Improve Apple 2FA login by checking for actual phoneNumber id

[FDHoho007]

I tried to setup macless haystack myself but ran into an issue loggin in with my apple id. I have changed my trusted phone number once and therefore my current number has id 2 not 1. The code currently expects the phoneNumber id to be 1. I then build a check, according to the comments surrounding this code, which reads the phoneNumber id from the boot_args json object sent from https://gsa.apple.com/auth.

But then I noticed I got two sms every time I logged in. So it seems calling GET on https://gsa.apple.com/auth already sends an sms to the trusted phoneNumber. Can someone please verify this? In that case calling GET on https://gsa.apple.com/auth would be sufficient and reading the phone id and calling https://gsa.apple.com/auth/verify/phone/ would not be necessary. If this is not the case, I would uncommet the put request.

[zerog2k]

@FDHoho007 curious how this is functional without making the put request here? (I.e. is this intentionally commented out?)

[zerog2k]

Ok I see your comment about getting 2 requests. I got only one request when leaving this uncommented.
Otherwise, I don't see how else you would send the body you constructed with the correct 2fa phoneNumber id without this call.

[FDHoho007]

Yeah thats the funny thing. It seems calling https://gsa.apple.com/auth to get the phoneNumber id is already sufficient to request a 2FA code to your primary trusted device.
So in my case calling https://gsa.apple.com/auth replaced the need for https://gsa.apple.com/auth/verify/phone/. But as mentioned above I'm not certain, that this applies to all users and situations. Thats why explicitly left the code in there.
I'm currently waiting for some kind of suggestions or guidance which approach to choose here, since I am not at all familiar with the Apple APIs and just started using this project.

[KYLE-HILL]

I am running into the same issue. Really appreciate you working on a PR to resolve this!