I’m attempting to sign an unlisted extension with web-ext, through an account created today.
Here is the incantation:
web-ext sign -s “/path/to/extension” -a /path/to/dist/dir --channel unlisted --api-key=<KEY> --api-secret=<SECRET>
The KEY and SECRET are the values set up in my Mozilla developer account, -s is pointing at the sources, and -a is pointing at an empty, writeable directory.
The response is:
WebExtError: Submission failed (2): Forbidden
{
"detail": "You do not have permission to perform this action.",
"is_disabled_by_developer": false,
"is_disabled_by_mozilla": false
}
What might I be missing?
Possible resoluition: I think the snag may be in the unique ID of the extension, jurism@juris-m.github.io. This is a running project from which I was absent for over one year for personal reasons. The developer account through which I had signed the extension now demands 2FA authentication, which I had not enabled. I’m unable to access the account, Mozilla can’t help, and I’ve created this new account to resume work. There is a process for scrubbing the old account, which I haven’t yet completed, and that inaccessible account may be the extension owner in Mozilla’s records. If I’m still unable to sign after blasting the old account, I’ll post again. “Thank you for your attention to this matter.” etc.
Based on the additional info you shared in your possible resolution edit, I suspect that the error you’re seeing is a result of not having accepted the latest Add-ons Policies. To do this, you’d normally visit the Developer Hub to view and accept the latest terms.
For clarity, are you saying that AMO will not allow you to log in because you have not set up 2FA or that it’s asking for a 2FA authentication code that you cannot provide? If it’s the former, you can add 2FA to your Mozilla Account by visiting accounts.firefox.com. Unfortunately, I’m afraid the ladder is a dead end because without the authentication code we can’t be sure that whoever is trying to gain control of the account is actually the account owner.
I accepted the terms and conditions in the new account I have created. I can’t do so in the inaccessible account that currently owns the extension’s ID.
I’m unable to log in to the inaccessible account because, as I wrote, it is demanding 2FA, and the login process doesn’t contact my phone when 2FA is triggered, so I’m unable to proceed. I have no memory of having set up 2FA in the account, and don’t have recovery codes. Mozilla Support explained that, as you indicate, there is no way to restore access to the account. Mozilla Support did say that deleting the account is an option, and I have begun that procedure.
In my new account, 2FA is enabled, and I have generated API keys that I am usjng with web-ext. The terms and conditions have been accepted, so I’m assuming that the association of the extension ID with the inaccessible account is blocking me from updating the extension from a separate account—which is as it should be!
I’ll post again if I’m still unable to proceed after the old account data have been scrubbed. Otherwise, we can treat this one as resolved.