Problem Authenticating and Verifying iCloud Account

[gcobb321]

General area dealing with this problem.

[blhoward2]

Gary, what logs or what can I provide you to help with this?

[timaseth]

So, I tried getting rid of each of the 6 notifications that I had, but I would get a service call error as shown. I gave up and restarted my HA and the pi host. Heck, they went away for now.

[gcobb321]

I would like to look at the HA log file to see if I spot something Apple is doing.

1. Add the following to your HA configuration.yaml file:

   logger:
   default: info
   logs:
   custom_components.icloud3.device_tracker: debug
   custom_components.icloud3_dev.pyicloud_ic3: debug

2. Add the following to the i iCloud3 configuration parameter: log_level: debug+rawdata
3. Delete /config/home-assisstant.log file.
4. Delete your cookie file to force the verification process request. It is a file made from your username/email address without punctuation in the /config/.storage/icloud directory. Or rename it.
5. Restart HA.
6. Go through the verification process.
7. Let everything run until you are asked to verify again and then do it
8. If it verifies successful, let it run some more until the next time and verify again.
9. Send me the HA log file. It will probably be large. Email it to geekstergary@gmail.com.
10. Remove the lines you added above from the configuration files or comment them out by putting a ‘#’ at the start of each line.
11. Rename the home-assisstant.log file. Don’t delete it until I receive it in case it needs to be resent.
12. Restart HA.

ICloud3 v2.1 used a dummy non-2fa iCloud account to work around the 2fa problem.

• If you were using v2.1, use that iCloud account instead of your real account. It still works.
• If you were not using v2.1, you need to create a second non-2fa account, add the people you are tracking to the contacts list in that account with their real email address, set up the FindMy Sharing List for those people, send them a sharing invitation and have them accept the invitation. Then go back to your real iCloud account. I’ve updated the iCloud3 v2.2 docs with the instructions on how to do this from the old v2.1 docs. You can find them here.

I am not having any issues and sometimes there are problems with the communication between the V pyicloud_ic3.aml program and Apple. That program is a customized version of the one used by the HA iCloud integration and I’m checking that forum to see if there are any issues there. There are. Hopefully, these Log files will tell something.

[blhoward2]

Will do. RE the dummy account when I tried that before a few weeks ago it was no longer possible to create such an account. No matter how I created it or where (including on a computer) 2FA was automatically turned on and couldn’t be tuned off. Maybe I’m missing something but I think Apple may have disabled the ability to do so.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[poudenes]

When reboot ha most of time goes well after you trusted devices. But last knight I got notification that icloud3 tries to login...

So seems that it's not connected and remember the login

[gcobb321]

The need to authenticate and validate its controlled by iCloud using their cookie file. iCloud3 just gets their notifications and issues the verification request. The cookie file is your email in the /config/.storage/icloud directory. The file name is the username without punctuation.

It contains a bunch of text records. Mine is:

#LWP-Cookies-2.0
Set-Cookie3: acn01="YxaA1vh8jnMcUtBZWkenRAs6ARzt7uhhfq4cNUElABtEWBYhOGc="; path="/"; domain=".apple.com"; path_spec; secure; expires="2021-04-13 15:16:34Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Cloudkit="\"TGlzdEFwcGw6MTpBcHBsOjE6ATwNcHi7QdvRf9QdNUYcWpuEmRbePAjg1BzfJ4pXd5XqGHJ++FSyY6SMI/iExrh3MNbk8vG8pFB+KUIdgqurOrnqo/NOdlPCdCYWJwiBR5PnnAf+fGHOE+Yb04o8H4r9IyI1XFIReeHfdep205A3ZE5WbLFCSWwe/BoWbP12juswZKTOSyOI+w==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Documents="\"TGlzdEFwcGw6MTpBcHBsOjE6AWJHuwU2of84kVP8idco2CteFBG6GVGRlZ5xT6pRMDF7nnXDoG2NB4lxf+Eu16xHtoG8tmlfIbiPCrOf2ZIiJY8gDZ1lsnghFoaJFwRP/6lqdCT5fGLWKvRe1nprIw+ntokTWoEu+W8BD5ivnUSvRRWJiW9sjQsr0ISUWaOY8cvhrjaN//BFBQ==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Mail="\"TGlzdEFwcGw6MTpBcHBsOjE6AVbCj6FWtYW6NlPux9jD+X3YL4QDSA0MyMt0nMnPZx6MJUv1cngHJVCOPvxmPsU3H0B/m8iH8nRcV7sj0XKk0xfgc/ZTiNY9ta2noDKGkuK133zJNO1pyVYxTalkS4JMYYpPgDBYaz6NJSsvW2Yq9K8tgkxDCTxwPQJrckO9jrmq/txpSUcNMg==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-News="\"TGlzdEFwcGw6MTpBcHBsOjE6Afs8CP26Lg5c1gWpuwlKSPM/pcaNehv75hFtPQ4USw8663WVnZVFoU8oLc3tHf2tyAwPhD+LRanKX6lJBhsLLMDcnTTrOIn8DmXCMNzAMJNvwcPHGbMvjU+FLF19q9PDOVo1yHxf9qHdQvxNQTozJ8OUjv3fkUO+hdqsUBY8HagfVmK39O7dxw==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Notes="\"TGlzdEFwcGw6MTpBcHBsOjE6AZE8/mMG1OZ3pPY9aCediax1txc1vSrNvftA2uBjGd9HNH3Da8UADiX5cBOHzyucH/gscz8GitK/2sESZqGLtZM2uLYg+80g44RCfhGpueSwU1Wubb7QoNgW/uReP4frcVc67KDhsy8HHQjVl9BSea6RWbXA92Ljh4Y/oEf+H95bgSWGxLH3og==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Photos="\"TGlzdEFwcGw6MTpBcHBsOjE6ASgWO7NeyqaJn73i6zQa0SPEGppnmlLcKYtPgy3kwo3HIMcyyWAwFvp0ECmETN1jzeatPxFZcCK8MQB5Rb0o5EUtwzmRwOmf/rCUDQ2nX0/ETfsjjgYlHsuD38do2+FWO7CtDiZOCU1QfqI1nRbJD5TABIetqsmwNz8uAOJFzn9bwtVmxQMKmQ==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Safari="\"TGlzdEFwcGw6MTpBcHBsOjE6AZTqY3zZmO5eoHwDwowl4U9+ghHlUcuhTBUOQkXyt+FFNnOMw1413+iHm7PYZ+SWKeSeDrSh0UXEOdomr+BDQGkCkkvCFgUurcnhMk4bI0ZIGRMQkQP1oYLys7J+F9xulwdqgeLeUcKu00Tz95P/rtPzxjAYbV2ZNZsW0tM/d5UVxXoV6cKHzQ==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Sharing="\"TGlzdEFwcGw6MTpBcHBsOjE6AS7hdv1GTIfcmHMu5W/eVxEUCHD0Vw/7Bjo7eoFRIPMlhrdrCwB6Ew0j0ylIrz+bqRpj2WxnOlPbH82xkweslCzNGGrGt9gzJC/wmksWfLQXgirntDDj++tT2yzc2SsKmL0vMfvbAeggm52G5aGhAR31ut7haFOED13lo15Q+lrHsj3tC06BeQ==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-TOKEN="\"v=2:t=FA==BST_IAAAAAAABLwIAAAAAF-GIT0RDmdzLmljbG91ZC5hdXRovQASJCSqoNZUy5NeJXymV0F1g5ShCNn37TYDGcMfyaTfGf5oT3cVRwOkJlA-xDaXw-hz7p1Zn097QqsR2GFEJqJa95SYdZBz2TggxPfOWvyYfqIYvg1KmyAw5ofGVtjJej7mG3076r_cUj54tJM_CcI1T2TyEw~~\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-USER="\"v=1:s=1:d=16712651607\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X_APPLE_WEB_KB-VLJ6UQTTOVVJBL6P6TF6FN9AFA8="\"v=1:t=Bw==BST_IAAAAAAABLwIAAAAAF-Ey1MRDmdzLmljbG91ZC5hdXRovQD2-aF0Tfe6nAf8f3kHW5xJZGUddAFr2l01zb1yxuzRcVhjAHQbl2Wi3NH9KWo6WRer7ZlfePwDbRx2NZ0qG62IEznOeB3LYJfTQOkSk1LLr39GmraNsXCBMYPd-tqkVwSsnpbN0dhptaOj22_VI85Zv0Yztg~~\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-12-11 21:32:04Z"; HttpOnly=None; version=0

Most of the records are links for the iCloud services that are available. The WEBAUTH-USER record, I think, it’s the one controlling the verification. Notice the expires = on each line. That indicates when this ‘session’ expires and needs to be reverified. I logged in yesterday and it will expire in 2-weeks. I used my non-2fa account but my 2fa account looked the same.

Look at your cookie file and look at the expiration date on the WEBAUTH-USER record. Is it 2-weeks like mine or another time period?

[poudenes]

The need to authenticate and validate its controlled by iCloud using their cookie file. iCloud3 just gets their notifications and issues the verification request. The cookie file is your email in the /config/.storage/icloud directory. The file name is the username without punctuation.

It contains a bunch of text records. Mine is:

#LWP-Cookies-2.0
Set-Cookie3: acn01="YxaA1vh8jnMcUtBZWkenRAs6ARzt7uhhfq4cNUElABtEWBYhOGc="; path="/"; domain=".apple.com"; path_spec; secure; expires="2021-04-13 15:16:34Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Cloudkit="\"TGlzdEFwcGw6MTpBcHBsOjE6ATwNcHi7QdvRf9QdNUYcWpuEmRbePAjg1BzfJ4pXd5XqGHJ++FSyY6SMI/iExrh3MNbk8vG8pFB+KUIdgqurOrnqo/NOdlPCdCYWJwiBR5PnnAf+fGHOE+Yb04o8H4r9IyI1XFIReeHfdep205A3ZE5WbLFCSWwe/BoWbP12juswZKTOSyOI+w==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Documents="\"TGlzdEFwcGw6MTpBcHBsOjE6AWJHuwU2of84kVP8idco2CteFBG6GVGRlZ5xT6pRMDF7nnXDoG2NB4lxf+Eu16xHtoG8tmlfIbiPCrOf2ZIiJY8gDZ1lsnghFoaJFwRP/6lqdCT5fGLWKvRe1nprIw+ntokTWoEu+W8BD5ivnUSvRRWJiW9sjQsr0ISUWaOY8cvhrjaN//BFBQ==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Mail="\"TGlzdEFwcGw6MTpBcHBsOjE6AVbCj6FWtYW6NlPux9jD+X3YL4QDSA0MyMt0nMnPZx6MJUv1cngHJVCOPvxmPsU3H0B/m8iH8nRcV7sj0XKk0xfgc/ZTiNY9ta2noDKGkuK133zJNO1pyVYxTalkS4JMYYpPgDBYaz6NJSsvW2Yq9K8tgkxDCTxwPQJrckO9jrmq/txpSUcNMg==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-News="\"TGlzdEFwcGw6MTpBcHBsOjE6Afs8CP26Lg5c1gWpuwlKSPM/pcaNehv75hFtPQ4USw8663WVnZVFoU8oLc3tHf2tyAwPhD+LRanKX6lJBhsLLMDcnTTrOIn8DmXCMNzAMJNvwcPHGbMvjU+FLF19q9PDOVo1yHxf9qHdQvxNQTozJ8OUjv3fkUO+hdqsUBY8HagfVmK39O7dxw==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Notes="\"TGlzdEFwcGw6MTpBcHBsOjE6AZE8/mMG1OZ3pPY9aCediax1txc1vSrNvftA2uBjGd9HNH3Da8UADiX5cBOHzyucH/gscz8GitK/2sESZqGLtZM2uLYg+80g44RCfhGpueSwU1Wubb7QoNgW/uReP4frcVc67KDhsy8HHQjVl9BSea6RWbXA92Ljh4Y/oEf+H95bgSWGxLH3og==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Photos="\"TGlzdEFwcGw6MTpBcHBsOjE6ASgWO7NeyqaJn73i6zQa0SPEGppnmlLcKYtPgy3kwo3HIMcyyWAwFvp0ECmETN1jzeatPxFZcCK8MQB5Rb0o5EUtwzmRwOmf/rCUDQ2nX0/ETfsjjgYlHsuD38do2+FWO7CtDiZOCU1QfqI1nRbJD5TABIetqsmwNz8uAOJFzn9bwtVmxQMKmQ==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Safari="\"TGlzdEFwcGw6MTpBcHBsOjE6AZTqY3zZmO5eoHwDwowl4U9+ghHlUcuhTBUOQkXyt+FFNnOMw1413+iHm7PYZ+SWKeSeDrSh0UXEOdomr+BDQGkCkkvCFgUurcnhMk4bI0ZIGRMQkQP1oYLys7J+F9xulwdqgeLeUcKu00Tz95P/rtPzxjAYbV2ZNZsW0tM/d5UVxXoV6cKHzQ==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-PCS-Sharing="\"TGlzdEFwcGw6MTpBcHBsOjE6AS7hdv1GTIfcmHMu5W/eVxEUCHD0Vw/7Bjo7eoFRIPMlhrdrCwB6Ew0j0ylIrz+bqRpj2WxnOlPbH82xkweslCzNGGrGt9gzJC/wmksWfLQXgirntDDj++tT2yzc2SsKmL0vMfvbAeggm52G5aGhAR31ut7haFOED13lo15Q+lrHsj3tC06BeQ==\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-TOKEN="\"v=2:t=FA==BST_IAAAAAAABLwIAAAAAF-GIT0RDmdzLmljbG91ZC5hdXRovQASJCSqoNZUy5NeJXymV0F1g5ShCNn37TYDGcMfyaTfGf5oT3cVRwOkJlA-xDaXw-hz7p1Zn097QqsR2GFEJqJa95SYdZBz2TggxPfOWvyYfqIYvg1KmyAw5ofGVtjJej7mG3076r_cUj54tJM_CcI1T2TyEw~~\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X-APPLE-WEBAUTH-USER="\"v=1:s=1:d=16712651607\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-10-27 21:50:54Z"; HttpOnly=None; version=0
Set-Cookie3: X_APPLE_WEB_KB-VLJ6UQTTOVVJBL6P6TF6FN9AFA8="\"v=1:t=Bw==BST_IAAAAAAABLwIAAAAAF-Ey1MRDmdzLmljbG91ZC5hdXRovQD2-aF0Tfe6nAf8f3kHW5xJZGUddAFr2l01zb1yxuzRcVhjAHQbl2Wi3NH9KWo6WRer7ZlfePwDbRx2NZ0qG62IEznOeB3LYJfTQOkSk1LLr39GmraNsXCBMYPd-tqkVwSsnpbN0dhptaOj22_VI85Zv0Yztg~~\""; path="/"; domain=".icloud.com"; path_spec; domain_dot; secure; expires="2020-12-11 21:32:04Z"; HttpOnly=None; version=0

Most of the records are links for the iCloud services that are available. The WEBAUTH-USER record, I think, it’s the one controlling the verification. Notice the expires = on each line. That indicates when this ‘session’ expires and needs to be reverified. I logged in yesterday and it will expire in 2-weeks. I used my non-2fa account but my 2fa account looked the same.

Look at your cookie file and look at the expiration date on the WEBAUTH-USER record. Is it 2-weeks like mine or another time period?

I see that my renewal will be on 2020-10-28.

I saw also a old file. I delete that one. Maybe this give some problem? That one was from februari 2020

[poudenes]

Ok. I did some restarts today. And now couple of hours later do a restart of HA again. It ask me again to do the verification. After your last post my renewal was 2020-10-28

So something is not going well

[gcobb321]

look in the HA Sidebar > Configuration > Logs for any error messages from iCloud3 or pyicloud_ic3.py. An Error 450 or 500 generates the verification request. Post anything you see.

[gcobb321]

iCloud3 v2.1 used a second non-2fa account with the Find-my-Friends tracking method to get around 2fa verification issues. This is done by adding a non-2fa account, adding the tracked devices to the contacts, setting up FindMy App on each tracked device to share their location with the non-2fa account and using the non-2fa account in the username/password configuration parameters.

I have updated the iCloud3 documentation to show how to do this. You can find it here.

The instructions also list the steps that will create a non-2fa account.

[gcobb321]

*iCloud3 v2.2.1b Update I have uploaded a few fixes to the v2.2.1 Development Area here. Download the zip and unzip it into the custom_components/icloud3 directory. See the change log in that directory for the changes.

[poudenes]

installed your latest dev version 2.2.1b

[poudenes]

After the latest install 2.2.1b i have issues. Before i went to work everything work correct. Was able to restart HA many times, because i was update some yaml files. I was at my work and got notification from Apple that "icloud3" was try to connect. After i logged in i must do the verification procedure to let it work.

So i went to work there is nothing happing on HA Server and suddenly i need to verify icloud3 again.

[gcobb321]

iCloud3 requests information from iCloud Location Services on a regular basis. The time it does that us usually in the Next Update attribute. It doesn't matter where you are when iCloud3 does the update and the verification request is controlled by iCloud Location Services. iCloud3 has nothing to do with when it happens and can only notify you that a verification is needed. The iCloud3 Event Log shows what is going on, what the polling interval is, where you are and the verification request notification information. I am sure you have reviewed that for log information. If not, I urge you to become familiar with the information it provides. The Event Log is discussed here and here.

You have had a lot of problems with the iCloud verification process and the timing between the verifications. Perhaps it's due to where you are located and the services iCloud provides in the Netherlands. I don't know.

iCloud3 v2.1 operated by setting up a dummy non-2fa iCloud account, sharing your phone's location with that account, using that account in the username/password iCloud3 parameters and using the Find-my-Friends tracking method. That method of setting up iCloud3 eliminated the verification process, except for maybe the first time. I have updated the v2.2 documentation to explain how to set up a non-2fa account, how to share your phones with it and it may solve all of the verification problems you have had. It is described here. Review the instructions, set it up and see how it works.

[timaseth]

Hi Gary and others; sorry, I could not respond sooner (work!). So, the famshr did not work for me (far too many notifications and alerts and just apple being a big brother bully!). I chatted-up with Apple support this morning:

1. 2FA can not be turned off.
2. New account can not be setup without 2FA (she was not 100% on this though)

Luckily, I had an old iCloud ID from my old iphone4 days which was unused and it did not have 2FA. Set that up just a short while ago - I shall keep you all posted.

Cheers

[gcobb321]

@timaseth Actually you can set up a non-2fa account. I set one up a new one Friday but it has to be done on a PC in a browser (Mac in a browser too I guess). Instructions are in the iCloud3 docs here

[poudenes]

Tried to create a new account but you need add mobile number. So 2fa will be always on... My new account have 2fa and it's not possible to disable it also.

[gcobb321]

I followed the steps here and set one up. The mobile number in the non-2fa account does not turn on 2fa. The steps 6 & 7 below is what did not turn on 2fa for me. This can not be done on a iphone or an iPad. This needs to be done on a computer, although I did not try it on chrome or safari on an iPad.

6. Select Other Options on the Apple ID Security window.
7. Select Don't Upgrade on the Protect your account window.
8. Select Continue on the Apple ID & Privacy window.

[poudenes]

Here screenshot step by step what you see. No option to choose non-2fa or 2fa

###################################### Email verification: ######################################

###################################### mobile number verification: ######################################

###################################### then the screen with all info ######################################

[gcobb321]

What was the device (iPhone, iPad, max out pc) you used to try to create the account? What browser (chrome, safari, edge, other)?

[poudenes]

IMac osx on safari...

https://support.apple.com/en-us/HT204915 Almost down the page. There is nothing saying you can create 1 account without 2fa

Can I turn off two-factor authentication after I’ve turned it on? If you already use two-factor authentication, you can no longer turn it off. Certain features in the latest versions of iOS and macOS require this extra level of security, which is designed to protect your information. If you recently updated your account, you can unenroll within two weeks of enrollment. Just open your enrollment confirmation email and click the link to return to your previous security settings. Keep in mind, this makes your account less secure and means that you can't use features that require higher security.

[poudenes]

Had contact with Apple Support: New accounts ALWAYS have 2FA and Can't be disabled... Only already used accounts in past where 2FA is disabled and someone enabled it. Can within 2 weeks revert it back.

So creating a new account will not solve the problem with the short 2FA problem writer here

[poudenes]

I have now enabled debug modus. This night got message again to verify the account. This morning turn on debug. reboot HA and did whole verification proces. Now what until I get the message again for new verification sooner than the 2 weeks. I will do a new verification when done, I will send the log to you. Maybe you can see why I get every time a message.

(probably because of the 2FA option)

[poudenes]

I have send you 2 debug logs... (via email)

[gcobb321]

I gave them and will look at them later today.

———————— Gary Cobb On Oct 20, 2020, 12:14 AM -0400, poudenes notifications@github.com, wrote:

I have send you 2 debug logs... (via email) — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[gcobb321]

I've looked at the log files and found a few program problems I'm working on. Non have anything to do with the verification (see more on this below).

1. I found a formatting problem with the Center-in-zone message.
2. You are getting a lot of poor gps error messages with a gps accuracy of 65m. I would increase the accuracy to 100m (the default) to eliminate them. They can take a lot of polls to resolve and can mess up your location tracking because of the delays.
3. The iOS App reports the friendly name of the zone instead of the zone name (home/huize asingaborg) and that was leading to some zone mismatch errors and differences between the last and current zone. I'm working to resolve those problems now and will update v2.2.1c when I have it working correctly.

You have the zone.home friendly name as Huize Asingaborg. Did you do that with the UI, edit the entity name or do an update on the entity registry itself? I've been trying to change mine and can not get it into an editable state.

Authentication/Verification Issue -- The HA log file didn't contain any info that helped. I have uploaded the interface program, pyicloud_ic3.py, to the development directory here. Download pyicloud_ic3.zip, unzip it to the custom_components/icloud3 directory and add the following to the configuration.yaml file: (or merge it into your logger: statement if you have one)

logger:
  default: info
  logs:
    custom_components.icloud3.pyicloud_ic3: debug

It will dump every transaction sent to and received from iCloud Web Services. Rename the /config/.storage/icloud cookie file to save it and force a verification when you restart HA. Then restart HA, go through the verification process until it takes or 4-5 retries, zip the ha log file and let me review that file.

[blhoward2]

Just checking in. I enabled the debugging and it happened twice, but then I restarted for another reason and I haven't been promoted again.

[gcobb321]

poudenes sent me a HA log file but it didn't have the info I needed. See the post above in the Authentication/Verification Issue. It has instructions on getting HA log file data that might help.

The problem is Apple made changes in the ability for a program to access iCloud data through the Web on/around 10/8 and that screwed things up. I don't know if doing the above will help but I need the raw data to see if I can figure it out.

Thanks

[blhoward2]

Yep I already turned on the logging per your instructions. I just lost the log file where it happened and it hasn’t happened again. It’s been working for a few days now no problem.

Just providing another data point and letting you know that I didn’t abandon your effort.

[gcobb321]

FYI-I just had to do a verification. It succeeded so I have the log files showing iCloud activity doing a successful verification. The cookies now expire on 11/3, 2-weeks from now.

[blhoward2]

That’s going to be mighty annoying if they expire the token every two weeks. Is there not a way in the API to exchange it for a new token? That’s how Google’s API works. My dashboard checks out a new refresh token on its own.

I’ve never looked at Apple’s but what is the hurdle to get to what other services/apps do where the user is never reprompted? I’m just genuinely curious. When I was on SmartThings the WebCoRE presence sensor app worked pretty flawlessly without the exiting the zone from wandering issue the HA app has. Would it be more reliable and simpler to have the HA app use the same sort of zone logic that you’re using without piggybacking on the family sharing platform? It just surprises me that HA doesn’t have this more perfected in general given the high adoption rate of presence sensors.

[gcobb321]

Can you code? Do you know Python? What you talked about would be great.

The program that interfaces with iCloud was written 3-4 years ago and has not really been maintained. And we are stuck with it for now. A new developer is now doing a little support but not to the core routines that interface with iCloud. There isn’t much documentation from Apple on what to do and none of us is getting paid, unlike SmartThings, Google and other companies with large staffs.

I would love some help figuring out how to fix this issue. pyicloud.py is the base of everything. It’s GitHub repository is [here(https://github.com/picklepete/pyicloud).

[blhoward2]

Can you code? Do you know Python? What you talked about would be great.

The program that interfaces with iCloud was written 3-4 years ago and has not really been maintained. And we are stuck with it for now. A new developer is now doing a little support but not to the core routines that interface with iCloud. There isn’t much documentation from Apple on what to do and none of us is getting paid, unlike SmartThings, Google and other companies with large staffs.

I would love some help figuring out how to fix this issue. pyicloud.py is the base of everything. It’s GitHub repository is [here(https://github.com/picklepete/pyicloud).

I’ll email you at the address you posted for the logs.

[poudenes]

I have updated the icloud3-event-log-card.js and device_tracker.py files with your zip. Renamed the cookie file, reboot HA. Get 3 trusted devices. (Popup with verification code on iPhone, iMac, Watch)

When I select my phone for verification, before Apple called me with a code. Now nothing happen. When I give one of the popup verification codes it say its not valid. ( THIS is maybe not correct, seems we have a mobile network problem in the area at the moment )

You have the zone.home friendly name as Huize Asingaborg. Did you do that with the UI, edit the entity name or do an update on the entity registry itself? I've been trying to change mine and can not get it into an editable state.

Add the zone.home into the customize part of HA:

zone.home:
  friendly_name: "Huize Asingaborg"

Ill do the test later on when the mobile network is running again.

[gcobb321]

Those pop up codes are to be ignored. You have to select trusted device code from HA Notifications, get a text message with the code and then enter that code back into the HA notification message.

I did the friendly name in Configuration.yaml. I’ll try again but think I have Zone name issue figured out.

[poudenes]

Those pop up codes are to be ignored. You have to select trusted device code from HA Notifications, get a text message with the code and then enter that code back into the HA notification message.

I did the friendly name in Configuration.yaml. I’ll try again but think I have Zone name issue figured out.

There is a mobile network outage here. So will try later the way I normal do. I did send you a log but you can ignore that. I will send a new log file after the verification has ben done correct.

[gcobb321]

Did you do the pyicloud_ic3.py file? You need to do that one and put the logger debug statements in the configuration.yaml file to get the iCloud network traffic log. And then do the verification.

[poudenes]

Yes I updated the pyicloud_ic3.py add the debug logger. renames the old cookie. restart HA and get the normal stuff. But because of the mobile outage I can't do the verification at this moment. I'll come back on this when outage is over.

[poudenes]

verification has been done. What did you mean with "4-5 retries" ? Verification as been done and everything is running now. Only thing now is wait untill I must do verification again sooner than the 2 weeks?

[gcobb321]

v2.2.1c has just been uploaded to the development directory here that fixed this problem.

Download and unzip the development - v2.2.1c.zip file into the icloud3 directory. and restart HA.

The change log is in the iCloud3 forum here

[poudenes]

Installed it and lets see!

[poudenes]

Since your last update 2.2.1c i didn't get any new verification requests! Hope this update will hold for 2 weeks before i need to verify again! :+1:

[maartenhendrix]

Hi, Not sure if this is the right topic but i'm having a problem with the verification step. I was running version 2.2.0 and updated to 2.2.1c as suggested here but i still get an error, both gave me the same error: Logger: homeassistant.components.websocket_api.http.connection.140619846390016 Source: custom_components/icloud3/device_tracker.py:8930 Integration: Home Assistant WebSocket API (documentation, issues) First occurred: 12:56:42 PM (1 occurrences) Last logged: 12:56:42 PM 'NoneType' object has no attribute 'send_verification_code'

Traceback (most recent call last): File "/usr/src/homeassistant/homeassistant/components/websocket_api/commands.py", line 138, in handle_call_service await hass.services.async_call( File "/usr/src/homeassistant/homeassistant/core.py", line 1335, in async_call task.result() File "/usr/src/homeassistant/homeassistant/core.py", line 1370, in _execute_service await handler.func(service_call) File "/usr/src/homeassistant/homeassistant/components/configurator/init.py", line 235, in async_handle_service_call await self.hass.async_add_job(callback, call.data.get(ATTR_FIELDS, {})) File "/usr/local/lib/python3.8/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/config/custom_components/icloud3/device_tracker.py", line 8930, in _icloud_handle_trusted_device_entry text_msg_send_success = self.api.send_verification_code(self.trusted_device) AttributeError: 'NoneType' object has no attribute 'send_verification_code'

I'm running HA 0.116.4

[gcobb321]

@maartenhendrix That error indicates the was no Trusted Device number entered in the first verification screen. Check the Event Log to see if anything was entered to select the device to receive the 6-digit authentication code.

[maartenhendrix]

But i did:

[gcobb321]

The send_verification_code routine is actually in pyicloud_ic3.py module.

• Check to make sure it is in the custom_components/icloud3 directory.
• Check the Event Log to see if there are any username/password or other errors when icloud3 starts.

[maartenhendrix]

Thank you for the very fast replies! Very much appreciated.

• The file is in the directory.

• The log shows: 2020-10-25 17:34:06 WARNING (MainThread) [homeassistant.loader] You are using a custom integration for icloud3 which has not been tested by Home Assistant. This component might cause stability problems, be sure to disable it if you experience issues with Home Assistant. 2020-10-25 17:34:09 ERROR (SyncWorker_24) [custom_components.icloud3.device_tracker] iCloud3 Error for > No devices were returned from the iCloud Location Services. iCloud FamShr Location Service is disabled. iCloud3 will use the IOS App tracking_method until your account is authenticated. 2020-10-25 17:34:10 ERROR (SyncWorker_24) [custom_components.icloud3.device_tracker] iCloud3 Error for > No devices were returned from the iCloud Location Services. iCloud IOSApp Location Service is disabled. iCloud3 will use the IOS App tracking_method until your account is authenticated. 2020-10-25 17:34:10 ERROR (SyncWorker_24) [custom_components.icloud3.device_tracker] iCloud3 Setup Error > > The iOS App device_tracker entity was not found in the Entity Registry.. Device_tracker entities (suffixes) found -

[gcobb321]

Take a look at the iCloud3 docs here. It shows the Event Log during iCloud3 startup, followed by some troubleshooting help. Also see the iCloud3 docs here on the iOS App entity name and suffix needed to tie everything together.

[maartenhendrix]

Thanks for the help it seems to be a problem with the account. I created a secondary account but it seems not to work so i switched to the main account and it works now.

[bobvmierlo]

I've tried the latest version 2.2.1c with my 2FA account, it worked for 2 days and then it started raining persistant notifications and errors again asking me to reauthorize again. Switched back to my non-2FA account again for now.