iCloud integration stopped working (due to Apple SRP-6a implementation)

[crazyelectron-io]

The problem

The iCloud integration fix recently merged to support App Passwords relies on a one-time login with the 'regular' password and MFA prompt. However, Apple has updated their side and now require Secure Remote Password protocol which is currently not supported by PyiCloud. As a result the iCloud integration no longer works.
BTW, it is already reported in the PyiCloud repo.

I opened this issue because the App Password issue was closed when the mentioned fix was merged.

What version of Home Assistant Core has the issue?

core-2024.10.3

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant Container

Integration causing the issue

iCloud

Link to integration documentation on our website

https://www.home-assistant.io/integrations/icloud

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

[home-assistant]

Hey there @Quentame, @nzapponi, mind taking a look at this issue as it has been labeled with an integration (icloud) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of icloud can trigger bot actions by commenting:

• @home-assistant close Closes the issue.
• @home-assistant rename Awesome new title Renames the issue.
• @home-assistant reopen Reopen the issue.
• @home-assistant unassign icloud Removes the current integration label and assignees on the issue, add the integration domain after the command.
• @home-assistant add-label needs-more-information Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue.
• @home-assistant remove-label needs-more-information Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

_{^{(message by CodeOwnersMention)}}

---

icloud documentation
icloud source
_{^{(message by IssueLinks)}}

[eddysteurs]

follow

[nstefanelli]

having this issue as well - following

[platterscratch]

Same. Following.

[mdeuerlein]

same here

[RadDip]

same

[GRClark]

Just started getting this...

Logs show....

Logger: pyicloud.base
Source: components/icloud/account.py:138
First occurred: 10:20:35 PM (2 occurrences)
Last logged: 10:20:35 PM

Service Temporarily Unavailable (503)
Authentication required for Account. (450)

[RosemaryOrchard]

A reminder to everyone that GitHub does have a "subscribe" feature you can use to follow this issue, and if you add a 👍 to the original post there'll be an easy count of people experiencing the same issue 😄

[dbruynb]

👍 Same issue

[voyagerft]

stesso identico problema

[HanyDaim]

Same error!

[FarleighRed]

👍

[slaygirlz]

welp

[ProtossBlaster]

Same Problem

[mzspicoli]

To avoid excessive notifications for everyone subscribed, please do not comment if you have the same issue. The owner is already informed. Instead, consider liking the original post and subscribing to updates.

[noahlishere]

Same issue here.

[online-geek]

I too am having this issue.

Whilst I know it is being worked on, is there a workaround as I have automations that rely on my Iphone and they do not currently work.

[wwpjm06]

👍

[AJAX-domo]

The problem is still present.

[ArnoldGoat]

Same problem. Reverting to 2024.10.1 did not fix it.

[barbadaniele]

Same issue

[mhjansen79]

Same problem. Reverting to 2024.10.1 did not fix it.

This is a change in iCloud’s authentication method, so reverting wouldn’t fix this.

The integration needs to be adjusted to be able to use apples new authentication mechanism.

[Genieplumb]

same here

[jaimiejoey]

Same. Core version 2024.10.2

[maxkot75]

Same issue here -;(

[lizardclaw8]

Check the fix for pyicloud at picklepete/pyicloud#456

for base.py

[degmarques]

Same here. Yes, I'm using application specific password...

Logs are reporting:

Logger: homeassistant.components.icloud.config_flow
Source: components/icloud/config_flow.py:128
integration: Apple iCloud (documentation, issues)
First occurred: 3:02:49 PM (4 occurrences)
Last logged: 3:08:56 PM

Error logging into iCloud service: ('Invalid authentication token.', PyiCloudAPIResponseException('Missing apple_id field'))

[PaulCavill]

Here an updated custom install, this includes changes pending merge in PyCloud.

iCloud.zip

[Destroyer061090]

Here an updated custom install, this includes changes pending merge in PyCloud.

iCloud.zip

not working for me... even the normal icloud doesnt work... I arrived to the page of the 6digit code but i never receive it... same issue to anyone?

[jamhops]

Here an updated custom install, this includes changes pending merge in PyCloud.
iCloud.zip

not working for me... even the normal icloud doesnt work... I arrived to the page of the 6digit code but i never receive it... same issue to anyone?

I have the same issue I can provide a App Specific Password then it asks for a code put Apple is authenticating by sending a popup on my devices (did you initiate this login?) with just a yes or wasnt me response (no code) I select this but cant proceed any further I am assuming the integration needs to support alternative mfa techniques apple are using.

[PaulCavill]

Please note App Specific Password are not supported

[bennierex]

Same here. Yes, I'm using application specific password...

Logs are reporting:

Logger: homeassistant.components.icloud.config_flow Source: components/icloud/config_flow.py:128 integration: Apple iCloud (documentation, issues) First occurred: 3:02:49 PM (4 occurrences) Last logged: 3:08:56 PM

Error logging into iCloud service: ('Invalid authentication token.', PyiCloudAPIResponseException('Missing apple_id field'))

I got this same error using an app-specific password (as should be the default way to go);

2024-12-03 15:22:16.268 ERROR (MainThread) [homeassistant.components.icloud.config_flow] Error logging into iCloud service: ('Invalid authentication token.', PyiCloudAPIResponseException('Missing apple_id field'))

Using Core 2024.11.3 on HassOS 13.2

[PaulCavill]

If you are trying to use the content of the zip file, your login screen should look like.

[arjannv]

I'm using the latest ZIP file and unfortunately, I can't get it to work. It throws the following error when I try to add the integration:

Traceback (most recent call last):
  File "/usr/local/lib/python3.12/site-packages/aiohttp/web_protocol.py", line 477, in _handle_request
    resp = await request_handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/aiohttp/web_app.py", line 567, in _handle
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/aiohttp/web_middlewares.py", line 117, in impl
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/security_filter.py", line 92, in security_filter_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/forwarded.py", line 210, in forwarded_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/request_context.py", line 26, in request_context_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/ban.py", line 86, in ban_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/auth.py", line 242, in auth_middleware
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/headers.py", line 32, in headers_middleware
    response = await handler(request)
               ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/http.py", line 73, in handle
    result = await handler(request, **request.match_info)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/decorators.py", line 81, in with_admin
    return await func(self, request, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/config/config_entries.py", line 222, in post
    return await super().post(request, flow_id)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/http/data_validator.py", line 74, in wrapper
    return await method(view, request, data, *args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/data_entry_flow.py", line 122, in post
    result = await self._flow_mgr.async_configure(flow_id, data)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 367, in async_configure
    result = await self._async_configure(flow_id, user_input)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 414, in _async_configure
    result = await self._async_handle_step(
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/data_entry_flow.py", line 517, in _async_handle_step
    result: _FlowResultT = await getattr(flow, method)(user_input)
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/icloud/config_flow.py", line 179, in async_step_user
    return await self._validate_and_create_entry(user_input, "user")
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/icloud/config_flow.py", line 118, in _validate_and_create_entry
    self.api = await self.hass.async_add_executor_job(^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/icloud/pyicloud/base.py", line 286, in __init__
    self.authenticate()
  File "/config/custom_components/icloud/pyicloud/base.py", line 376, in authenticate
    m1 = usr.process_challenge( salt, b )
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/srp/_pysrp.py", line 426, in process_challenge
    self.x = gen_x( hash_class, self.s, self.I, self.p )
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.12/site-packages/srp/_pysrp.py", line 216, in gen_x
    password = password.encode() if hasattr(password, 'encode') else password
               ^^^^^^^^^^^^^^^^^
  File "/config/custom_components/icloud/pyicloud/base.py", line 346, in encode
    return hashlib.pbkdf2_hmac('sha256', password_hash, salt, iterations, key_length)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
TypeError: a bytes-like object is required, not 'str'

[egpall]

Cuando uso el customPackage, recibo regularmente correos electrónicos de la autenticación de iCloud. ¿Hay alguna solución para esto?
¿Cómo sabes que es esta integración la que está tratando de acceder a ella y no alguien que está tratando de entrar en tu cuenta? Siempre me ha pasado esto, incluso al revés, nunca confío en que sea alguien y no le doy permiso, es realmente molesto

[oneseventhree]

still no working in latest HA update

[devsef]

Will there come a future update that provides app specific password again? It worked before but stopped working againb after last update to 2024.12.

[itsmicash]

any updates?

[mikefrantz]

Mine has quit working also. With the 2024.12 release. Are they working on a 2025 fix for this? I have automations that look for me being home or not home to control locks and lights. And my locks and lights keep going on and off all the time had to disable the automations.

[AlexPjz]

Same issue here

[PaulCavill]

A new maintainer of https://pypi.org/project/pyicloud/ has made a request to take over the project, pending approval.

pypi/support#5377

[nostradani]

A new maintainer of https://pypi.org/project/pyicloud/ has made a request to take over the project, pending approval.

pypi/support#5377

If I read that correctly, the new maintainer has a fork of pyicloud which already has a fix for the authentication issue.
Wouldn't it be possible to use this fork? That should enable us to use app specific passwords again, right?

[vannelli2000]

It started again for me just a few days ago. I don't get the six digit code from Apple to finish signing in with the app specific password.

[oneseventhree]

It started again for me just a few days ago. I don't get the six digit code from Apple to finish signing in with the app specific password.

Sadly, not for me:

[jscherry]

Also getting code from apple again without the integration asking to be reconfigured?

[szymon-romanko]

Sadly, not for me:

+1, still not working for me

[mikefrantz]

I deleted out the integration rebooted and then reinstalled the integration and I’m back up. Hope this helps someone.

[WollfWizard]

@PaulCavill Any news to be the new maintainer? I would really really like to get this working again, but unfortunately dont have the coding skillset to do it myself :(

[Destroyer061090]

with normal pwd it working for me... with specifica pwd not...

[WollfWizard]

Following @Destroyer061090's comment, i tried setting up the integration using my regular password, and boop, it asked for the 2FA verification code, and then it worked. data is being pulled in and is being updated. I dont know how long it will work before asking for a new 2FA code, but I'll update here if it does.

[Tomhodgson]

@WollfWizard I have been doing this from the off. However, I will regularly now receive an alert from Apple to say my ID has been signed in to on a web browser. Obviously I can put up with that, but it would mean that I am not as aware about a "true" security breach on my profile since I will likely assume it is just from this integration. Having the app-specific passwords back up and running would negate this. I have experienced similar issues on the CalDav integration for apple calendars as well.

[PaulCavill]

@WollfWizard new maintainer has a preview release im currently testing, and is seem to be working.
Pending take over of the pypi project,

[mucki12]

Pending take over of the pypi project,

Did you want to write more here? Can I install the preview directly in HA?

[dathosim]

idem - pour suivre