Hey there @Quentame, @nzapponi, mind taking a look at this issue as it has been labeled with an integration (icloud) you are listed as a code owner for? Thanks!

_{^{(message by CodeOwnersMention)}}

icloud documentation
icloud source
_{^{(message by IssueLinks)}}

I have been experiencing the same issue the last couple of days

This has been happening to me for at least a year, probably longer. What is more, the notifications start popping up on my devices many days before the iCloud integration seems to "realise" that it needs to re-authenticate. Consequently, after allowing the authentication on my devices and receiving the authentication code, there is no option to enter this into the integration. So the whole thing repeats until eventually the integration wakes up to the fact that it needs a code.

This has been happening to me for at least a year, probably longer. What is more, the notifications start popping up on my devices many days before the iCloud integration seems to "realise" that it needs to re-authenticate. Consequently, after allowing the authentication on my devices and receiving the authentication code, there is no option to enter this into the integration. So the whole thing repeats until eventually the integration wakes up to the fact that it needs a code.

Exactly the same for me. In the past I have managed to pop the reauth code flow, by disabling and enabling the integration. But after several attempts, I now had to delete and reinstall the integration.

This has started for me too today. Nowhere to enter the code under the integration, and the integration does not seem to believe there is a problem.

Update: this was driving me mad, so I deleted the integration. But I am still receiving the MFA requests?!

Had this happen to me overnight. It woke me up on my watch 3-4 times and has continued to do so this morning.

Quite worrying as it told me the sign in requests were coming from Bristol (I'm in Leeds). Tried to narrow down what it was. Disabled the integration, still got them.

Deleted the integration, then recreated and got the same prompt on login from Bristol so I know it's HA at fault here.

Have deleted the integration for now. Will keep an eye on this bug.

@mattcharlton In the end I had to delete the integration and go into the terminal remove the storage folder. It just wasn't going to quit otherwise. I can (and will) live without this integration, but I do hope they fix it. Supporting app passwords (which according to other issues it does not) would put an end to this.

@stuartford Yeah I've just had another prompt now. Trying a server restart but will have a look at the storage folder now, thank you :)

iCloud Storage folder gone, hopefully that'll sort it till they fix it. I might have a look around the code in a bit.

Looks like the 2fa/verification code stuff is hardcoded into the flow. Easiest fix might be to pull all that out and state that you have to use an app specific password with it. Don't have a local test/dev env set up for HA so not in the best position to have a look at this, hopefully the code owners will pick it up soon enough.

Had this happen to me overnight. It woke me up on my watch 3-4 times and has continued to do so this morning.

Same for me. Deleted it for now, as even deactivated every 5 to 10 minutes MFA requests arrived on all devices.

Exactly every 30 minutes I get the notification on my phone, tonight I had to turn off my phone to be able to sleep, I definitely deleted the application

I also have this unfortunate issue, probably like everybody else on the planet who is using this. This is critical showstopper, please anyone who knows how, please submit a pull request or something... :-(

same problem here

Same here

same, started 2 days ago

Small Workarround from other forum, then is for the time being again silence....

1. go to iCloud integration
2. press the 3 dots and choose delete
3. ssh into home assistant (I use the add-on "Terminal & SSH!"
4. delete icloud folder
5. rm -rf /config/.storage/icloud
6. add your icloud account in the integration again
7. Now the box will popup for you to put in the verification code.

Apple allows creating app specific passwords https://support.apple.com/102654 instead of using 2FA.

I just removed and readded my account to the integration using such a password.
Since that password doesn't need 2FA, it should solve the problem once and for all.

(Honestly, that should be the default way instead of using your real AppleID password.)

Apple allows creating app specific passwords https://support.apple.com/102654 instead of using 2FA.

I just removed and readded my account to the integration using such a password. Since that password doesn't need 2FA, it should solve the problem once and for all.

(Honestly, that should be the default way instead of using your real AppleID password.)

Ah this is awesome. I have just done the same thing.

Apple allows creating app specific passwords https://support.apple.com/102654 instead of using 2FA.

I just removed and readded my account to the integration using such a password. Since that password doesn't need 2FA, it should solve the problem once and for all.

(Honestly, that should be the default way instead of using your real AppleID password.)

Perfect, that worked. After a reboot all devices were back again! Thank you!

Apple allows creating app specific passwords https://support.apple.com/102654 instead of using 2FA.

I just removed and readded my account to the integration using such a password. Since that password doesn't need 2FA, it should solve the problem once and for all.

(Honestly, that should be the default way instead of using your real AppleID password.)

Coming into this only now but if I want to enter an app-specific password instead of going the 2FA route, does that mean I have to delete the integration and re-add it again?

Thanks,
Bel*.

@MrEbbinghaus That is great news! Last time I checked, they did not allow this. (But I must admit it was some time ago...)

The documentation for the iCloud component should be updated to strongly recommend this, both from the security point of view, to getting rid of the 2FA annoyances.

Also, for the record, here is a direct link for the page which allows you to create app-specific passwords: https://appleid.apple.com/account/manage/section/security

Apple erlaubt die Erstellung anwendungsspezifischer Passwörter https://support.apple.com/102654 anstelle der Verwendung von 2FA.
Ich habe gerade mein Konto mit einem solchen Passwort entfernt und der Integration wieder hinzugefügt. Da dieses Passwort keine 2FA benötigt, sollte es das Problem ein für alle Mal lösen.
(Ehrlich gesagt sollte dies die Standardmethode sein, anstatt Ihr echtes AppleID-Passwort zu verwenden.)

Ich komme erst jetzt dazu, aber wenn ich ein App-spezifisches Passwort eingeben möchte, anstatt den 2FA-Weg zu gehen, bedeutet das, dass ich die Integration löschen und erneut hinzufügen muss?

Danke, Bel*.

That is exactly what it means. After deleting and re-adding, it is best to restart once, only then were all devices in again for me.

@magicus Unfortunately it was followed by bad news a couple of hours later.

The integration wasn't able to communicate with iCloud any more, and I got a "Your password was used to login" mail from Apple every minute until I disabled the integration again.

The app password method doesn't work for me, it just returns "Invalid authentication".

@MrEbbinghaus Oh, that is too bad. :-(

Has there been a fix for this yet?

Also inquiring if an update is planned on this. I'm still needing to re-login (and force reload the integration a few times a week as well) in order to maintain connectivity / updates into HA. Greatly appreciate the work to date and in advance if anyone(s) able to update the authentication mechanism(s) to fix this issue!

This happens every 60-90 days for me.

1. Log into iCloud on a browser.
2. Click on Account (person icon in the top right),
3. Click on iCloud Settings
4. Scroll to the bottom "Sign out of all browsers"
5. Reload the iCloud integration in HA - promps for password & MFA
6. Restart HA.

The MFA pop-ups & integration warnings go away.

Hi,
I'm not sure if this might help, but I can see two separate sessions in my /config/.storage/icloud directory, despite having one registered.
ls in that directory was:

• pia(redacted)
• pia(redacted).session
• Pia(redacted)
• Pia(redacted).session
  And I was getting MFA logins despite actually having this integration reconfigured.

Deleting one of them fixed this issue for me.
It was the same filename, but one started with capital letter.

I'm not entirely sure it's this integration, but things have become far worse since yesterday, with multiple devices constantly prompting for MFA. This continued overnight and seems now to ignore sleep focus. I've disabled the integration, but the prompts keep coming. I'm sure I've seen others note that disabling doesn't work. Is there some way to remove the integration entirely?

I'm not entirely sure it's this integration, but things have become far worse since yesterday, with multiple devices constantly prompting for MFA. This continued overnight and seems now to ignore sleep focus. I've disabled the integration, but the prompts keep coming. I'm sure I've seen others note that disabling doesn't work. Is there some way to remove the integration entirely?

#101816 (comment)

is this really fixed? the PR looks pretty minimal. I try and use app password and I get Invalid authentication

is this really fixed? the PR looks pretty minimal. I try and use app password and I get Invalid authentication

I thought that. Just looks like a field label change. No actual change to functionality.

is this really fixed? the PR looks pretty minimal. I try and use app password and I get Invalid authentication

yeah when i tried an app password last week i got invalid authentication too so not convinced this will be working.

@rcmaehl or @frenck can you reopen this or create a duplicate? This was falsely closed..

@warmfire540 @OptimusGREEN and anyone else having issues can you all confirm that:

• Your default 2FA/MFA is not currently set to a Security Token when setting up the App-Specific Password?
• You're using the email selected as "Apple ID" from the Emails & Phone Numbers section of https://appleid.apple.com/account/manage/section/security?
• You are/have been using an Apple Device signed into the account that is/has connected to the same network as the HomeAssistant host?
• You're able to sign into https://appleid.apple.com/ from a desktop web browser on the same network as the HomeAssistant host (and ideally create the App-Specific Password within that desktop web browser)?
• You are polling iCloud no more than once every 60 seconds (I poll every 5 minutes) once setup?

I have done everything as described but I get the error message with the app specific password every time:
Invalid authentication

The login works with my correct password

@rcmaehl yes - same. I'm unsure of the first bullet point - where would I check? I just went into icloud and created app specific pw - get error.

Can you show screenshots or video of it working for you?

I'm going to dig into the pyicloud stuff later today for the setup failures and the issue below where it thinks the extension needs to be reconfigured despite it working. I can confirm that when it does take the App Password that you no longer get MFA spam however.

Ok sounds good! I'm sure the MFA will go away, however it's not accepting my app password - I can't get past that part.

Okay, I tested this with my wife's account.

App-specific password seems to work for reauth but not initial auth. I need to revoke everything and undo some test changes I made to her account to confirm it wasn't something else but current workaround flow seems to be:

1. Generate App-Specific Password
2. Initial setup using Account Password including allowing MFA prompt and entering 2FA code
3. Reload Integration
4. Deny MFA prompt
5. Wait a minute or so for the Integration to want re-auth
6. Enter App-Specific Password

If this does work, I'll submit a patch to adjust the setup workflow

I could have sworn I did the initial setup for my own account with the App-Specific Password but I may be mistaken.

So was able to reproduce initial setup with the app-specific password that worked with my account. Only works if you remove and readd the same iCloud Entry too quickly.

I may be in an extended MFA grace period currently as I'm not getting the MFA prompt when reloading the extension now but as soon as I do I'll retry with the App-Specific password to confirm my previous comment and then we'll go from there.

Hello everyone,
I'm not sure if the problem has been solved or not?
Or has a new problem been opened and I just can't find it?

No Its not solved. The directions were changed to use app specfic passwords yet they don't work for the majority of users. Although they should probably be used, the integration doesn't work well with adding them.

can anyone confirm @rcmaehl 's latest comment? I rage uninstalled it, but can make a new ticket if OP isn't available anymore

can anyone confirm @rcmaehl 's latest comment? I rage uninstalled it, but can make a new ticket if OP isn't available anymore

I can confirm doing initial setup with Password, and then re-authing with an App Specific Password prevents with Apple MFA pop-up spam and has worked for me for since I made that comment.

I need to rewrite the configuration flow to prompt for both values (should be easy) and then actually use the ASP when reauth is needed (Can figure out but I have no idea how to compile test builds for HomeAssistant to test changes yet)