Kinda shocked that this still hasn’t been solved. iCloud is one of the few integrations that can be used for relatively reliable presence tracking, and it’s still broken. Seems like enabling the integration to use app-specific passwords (as it probably should have from the beginning) would solve this problem.
Hi. There is no reason to be shocked. Do you know anything about official iCloud API provided by Apple (that would help a lot)? This “integration” uses pyicloud module (if anywhere it have to be fixed there) that is actually pretending to be a user logging in to icloud.com and making request as “normal” user. So this is actually hackish way to get this data from Apple. So no app-specific passwords/keys.
To solve the issue it may be required to simulate real browser with JavaScript etc. which is possible but problematic.
Here is relevant issue for pyicloud module https://github.com/picklepete/pyicloud/issues/298
Am having the same problem. Decided to un-install the integration until this issue is resolved, hopefully with the 0.117.0 update.
hey @dboczek
I have also been getting Apple’s trusted device verification in the last week or so as well, and if I re-do the integration, the notifications would stop for a maximum of 24 hours, and the verification process would re start again.
Can I just make these few observations please:
- Currently, HA’s integration with iCloud requires the sharing of our iCloud password, and a code for 2FA if that is enabled.
- This arrangement is quite uncommon for major platforms. For example, if you’re wanting to access your HA resources from Visual Code Studio’s Home Assistant Config Helper, you would get a Long-Lived Access Token from HA, rather than giving your account’s full credentials to a third party.
- Long-Lived Access token is also known as, App Passwords on Google
To be continued next post…
Continuing from the post before…
- Microsoft calls them App Passwords as well.
- I’ve recently noticed that iCloud now supports App Specific Passwords. This linked article was published on January 21, 2020 by Apple.
- When other platforms were gradually introducing these advanced account security features, they also selectively enforced their use to encourage gradual migration.
So perhaps Apple is doing the same thing? Maybe they are trying to urge HA to implement App Specific Passwords so that users don’t have to share their full account credentials anymore…
Does somebody know if the iCloud3 custom integration doesn’t have this issue?
If so then I think I will switch to that.
I had it installed earlier but removed it because it felt over-engineered and drained the batteries of the iPhones. The standard iCloud integration is much more out-of-the-box and I prefer the UI supported integrations more and more, but this re-authentication issue is becoming very annoying.
Tried it for a few days and just uninstalled it again. I also had to re-authenticate every 24 hours.
I have done the same thing. I don’t really won’t to move to the iCloud 3 integration. So I guess I will wait.
The open issue looks to be abandoned. Opened on Sep 10, with nothing further, and not assigned to anyone. I guess we shouldn’t be expecting a fix anytime soon.
I think a fix should come with this change:
Hey folks, the “problem” is on Apple’s end but it really isn’t a problem, it’s just security.
I tried this after pulling my hair out and it worked (so far, fingers crossed):
To log into an old iPad or iCloud Integration, where it asks you for a recovery key or security key in iCloud, you need to append a valid verification code from another of your trusted devices (eg iphone/iPad with two step verification onto the END of your current password to bypass the prompt.
Delete the iCloud Integration and reboot your device.
On iphone/trusted device with iOS 9 or above go to “Settings”, tap your name at the very top, tap “Password & Security” and then tap “Get Verification Code”. It will give you six digits. Write them down and hit “OK”. That code lasts 10 minutes so don’t wander off…
Re-install the iCloud Integration and enter your AppleID email. Enter your password in the Password field AND enter the six digit key you just wrote down. Tap “Submit” and you’re done.
For example, let’s say the six digits you wrote down are 346098 and your current valid AppleID password is Horsefly. You would enter Horsefly346098 and tap, “Submit”.
This works on older Apple products as well that are clueless to 2-Step Authentication.
That seems to work. Let’s see for how long.
Working for me too! No pop ups anymore, but iCloud attributes are not updating. Only once by adding but not after anymore.
Indeed, it is not updating. So guess it is not working…
Works great, but after a restart of HA or of the rPi the configuration is lost. Must renter pass+token again.
Any thoughts?
Is this still the case for you? No more repeated question from icloud to confirm authentication on your phone?
same for me… keep asking for 2fa… method with 2fa after password is not working persistent
I did a reboot, had to re-enter the #$&@ password. It’s like it only stores the credentials in the RAM and gets brain dead if you clear the RAM. Sorry gang, thought I had it conquered…
Even with appending the code at the end of the password this is still an ongoing issue… made worse by a reboot/restart…
I am having this issue, repeatedly. Driving me bonkers. Any known fixes that work? I’ve deleted and re-added the integration and no dice.