spaceship/docs/Authentication.md
As spaceship talks to Apple's APIs, most requests need to be authenticated with your Apple ID that you use to log in to https://developer.apple.com/. You start the login with a simple call to Spaceship.login.
The Spaceship.login method accepts username and password as parameters or will ask for them interactively if not provided. It will also try to retrieve them via CredentialsManager, which supports environment variables FASTLANE_USER and FASTLANE_PASSWORD .
Login with API tokens is not supported yet as API access is not generally available. Spaceship::Tunes and Spaceship::TestFlight are also still using only older APIs that do not need API tokens for authentication yet.
If your developer Apple ID has Two-factor Authentication enabled spaceship will also ask you for the security code that was pushed to your devices after successfully entering username and password.
If you cannot access any of your trusted devices, or just prefer it, you can also switch to the SMS based flow by entering sms at this prompt. spaceship will then present you with a selection of your trusted phone numbers, and after choosing you can enter the security code you were sent by SMS.
spaceship also supports legacy Two-step verification that is still active for some Apple IDs.
If you want to avoid dealing with the required interaction of using a Two-factor Authentication enabled account (for example because you want to use spaceship on an automated or CI system that does not support interaction), you have to create an additional account with the required rights.
Note that Apple does not always allow in all situations. For example for individual accounts (vs. company accounts), it is not possible to create team member accounts for the Developer Portal (where you create app IDs, certificates etc).
SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBERIf you always want your security sent via SMS to a specific trusted phone number you can set the SPACESHIP_2FA_SMS_DEFAULT_PHONE_NUMBER environment variable to that phone number. The phone number should be specified in the same format as it is displayed in your Apple ID console under TRUSTED PHONE NUMBERS, e.g. +49 123 4567890, +1-555-123-4567 or similar. Do not leave off the country code or add or remove any numbers, otherwise fastlane will not be able to match the masked value from Apple's API and select the correct number.
The --check_session flag can be passed if you wish to check if the locally stored session for a user is still valid. This is useful for local testing and CI workflows.