };
+}
+async function authenticateAsUserAsync(options = {}) {
     // help keep apple login visually apart from the other operations.
     log_1.default.addNewLineIfNone();
     try {
@@ -119,7 +160,6 @@ async function authenticateAsync(options = {}) {
         throw error;
     }
 }
-exports.authenticateAsync = authenticateAsync;
 function formatTeam({ teamId, name, type }) {
     return {
         id: teamId,

package/build/credentials/ios/appstore/authenticateTypes.d.ts

@@ -0,0 +1,42 @@
+/// <reference types="@expo/apple-utils/ts-declarations/expo__app-store" />
+import { Session } from '@expo/apple-utils';
+import { MinimalAscApiKey } from '../credentials';
+export declare enum AuthenticationMode {
+    /** App Store API requests will be made using the official API via an API key, used for CI environments where 2FA cannot be performed. */
+    API_KEY = 0,
+    /** Uses cookies based authentication and the unofficial App Store web API, this provides more functionality than the official API but cannot be reliably used in CI because it requires 2FA. */
+    USER = 1
+}
+export declare enum AppleTeamType {
+    IN_HOUSE = "IN_HOUSE",
+    COMPANY_OR_ORGANIZATION = "COMPANY_OR_ORGANIZATION",
+    INDIVIDUAL = "INDIVIDUAL"
+}
+export declare type Team = {
+    id: string;
+    /** Name of the development team, this is undefined when ASC API keys are used instead of cookies for authentication. */
+    name?: string;
+    inHouse?: boolean;
+};
+export declare type UserAuthCtx = {
+    appleId: string;
+    appleIdPassword?: string;
+    team: Team;
+    /**
+     * Defined when using Fastlane
+     */
+    fastlaneSession?: string;
+    /**
+     * Can be used to restore the Apple auth state via apple-utils.
+     */
+    authState?: Session.AuthState;
+};
+export declare type ApiKeyAuthCtx = {
+    ascApiKey: MinimalAscApiKey;
+    team: Team;
+    /**
+     * Can be used to restore the Apple auth state via apple-utils.
+     */
+    authState?: Partial<Session.AuthState>;
+};
+export declare type AuthCtx = UserAuthCtx | ApiKeyAuthCtx;

package/build/credentials/ios/appstore/authenticateTypes.js

@@ -0,0 +1,16 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AppleTeamType = exports.AuthenticationMode = void 0;
+var AuthenticationMode;
+(function (AuthenticationMode) {
+    /** App Store API requests will be made using the official API via an API key, used for CI environments where 2FA cannot be performed. */
+    AuthenticationMode[AuthenticationMode["API_KEY"] = 0] = "API_KEY";
+    /** Uses cookies based authentication and the unofficial App Store web API, this provides more functionality than the official API but cannot be reliably used in CI because it requires 2FA. */
+    AuthenticationMode[AuthenticationMode["USER"] = 1] = "USER";
+})(AuthenticationMode = exports.AuthenticationMode || (exports.AuthenticationMode = {}));
+var AppleTeamType;
+(function (AppleTeamType) {
+    AppleTeamType["IN_HOUSE"] = "IN_HOUSE";
+    AppleTeamType["COMPANY_OR_ORGANIZATION"] = "COMPANY_OR_ORGANIZATION";
+    AppleTeamType["INDIVIDUAL"] = "INDIVIDUAL";
+})(AppleTeamType = exports.AppleTeamType || (exports.AppleTeamType = {}));

package/build/credentials/ios/appstore/capabilityIdentifiers.d.ts

@@ -6,6 +6,8 @@ import { JSONObject } from '@expo/json-file';
  * If a capability identifier is missing, then attempt to create it.
  * Link all of the capability identifiers at the same time after parsing the entitlements file.
  *
+ * **Does not support App Store Connect API (CI).**
+ *
  * @param bundleId Bundle identifier object.
  * @param entitlements JSON representation of the iOS entitlements plist
  *

package/build/credentials/ios/appstore/capabilityIdentifiers.js

@@ -4,12 +4,15 @@ exports.syncCapabilityIdentifiersForEntitlementsAsync = void 0;
 const tslib_1 = require("tslib");
 const apple_utils_1 = require("@expo/apple-utils");
 const log_1 = tslib_1.__importDefault(require("../../../log"));
+const authType_1 = require("../utils/authType");
 const bundleIdCapabilities_1 = require("./bundleIdCapabilities");
 /**
  * Sync the capability identifiers with the bundle identifier capabilities.
  * If a capability identifier is missing, then attempt to create it.
  * Link all of the capability identifiers at the same time after parsing the entitlements file.
  *
+ * **Does not support App Store Connect API (CI).**
+ *
  * @param bundleId Bundle identifier object.
  * @param entitlements JSON representation of the iOS entitlements plist
  *
@@ -19,6 +22,12 @@ async function syncCapabilityIdentifiersForEntitlementsAsync(bundleId, entitleme
     if (bundleIdCapabilities_1.EXPO_NO_CAPABILITY_SYNC) {
         return { created: [], linked: [] };
     }
+    // App Store Connect token authentication is not currently supported,
+    // the team ID is required to create capability identifiers.
+    if ((0, authType_1.isAppStoreConnectTokenOnlyContext)(bundleId.context)) {
+        log_1.default.warn(`Skipping capability identifier syncing because the current Apple authentication session is not using Cookies (username/password).`);
+        return { created: [], linked: [] };
+    }
     const createdIds = [];
     const linkedIds = [];
     const CapabilityIdMapping = bundleIdCapabilities_1.CapabilityMapping.filter(capability => capability.capabilityIdModel);

package/build/credentials/ios/appstore/contractMessages.d.ts

@@ -2,4 +2,7 @@
 import { ITCAgreements, RequestContext } from '@expo/apple-utils';
 import type { Ora } from '../../../ora';
 export declare function formatContractMessage(message: ITCAgreements.ITCContractMessage): string;
+/**
+ * **Does not support App Store Connect API (CI).**
+ */
 export declare function assertContractMessagesAsync(context: RequestContext, spinner?: Ora): Promise<void>;

package/build/credentials/ios/appstore/contractMessages.js

@@ -6,6 +6,9 @@ const apple_utils_1 = require("@expo/apple-utils");
 const chalk_1 = tslib_1.__importDefault(require("chalk"));
 const log_1 = tslib_1.__importDefault(require("../../../log"));
 const convertHTMLToASCII_1 = require("../utils/convertHTMLToASCII");
+/**
+ * **Does not support App Store Connect API (CI).**
+ */
 async function getContractStatusAsync(context) {
     var _a;
     try {
@@ -17,6 +20,9 @@ async function getContractStatusAsync(context) {
         return null;
     }
 }
+/**
+ * **Does not support App Store Connect API (CI).**
+ */
 async function getContractMessagesAsync(context) {
     try {
         return await apple_utils_1.ITCAgreements.getContractMessagesAsync(context);
@@ -26,6 +32,9 @@ async function getContractMessagesAsync(context) {
         return null;
     }
 }
+/**
+ * **Does not support App Store Connect API (CI).**
+ */
 async function getRequiredContractMessagesAsync(context) {
     var _a, _b;
     // This emulates the check that's performed on the ASC website's "apps"
@@ -65,6 +74,9 @@ function formatContractMessage(message) {
     });
 }
 exports.formatContractMessage = formatContractMessage;
+/**
+ * **Does not support App Store Connect API (CI).**
+ */
 async function assertContractMessagesAsync(context, spinner) {
     const { messages, isFatal } = await getRequiredContractMessagesAsync(context);
     if (Array.isArray(messages) && messages.length) {

package/build/credentials/ios/appstore/distributionCertificate.d.ts

@@ -1,7 +1,7 @@
 /// <reference types="@expo/apple-utils/ts-declarations/expo__app-store" />
 import { Certificate, RequestContext } from '@expo/apple-utils';
 import { DistributionCertificate, DistributionCertificateStoreInfo } from './Credentials.types';
-import { AuthCtx } from './authenticate';
+import { AuthCtx } from './authenticateTypes';
 export declare class AppleTooManyCertsError extends Error {
 }
 export declare function getCertificateBySerialNumberAsync(context: RequestContext, serialNumber: string): Promise<Certificate>;

package/build/credentials/ios/appstore/ensureAppExists.d.ts

@@ -1,7 +1,7 @@
 /// <reference types="@expo/apple-utils/ts-declarations/expo__app-store" />
 import { App, BundleId } from '@expo/apple-utils';
 import { JSONObject } from '@expo/json-file';
-import { AuthCtx } from './authenticate';
+import { AuthCtx, UserAuthCtx } from './authenticateTypes';
 export interface IosCapabilitiesOptions {
     entitlements: JSONObject;
 }
@@ -17,7 +17,7 @@ export declare function ensureBundleIdExistsWithNameAsync(authCtx: AuthCtx, { na
 }, options?: IosCapabilitiesOptions): Promise<void>;
 export declare function syncCapabilitiesAsync(bundleId: BundleId, { entitlements }: IosCapabilitiesOptions): Promise<void>;
 export declare function syncCapabilityIdentifiersAsync(bundleId: BundleId, { entitlements }: IosCapabilitiesOptions): Promise<void>;
-export declare function ensureAppExistsAsync(authCtx: AuthCtx, { name, language, companyName, bundleIdentifier, sku, }: {
+export declare function ensureAppExistsAsync(userAuthCtx: UserAuthCtx, { name, language, companyName, bundleIdentifier, sku, }: {
     name: string;
     language?: string;
     companyName?: string;

package/build/credentials/ios/appstore/ensureAppExists.js

@@ -44,7 +44,12 @@ async function ensureBundleIdExistsWithNameAsync(authCtx, { name, bundleIdentifi
             if (err.message.match(/forbidden for security reasons/) ||
                 // Unable to process request - PLA Update available - You currently don't have access to this membership resource. To resolve this issue, agree to the latest Program License Agreement in your developer account.
                 err.message.match(/agree/)) {
-                await (0, contractMessages_1.assertContractMessagesAsync)(context);
+                if ((0, authenticate_1.isUserAuthCtx)(authCtx)) {
+                    await (0, contractMessages_1.assertContractMessagesAsync)(context);
+                }
+                else {
+                    log_1.default.warn(`You currently don't have access to this membership resource. To resolve this issue, agree to the latest Program License Agreement in your developer account.`);
+                }
             }
         }
         throw err;
@@ -95,9 +100,9 @@ async function syncCapabilityIdentifiersAsync(bundleId, { entitlements }) {
     }
 }
 exports.syncCapabilityIdentifiersAsync = syncCapabilityIdentifiersAsync;
-async function ensureAppExistsAsync(authCtx, { name, language, companyName, bundleIdentifier, sku, }) {
+async function ensureAppExistsAsync(userAuthCtx, { name, language, companyName, bundleIdentifier, sku, }) {
     var _a;
-    const context = (0, authenticate_1.getRequestContext)(authCtx);
+    const context = (0, authenticate_1.getRequestContext)(userAuthCtx);
     const spinner = (0, ora_1.ora)(`Linking to App Store Connect ${chalk_1.default.dim(bundleIdentifier)}`).start();
     let app = await apple_utils_1.App.findAsync(context, { bundleId: bundleIdentifier });
     if (!app) {
@@ -105,6 +110,9 @@ async function ensureAppExistsAsync(authCtx, { name, language, companyName, bund
         try {
             // Assert contract errors when the user needs to create an app.
             await (0, contractMessages_1.assertContractMessagesAsync)(context, spinner);
+            /**
+             * **Does not support App Store Connect API (CI).**
+             */
             app = await apple_utils_1.App.createAsync(context, {
                 bundleId: bundleIdentifier,
                 name,
@@ -115,8 +123,7 @@ async function ensureAppExistsAsync(authCtx, { name, language, companyName, bund
         }
         catch (error) {
             if (error.message.match(/An App ID with Identifier '(.*)' is not available/)) {
-                const providerName = (_a = authCtx.authState) === null || _a === void 0 ? void 0 : _a.session.provider.name;
-                throw new Error(`\nThe bundle identifier "${bundleIdentifier}" is not available to provider "${providerName}". Please change it in your app config and try again.\n`);
+                throw new Error(`\nThe bundle identifier "${bundleIdentifier}" is not available to provider "${(_a = userAuthCtx.authState) === null || _a === void 0 ? void 0 : _a.session.provider.name}. Please change it in your app config and try again.\n`);
             }
             spinner.fail(`Failed to create App Store app ${chalk_1.default.dim(name)}`);
             error.message +=

package/build/credentials/ios/appstore/provisioningProfile.d.ts

@@ -1,5 +1,5 @@
 import { DistributionCertificate, ProvisioningProfile, ProvisioningProfileStoreInfo } from './Credentials.types';
-import { AuthCtx } from './authenticate';
+import { AuthCtx } from './authenticateTypes';
 export declare enum ProfileClass {
     Adhoc = "ad_hoc",
     General = "general"

package/build/credentials/ios/appstore/provisioningProfile.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.revokeProvisioningProfileAsync = exports.createProvisioningProfileAsync = exports.listProvisioningProfilesAsync = exports.useExistingProvisioningProfileAsync = exports.ProfileClass = void 0;
 const apple_utils_1 = require("@expo/apple-utils");
 const ora_1 = require("../../../ora");
+const authType_1 = require("../utils/authType");
 const p12Certificate_1 = require("../utils/p12Certificate");
 const authenticate_1 = require("./authenticate");
 const bundleId_1 = require("./bundleId");
@@ -47,6 +48,11 @@ async function addCertificateToProfileAsync(context, { serialNumber, profileId,
     }
     // Assign the new certificate
     profile.attributes.certificates = [cert];
+    // Experimentally regenerate the provisioning profile using App Store Connect API.
+    if ((0, authType_1.isAppStoreConnectTokenOnlyContext)(profile.context)) {
+        return await profile.regenerateManuallyAsync();
+    }
+    // This method does not support App Store Connect API.
     return await profile.regenerateAsync();
 }
 async function useExistingProvisioningProfileAsync(authCtx, bundleIdentifier, provisioningProfile, distCert) {

package/build/credentials/ios/appstore/provisioningProfileAdhoc.d.ts

@@ -1,3 +1,3 @@
 import { ProvisioningProfile } from './Credentials.types';
-import { AuthCtx } from './authenticate';
+import { AuthCtx } from './authenticateTypes';
 export declare function createOrReuseAdhocProvisioningProfileAsync(authCtx: AuthCtx, udids: string[], bundleIdentifier: string, distCertSerialNumber: string): Promise<ProvisioningProfile>;

package/build/credentials/ios/appstore/provisioningProfileAdhoc.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createOrReuseAdhocProvisioningProfileAsync = void 0;
 const apple_utils_1 = require("@expo/apple-utils");
 const ora_1 = require("../../../ora");
+const authType_1 = require("../utils/authType");
 const authenticate_1 = require("./authenticate");
 const bundleId_1 = require("./bundleId");
 const distributionCertificate_1 = require("./distributionCertificate");
@@ -56,7 +57,14 @@ async function findProfileByBundleIdAsync(context, bundleId, certSerialNumber) {
         }
         const profile = expoProfiles.sort(sortByExpiration)[expoProfiles.length - 1];
         profile.attributes.certificates = [distributionCertificate];
-        return { profile: await profile.regenerateAsync(), didUpdate: true };
+        return {
+            profile: (0, authType_1.isAppStoreConnectTokenOnlyContext)(profile.context)
+                ? // Experimentally regenerate the provisioning profile using App Store Connect API.
+                    await profile.regenerateManuallyAsync()
+                : // This method does not support App Store Connect API.
+                    await profile.regenerateAsync(),
+            didUpdate: true,
+        };
     }
     // there is no valid provisioning profile available
     return { profile: null, didUpdate: false };
@@ -110,7 +118,14 @@ async function manageAdHocProfilesAsync(context, { udids, bundleId, certSerialNu
         }
         // We need to add new devices to the list and create a new provisioning profile.
         existingProfile.attributes.devices = devices;
-        await existingProfile.regenerateAsync();
+        if ((0, authType_1.isAppStoreConnectTokenOnlyContext)(existingProfile.context)) {
+            // Experimentally regenerate the provisioning profile using App Store Connect API.
+            await existingProfile.regenerateManuallyAsync();
+        }
+        else {
+            // This method does not support App Store Connect API.
+            await existingProfile.regenerateAsync();
+        }
         const updatedProfile = (await findProfileByBundleIdAsync(context, bundleId, certSerialNumber))
             .profile;
         if (!updatedProfile) {