-
-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
iCloud integration continiously pops MFA approval on all Apple devices #101816
Comments
Hey there @Quentame, @nzapponi, mind taking a look at this issue as it has been labeled with an integration ( Code owner commandsCode owners of
(message by CodeOwnersMention) icloud documentation |
I have been experiencing the same issue the last couple of days |
Exactly the same for me. In the past I have managed to pop the reauth code flow, by disabling and enabling the integration. But after several attempts, I now had to delete and reinstall the integration. |
This has started for me too today. Nowhere to enter the code under the integration, and the integration does not seem to believe there is a problem. |
Update: this was driving me mad, so I deleted the integration. But I am still receiving the MFA requests?! |
Had this happen to me overnight. It woke me up on my watch 3-4 times and has continued to do so this morning. Quite worrying as it told me the sign in requests were coming from Bristol (I'm in Leeds). Tried to narrow down what it was. Disabled the integration, still got them. Deleted the integration, then recreated and got the same prompt on login from Bristol so I know it's HA at fault here. Have deleted the integration for now. Will keep an eye on this bug. |
@mattcharlton In the end I had to delete the integration and go into the terminal remove the storage folder. It just wasn't going to quit otherwise. I can (and will) live without this integration, but I do hope they fix it. Supporting app passwords (which according to other issues it does not) would put an end to this. |
@stuartford Yeah I've just had another prompt now. Trying a server restart but will have a look at the storage folder now, thank you :) |
iCloud Storage folder gone, hopefully that'll sort it till they fix it. I might have a look around the code in a bit. |
Looks like the 2fa/verification code stuff is hardcoded into the flow. Easiest fix might be to pull all that out and state that you have to use an app specific password with it. Don't have a local test/dev env set up for HA so not in the best position to have a look at this, hopefully the code owners will pick it up soon enough. |
Same for me. Deleted it for now, as even deactivated every 5 to 10 minutes MFA requests arrived on all devices. |
Exactly every 30 minutes I get the notification on my phone, tonight I had to turn off my phone to be able to sleep, I definitely deleted the application |
I also have this unfortunate issue, probably like everybody else on the planet who is using this. This is critical showstopper, please anyone who knows how, please submit a pull request or something... :-( |
same problem here |
Same here |
same, started 2 days ago |
Small Workarround from other forum, then is for the time being again silence....
|
Apple allows creating app specific passwords https://support.apple.com/102654 instead of using 2FA. I just removed and readded my account to the integration using such a password. (Honestly, that should be the default way instead of using your real AppleID password.) |
Ah this is awesome. I have just done the same thing. |
Perfect, that worked. After a reboot all devices were back again! Thank you! |
Coming into this only now but if I want to enter an app-specific password instead of going the 2FA route, does that mean I have to delete the integration and re-add it again? Thanks, |
@MrEbbinghaus That is great news! Last time I checked, they did not allow this. (But I must admit it was some time ago...) The documentation for the iCloud component should be updated to strongly recommend this, both from the security point of view, to getting rid of the 2FA annoyances. |
Also, for the record, here is a direct link for the page which allows you to create app-specific passwords: https://appleid.apple.com/account/manage/section/security |
That is exactly what it means. After deleting and re-adding, it is best to restart once, only then were all devices in again for me. |
@magicus Unfortunately it was followed by bad news a couple of hours later. The integration wasn't able to communicate with iCloud any more, and I got a "Your password was used to login" mail from Apple every minute until I disabled the integration again. |
The app password method doesn't work for me, it just returns "Invalid authentication". |
@MrEbbinghaus Oh, that is too bad. :-( |
Has there been a fix for this yet? |
Also inquiring if an update is planned on this. I'm still needing to re-login (and force reload the integration a few times a week as well) in order to maintain connectivity / updates into HA. Greatly appreciate the work to date and in advance if anyone(s) able to update the authentication mechanism(s) to fix this issue! |
This happens every 60-90 days for me.
The MFA pop-ups & integration warnings go away. |
Hi,
Deleting one of them fixed this issue for me. |
I'm not entirely sure it's this integration, but things have become far worse since yesterday, with multiple devices constantly prompting for MFA. This continued overnight and seems now to ignore sleep focus. I've disabled the integration, but the prompts keep coming. I'm sure I've seen others note that disabling doesn't work. Is there some way to remove the integration entirely? |
|
iCloud integration deauths often if not using App Specific Passwords. This spams MFA prompts on all devices and is not a good UX. Swap working to get people to use App Specific Passwords. HA Docs (https://www.home-assistant.io/integrations/icloud/) still need to be updated to reflect this
is this really fixed? the PR looks pretty minimal. I try and use app password and I get |
I thought that. Just looks like a field label change. No actual change to functionality. |
yeah when i tried an app password last week i got invalid authentication too so not convinced this will be working. |
@warmfire540 @OptimusGREEN and anyone else having issues can you all confirm that:
|
I have done everything as described but I get the error message with the app specific password every time: The login works with my correct password |
@rcmaehl yes - same. I'm unsure of the first bullet point - where would I check? I just went into icloud and created app specific pw - get error. Can you show screenshots or video of it working for you? |
Ok sounds good! I'm sure the MFA will go away, however it's not accepting my app password - I can't get past that part. |
Okay, I tested this with my wife's account. App-specific password seems to work for reauth but not initial auth. I need to revoke everything and undo some test changes I made to her account to confirm it wasn't something else but current workaround flow seems to be:
If this does work, I'll submit a patch to adjust the setup workflow I could have sworn I did the initial setup for my own account with the App-Specific Password but I may be mistaken. |
So was able to reproduce initial setup with the app-specific password that worked with my account. Only works if you remove and readd the same iCloud Entry too quickly. I may be in an extended MFA grace period currently as I'm not getting the MFA prompt when reloading the extension now but as soon as I do I'll retry with the App-Specific password to confirm my previous comment and then we'll go from there. |
* Update Docs for App-Specific Passwords See: home-assistant/core#101816 home-assistant/core#120945 * Update source/_integrations/icloud.markdown Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * define "it" instead of using bot suggestion * Update source/_integrations/icloud.markdown Co-authored-by: Franck Nijhof <frenck@frenck.nl> * Update source/_integrations/icloud.markdown Co-authored-by: Rosemary Orchard <16113535+RosemaryOrchard@users.noreply.github.com> * Advise on solution * Update source/_integrations/icloud.markdown Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Franck Nijhof <frenck@frenck.nl> Co-authored-by: Rosemary Orchard <16113535+RosemaryOrchard@users.noreply.github.com>
* Update Docs for App-Specific Passwords See: home-assistant/core#101816 home-assistant/core#120945 * Update source/_integrations/icloud.markdown Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * define "it" instead of using bot suggestion * Update source/_integrations/icloud.markdown Co-authored-by: Franck Nijhof <frenck@frenck.nl> * Update source/_integrations/icloud.markdown Co-authored-by: Rosemary Orchard <16113535+RosemaryOrchard@users.noreply.github.com> * Advise on solution * Update source/_integrations/icloud.markdown Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Franck Nijhof <frenck@frenck.nl> Co-authored-by: Rosemary Orchard <16113535+RosemaryOrchard@users.noreply.github.com>
Hello everyone, |
No Its not solved. The directions were changed to use app specfic passwords yet they don't work for the majority of users. Although they should probably be used, the integration doesn't work well with adding them. |
can anyone confirm @rcmaehl 's latest comment? I rage uninstalled it, but can make a new ticket if OP isn't available anymore |
I can confirm doing initial setup with Password, and then re-authing with an App Specific Password prevents with Apple MFA pop-up spam and has worked for me for since I made that comment. I need to rewrite the configuration flow to prompt for both values (should be easy) and then actually use the ASP when reauth is needed (Can figure out but I have no idea how to compile test builds for HomeAssistant to test changes yet) |
The problem
Every 30 days or so, it seems like the authentication with iCloud expires. I am notified about this in Home Assistant, so I go to my integration and hits reconfigure, enter my password and get "reauth successfull". Now on all my phones, a prompt will appear every 20 minutes, asking if I want to allow a sign-on, and if yes it displays a mfa code.
The integrations seems to be fetching data from iCloud just fine... I cannot make these annoying pop-ups on my phones go away. Even if I disable the integration and reenable it after some days. I am only asked for password, not the mfa code.
What version of Home Assistant Core has the issue?
core-2023.10.1
What was the last working version of Home Assistant Core?
No response
What type of installation are you running?
Home Assistant OS
Integration causing the issue
icloud
Link to integration documentation on our website
https://www.home-assistant.io/integrations/icloud
Diagnostics information
No response
Example YAML snippet
No response
Anything in the logs that might be useful for us?
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: