Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change authentication to apples new SRP6a #49

Merged
merged 3 commits into from
Dec 6, 2024

Conversation

PflaeginGmbh
Copy link
Contributor

Hello there,
as mentioned here, the authentication has changed. This was solved in the origin repository pyicloud.
These fixes solve the authentication problem and are a slightly modified version of the mentioned solution.

@PflaeginGmbh PflaeginGmbh mentioned this pull request Oct 24, 2024
@PflaeginGmbh
Copy link
Contributor Author

This works for me very well, so i hope that we can finish this task as soon as possible.

@Eugene-Polonsky
Copy link

I'm getting ('Invalid authentication token.', ICloudPyAPIResponseException('Missing apple_id field')) when trying this.

@PflaeginGmbh
Copy link
Contributor Author

Okay, in the pycloud thread here users experience this your issue too.

First of all, 2FA has to be enabled. In addition here is maybe a workaround for enabled 2FA with this error.

@Eugene-Polonsky
Copy link

Tried all that, still same error. It looks like the code is trying to retrieve a session token, but is providing a null dsWebAuthToken. Hence the error.

@Eugene-Polonsky
Copy link

This seems to be because session_data does not contain session_token or trust_token. Instead, it contains 'scnt' and 'client_id' and that's it.

@Eugene-Polonsky
Copy link

In the original fastlane solution, they reference X-Apple-HC / Challenge headers. I am not seeing that in this solution. Could that be related?

@Eugene-Polonsky
Copy link

Ok figured it out. Have to use actual password, not app-specific password. Works now.

@drallgood
Copy link

Can this be merged so the downstream iCloud-docker is fixed too?

@mandarons
Copy link
Owner

It looks like Apple hasn't completely moved to this authentication method yet (e.g. working fine for me without these changes). Is there any way to detect if SRP6a is required for a given apple account? If not, we can have this as a second method if the default (legacy?) authentication fails.

@mandarons mandarons enabled auto-merge (squash) December 6, 2024 22:36
@mandarons mandarons self-requested a review December 6, 2024 22:36
@mandarons mandarons merged commit 546c4b9 into mandarons:main Dec 6, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants