Skip to content

Fix App Store auth endpoint handling#490

Open
b-nnett wants to merge 1 commit into
majd:mainfrom
b-nnett:codex/dynamic-auth-endpoint
Open

Fix App Store auth endpoint handling#490
b-nnett wants to merge 1 commit into
majd:mainfrom
b-nnett:codex/dynamic-auth-endpoint

Conversation

@b-nnett

@b-nnett b-nnett commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown

Summary

Apple moved the App Store login endpoint and changed where authenticateAccount appears in the Bag response.

This patch updates login to:

  • read authenticateAccount from both the Bag root and urlBag
  • normalize native auth URLs to /auth/v1/native/fast/
  • fall back to the native auth endpoint when Bag does not return one
  • keep response metadata when XML decoding fails
  • retry once with a native auth URL found in a non-plist response body

Notes

One detail from testing: https://auth.itunes.apple.com/auth/v1/native/fast returned an HTML redirect for me, while ...native/fast/ (with a trailing slash) reached MZAuth and completed login.

Validation

  • go generate ./...
  • go test ./...
  • built the CLI locally
  • confirmed ipatool auth login succeeds with a live Apple ID

@b-nnett b-nnett changed the title Fix dynamic App Store auth endpoint discovery Fix App Store auth endpoint handling Jun 10, 2026
@b-nnett b-nnett mentioned this pull request Jun 10, 2026
Open
@b-nnett b-nnett marked this pull request as ready for review June 10, 2026 05:04
@9021007

9021007 commented Jun 10, 2026

Copy link
Copy Markdown
image

not loving the AI, but I was able to log in, download an app, and install it.

@k1rp14 k1rp14 mentioned this pull request Jun 10, 2026
Open
@mymolasses mymolasses mentioned this pull request Jun 10, 2026
Closed
@ZomkaDEV ZomkaDEV mentioned this pull request Jun 10, 2026
Open
@efibalogh efibalogh mentioned this pull request Jun 10, 2026
Merged
efibalogh added a commit to efibalogh/ipadecrypt that referenced this pull request Jun 10, 2026
@efibalogh
fix: support dynamic App Store auth endpoint discovery
f9e021a 
Resolve issues with App Store authentication by implementing dynamic auth endpoint discovery. If the initial auth request fails due to endpoint redirects or changes, the client parses the XML plist unmarshal error for any new authentication endpoint and automatically retries the login.

Ported from the fix in ipatool (majd/ipatool#490).
@Lakr233 Lakr233 mentioned this pull request Jun 11, 2026
Merged
@sheiy

sheiy commented Jun 12, 2026

Copy link
Copy Markdown 
8:56PM DBG error="something went wrong" metadata={"Data":{"Account":{"Address":{"FirstName":"","LastName":""},"Email":""},"CustomerMessage":"","DirectoryServicesID":"","FailureType":"","PasswordToken":""},"Headers":{"Apple-Originating-System":"MZAuth","Apple-Seq":"0.0","Apple-Timing-App":"0 ms","Apple-Tk":"false","B3":"838bf55b3aa8160278a71fd306d3edcf-13e24770614e9dbb","Cache-Control":"private, no-cache, no-store, no-transform, must-revalidate, max-age=0","Content-Length":"0","Date":"Fri, 12 Jun 2026 12:56:29 GMT","Edge-Control":"no-store","G":"t","Server":"Apple","Strict-Transport-Security":"max-age=31536000; includeSubdomains","Vary":"Origin","X-Apple-Jingle-Correlation-Key":"QOF7KWZ2VALAE6FHD7JQNU7NZ4","X-Apple-Lokamai-No-Cache":"true","X-Apple-Request-Uuid":"838bf55b-3aa8-1602-78a7-1fd306d3edcf","X-B3-Spanid":"13e24770614e9dbb","X-B3-Traceid":"838bf55b3aa8160278a71fd306d3edcf","X-Content-Type-Options":"nosniff","X-Daiquiri-Debug-Worker-Pid":"125847","X-Daiquiri-Instance":"daiquiri:11787001:mr47p00it-qujn07082302:7987:26RELEASE107:daiquiri-amp-commerce-l7services-int-003-mr","X-Frame-Options":"SAMEORIGIN","X-Responding-Instance":"MZAuth:10039:::","X-Runtime":"0.000852","X-Xss-Protection":"1; mode=block"},"StatusCode":200}
8:56PM ERR error="something went wrong" success=false
```  not work

@Den1136

Den1136 commented Jun 12, 2026

Copy link
Copy Markdown 
8:56PM DBG error="something went wrong" metadata={"Data":{"Account":{"Address":{"FirstName":"","LastName":""},"Email":""},"CustomerMessage":"","DirectoryServicesID":"","FailureType":"","PasswordToken":""},"Headers":{"Apple-Originating-System":"MZAuth","Apple-Seq":"0.0","Apple-Timing-App":"0 ms","Apple-Tk":"false","B3":"838bf55b3aa8160278a71fd306d3edcf-13e24770614e9dbb","Cache-Control":"private, no-cache, no-store, no-transform, must-revalidate, max-age=0","Content-Length":"0","Date":"Fri, 12 Jun 2026 12:56:29 GMT","Edge-Control":"no-store","G":"t","Server":"Apple","Strict-Transport-Security":"max-age=31536000; includeSubdomains","Vary":"Origin","X-Apple-Jingle-Correlation-Key":"QOF7KWZ2VALAE6FHD7JQNU7NZ4","X-Apple-Lokamai-No-Cache":"true","X-Apple-Request-Uuid":"838bf55b-3aa8-1602-78a7-1fd306d3edcf","X-B3-Spanid":"13e24770614e9dbb","X-B3-Traceid":"838bf55b3aa8160278a71fd306d3edcf","X-Content-Type-Options":"nosniff","X-Daiquiri-Debug-Worker-Pid":"125847","X-Daiquiri-Instance":"daiquiri:11787001:mr47p00it-qujn07082302:7987:26RELEASE107:daiquiri-amp-commerce-l7services-int-003-mr","X-Frame-Options":"SAMEORIGIN","X-Responding-Instance":"MZAuth:10039:::","X-Runtime":"0.000852","X-Xss-Protection":"1; mode=block"},"StatusCode":200}
8:56PM ERR error="something went wrong" success=false
```  not work

Can you please give me the exe file or from wherever can i run this fixed ipatool version? The exe file in release tab is old and doesn't work

@yanashenyang yanashenyang mentioned this pull request Jun 15, 2026
Open
jowtron pushed a commit to jowtron/ipa-downloader that referenced this pull request Jun 15, 2026
@claude
Vendor patched ipatool as patch + build scripts; bundle into .app
e78351d 
Make the June 2026 auth fix reproducible and self-contained instead of a
manual local binary:

- patches/ipatool-auth-endpoint.patch: PR majd/ipatool#490 (the 26HOTFIX24
  auth-endpoint fix), pinned to upstream commit dcddce4. MIT-licensed.
- scripts/build-ipatool.sh: clone upstream @ pinned commit, apply patch,
  build, install to the App Support override dir.
- scripts/build-app.sh: build patched ipatool, wails build, then bundle the
  binary into the .app at Contents/Resources/bin so a distributed app needs
  neither Homebrew nor Go.
- findTool now also checks the bundled Resources/bin path (after the App
  Support override, before Homebrew).
- README documents the workaround and how to remove it once upstream ships.
- .gitignore: ignore the build/ipatool intermediate (no binaries in git).

Tracking: majd/ipatool#437.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@9021007 9021007 9021007 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@b-nnett @9021007 @sheiy @Den1136