Newly introduced iTunes Connect login rate limit on idmsa.apple.com counts successful attempts
Originator: | KrauseFx | ||
Number: | rdar://35884832 | Date Originated: | December 6 2017 |
Status: | Open | Resolved: | Nope |
Product: | iTunes Connect | Product Version: | |
Classification: | Serious Bug | Reproducible: | Always |
Apple ID of the User: felix@sunapps.net Summary: A few weeks ago, the iTunes Connect login API endpoints on https://idmsa.apple.com/appleauth/auth/signin added a new rate limit. This is great, however it also counts successful attempts, resulting in issues if you login multiple times within a minute for one account on one IP address. This causes issues for larger companies that have a single IP address, and a shared Apple ID. The error message when running into the rate limit is also not clear, as it doesn't indicate the actual error reason Steps to Reproduce: - Login on iTunes Connect multiple times within a short amount of time using the same Apple ID and IP address Expected Results: - Since the login attempts are done with valid username + passwords, you shouldn't be locked out of your account, even if you login many times within a short amount of time Actual Results: - Your account gets locked, and only gets unlocked after a given time, or by logging in from a separate IP address Version/Build: Configuration:
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!