iCloud integration stopped working (due to Apple SRP-6a implementation)

[crazyelectron-io]

The problem

The iCloud integration fix recently merged to support App Passwords relies on a one-time login with the 'regular' password and MFA prompt. However, Apple has updated their side and now require Secure Remote Password protocol which is currently not supported by PyiCloud. As a result the iCloud integration no longer works.
BTW, it is already reported in the PyiCloud repo.

I opened this issue because the App Password issue was closed when the mentioned fix was merged.

What version of Home Assistant Core has the issue?

core-2024.10.3

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant Container

Integration causing the issue

iCloud

Link to integration documentation on our website

https://www.home-assistant.io/integrations/icloud

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

[home-assistant]

Hey there @Quentame, @nzapponi, mind taking a look at this issue as it has been labeled with an integration (icloud) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of icloud can trigger bot actions by commenting:

• @home-assistant close Closes the issue.
• @home-assistant rename Awesome new title Renames the issue.
• @home-assistant reopen Reopen the issue.
• @home-assistant unassign icloud Removes the current integration label and assignees on the issue, add the integration domain after the command.
• @home-assistant add-label needs-more-information Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue.
• @home-assistant remove-label needs-more-information Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

_{^{(message by CodeOwnersMention)}}

---

icloud documentation
icloud source
_{^{(message by IssueLinks)}}

[eddysteurs]

follow

[nstefanelli]

having this issue as well - following

[platterscratch]

Same. Following.

[mdeuerlein]

same here

[RadDip]

same

[GRClark]

Just started getting this...

Logs show....

Logger: pyicloud.base
Source: components/icloud/account.py:138
First occurred: 10:20:35 PM (2 occurrences)
Last logged: 10:20:35 PM

Service Temporarily Unavailable (503)
Authentication required for Account. (450)

[RosemaryOrchard]

A reminder to everyone that GitHub does have a "subscribe" feature you can use to follow this issue, and if you add a 👍 to the original post there'll be an easy count of people experiencing the same issue 😄

[dbruynb]

👍 Same issue

[voyagerft]

stesso identico problema

[HanyDaim]

Same error!

[FarleighRed]

👍

[slaygirlz]

welp

[ProtossBlaster]

Same Problem

[mzspicoli]

To avoid excessive notifications for everyone subscribed, please do not comment if you have the same issue. The owner is already informed. Instead, consider liking the original post and subscribing to updates.

[noahlishere]

Same issue here.

[online-geek]

I too am having this issue.

Whilst I know it is being worked on, is there a workaround as I have automations that rely on my Iphone and they do not currently work.

[wwpjm06]

👍

[AJAX-domo]

The problem is still present.

[ArnoldGoat]

Same problem. Reverting to 2024.10.1 did not fix it.

[barbadaniele]

Same issue

[mhjansen79]

Same problem. Reverting to 2024.10.1 did not fix it.

This is a change in iCloud’s authentication method, so reverting wouldn’t fix this.

The integration needs to be adjusted to be able to use apples new authentication mechanism.

[Genieplumb]

same here

[jaimiejoey]

Same. Core version 2024.10.2

[maxkot75]

Same issue here -;(

[lizardclaw8]

Check the fix for pyicloud at picklepete/pyicloud#456

for base.py

[lcoll154]

Yes, that is what I followed, I will do it again and see what happens.
I removed the integration, restarted, copied the files to the custom components, restarted and then installed the new integration and entered my credentials and started getting notifications every 30 min for 2fa so I removed everything again

[aram535]

Do we know when this will be included in the next home assistant release?

[Phoenix-DH]

Don‘t get that.
Is 2024.11.2 working again?

[huuscript]

I just Update to 2024.11.2, and password works again.

[Phoenix-DH]

Thanks! Did it… Working also ….

[kf4hxu]

The update works to a point, for me anyhow. It's now accepting my user name and app password, but I never get a iCloud verification code. What am I doing wrong? I have generated several different app passwords, but still no verification code.

[tommywestside]

The update works to a point, for me anyhow. It's now accepting my user name and app password, but I never get a iCloud verification code. What am I doing wrong? I have generated several different app passwords, but still no verification code.

same here, only the iCloud PW worked for me (triggering the verification code), application passwords didn't work for me.

[ThomasHammant]

I thought the whole point was once you had an application password that bypasses 2fa so you don’t need the verification code.

[tommywestside]

Does someone know why the regular PW now works again with 11.2? Looks like something was broken and now works half-way (with regular PW and not app-PW). Of course, App-specific PW is the one that should work.

[devsef]

Was it fixed in 2024.11.2? I tried to login with app password but that did not work. I was able to login with account password and 2FA. After i deleted the integration again and tried app password a second time it was accepted and the integration start working again. It would have been nice if there had been a line in the bug fix list.

[devsef]

The update works to a point, for me anyhow. It's now accepting my user name and app password, but I never get a iCloud verification code. What am I doing wrong? I have generated several different app passwords, but still no verification code.

same here, only the iCloud PW worked for me (triggering the verification code), application passwords didn't work for me.

If you are using an app password 2FA code verification is not needed and you should not be asked for it. Only for using the account password you need the 2FA Code. And as you can see above app password worked for me.

[tommywestside]

I tried app specific PW first, but it didn't work, there was an error shown.

[oneofthegeeks]

Regular password worked for me and it triggered giving me the code to enter. Will find out soon if I get prompted way to often. I don't mind every 30 days, but hopefully this can get sorted out.
I love the security but also want to be able to use it at my own risk knowing the app password issues. Thanks for everyones work on this.

[devsef]

I tried app specific PW first, but it didn't work, there was an error shown.

Did you try the way I managed to get app password working?

[tommywestside]

I tried app specific PW first, but it didn't work, there was an error shown.

Did you try the way I managed to get app password working?

not, didn't read the full post ;-)
Guess I'll try once it starts annoying me with login attempts after 30days...

[kf4hxu]

The update works to a point, for me anyhow. It's now accepting my user name and app password, but I never get a iCloud verification code. What am I doing wrong? I have generated several different app passwords, but still no verification code.

same here, only the iCloud PW worked for me (triggering the verification code), application passwords didn't work for me.

If you are using an app password 2FA code verification is not needed and you should not be asked for it. Only for using the account password you need the 2FA Code. And as you can see above app password worked for me.

The app password does ask for a verification code just like the account password. I’ve got it working with the account password, but not the app password.

[degmarques]

Same here. Yes, I'm using application specific password...

Logs are reporting:

Logger: homeassistant.components.icloud.config_flow
Source: components/icloud/config_flow.py:128
integration: Apple iCloud (documentation, issues)
First occurred: 3:02:49 PM (4 occurrences)
Last logged: 3:08:56 PM

Error logging into iCloud service: ('Invalid authentication token.', PyiCloudAPIResponseException('Missing apple_id field'))

[PaulCavill]

Here an updated custom install, this includes changes pending merge in PyCloud.

iCloud.zip

[Destroyer061090]

Here an updated custom install, this includes changes pending merge in PyCloud.

iCloud.zip

not working for me... even the normal icloud doesnt work... I arrived to the page of the 6digit code but i never receive it... same issue to anyone?

[jamhops]

Here an updated custom install, this includes changes pending merge in PyCloud.
iCloud.zip

not working for me... even the normal icloud doesnt work... I arrived to the page of the 6digit code but i never receive it... same issue to anyone?

I have the same issue I can provide a App Specific Password then it asks for a code put Apple is authenticating by sending a popup on my devices (did you initiate this login?) with just a yes or wasnt me response (no code) I select this but cant proceed any further I am assuming the integration needs to support alternative mfa techniques apple are using.

[PaulCavill]

Please note App Specific Password are not supported

[bennierex]

Same here. Yes, I'm using application specific password...

Logs are reporting:

Logger: homeassistant.components.icloud.config_flow Source: components/icloud/config_flow.py:128 integration: Apple iCloud (documentation, issues) First occurred: 3:02:49 PM (4 occurrences) Last logged: 3:08:56 PM

Error logging into iCloud service: ('Invalid authentication token.', PyiCloudAPIResponseException('Missing apple_id field'))

I got this same error using an app-specific password (as should be the default way to go);

2024-12-03 15:22:16.268 ERROR (MainThread) [homeassistant.components.icloud.config_flow] Error logging into iCloud service: ('Invalid authentication token.', PyiCloudAPIResponseException('Missing apple_id field'))

Using Core 2024.11.3 on HassOS 13.2

[PaulCavill]

If you are trying to use the content of the zip file, your login screen should look like.

[arjannv]

I'm using the latest ZIP file and unfortunately, I can't get it to work. It throws the following error when I try to add the integration:

Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/aiohttp/web_protocol.py", line 477, in _handle_request
    resp = await request_handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/aiohttp/web_app.py", line 567, in _handle
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/aiohttp/web_middlewares.py", line 117, in impl
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/security_filter.py", line 92, in security_filter_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/forwarded.py", line 210, in forwarded_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/request_context.py", line 26, in request_context_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/ban.py", line 86, in ban_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/auth.py", line 242, in auth_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/headers.py", line 32, in headers_middleware
    response = await handler(request)
               ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/http.py", line 73, in handle
    result = await handler(request, **request.match_info)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/decorators.py", line 81, in with_admin
    return await func(self, request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/config/config_entries.py", line 222, in post
    return await super().post(request, flow_id)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/data_validator.py", line 74, in wrapper
    return await method(view, request, data, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/data_entry_flow.py", line 122, in post
    result = await self._flow_mgr.async_configure(flow_id, data)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 367, in async_configure
    result = await self._async_configure(flow_id, user_input)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 414, in _async_configure
    result = await self._async_handle_step(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 517, in _async_handle_step
    result: _FlowResultT = await getattr(flow, method)(user_input)
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/icloud/config_flow.py", line 179, in async_step_user
    return await self._validate_and_create_entry(user_input, "user")
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/icloud/config_flow.py", line 118, in _validate_and_create_entry
    self.api = await self.hass.async_add_executor_job(^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/icloud/pyicloud/base.py", line 286, in __init__
    self.authenticate()
  File "/config/custom_components/icloud/pyicloud/base.py", line 376, in authenticate
    m1 = usr.process_challenge( salt, b )
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/srp/_pysrp.py", line 426, in process_challenge
    self.x = gen_x( hash_class, self.s, self.I, self.p )
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/srp/_pysrp.py", line 216, in gen_x
    password = password.encode() if hasattr(password, 'encode') else password
               ^^^^^^^^^^^^^^^^^
  File "/config/custom_components/icloud/pyicloud/base.py", line 346, in encode
    return hashlib.pbkdf2_hmac('sha256', password_hash, salt, iterations, key_length)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: a bytes-like object is required, not 'str'

[egpall]

Cuando uso el customPackage, recibo regularmente correos electrónicos de la autenticación de iCloud. ¿Hay alguna solución para esto?
¿Cómo sabes que es esta integración la que está tratando de acceder a ella y no alguien que está tratando de entrar en tu cuenta? Siempre me ha pasado esto, incluso al revés, nunca confío en que sea alguien y no le doy permiso, es realmente molesto

[oneseventhree]

still no working in latest HA update

[devsef]

Will there come a future update that provides app specific password again? It worked before but stopped working againb after last update to 2024.12.

[itsmicash]

any updates?