search

gcobb321 / icloud3_v3

iCloud3 v3, Development Version - This Repo/Version is used for development and testing of new and updated features. It is not the official release of iCloud3 v3, .
MIT License
169 stars 13 forks source link

Your Apple ID was used to sign in to iCloud via a web browser messages with V3 #293

Closed nivek1612 closed 3 months ago

nivek1612 commented 7 months ago

Since upgrading to v3 I'm getting several emails a day from Apple telling me my id was used to sign into iCloud. This didn't happen at V2

JtwoA commented 7 months ago

This has been asked/answered a few times previously in this repo. It's on Apple's side. For your convenience https://github.com/gcobb321/icloud3_v3/issues/72

nivek1612 commented 7 months ago

Strange I have never had an issue before v3 though but thanks for the reference

gcobb321 commented 7 months ago

@nivek1612 The emails are a pain and iC3 authenticates the account using a Token first and then the Password. v2 did it a little different and, as I recall, used the password most of the time. When trying out various methods to see which one generated the least emails, it seemed like the way it is done now worked the best. Apple sets the expiration date/time to about every 30-minutes. The Event Log > Show Tracking Monitors show when this is done and the method used. It is this reauthentication that generates the emails.

More info about this can be found in the iCloud3 docs here. It also suggests ways to help make them less aggravating.

Lx commented 5 days ago

Hi @gcobb321,

Thank you for your efforts on the iCloud3 integration.

I wanted to ask whether you're aware of "refresh tokens", which should be getting returned when authentication occurs and can be used to keep the session alive.

I'm not familiar with the specific mechanics of these for the iCloud API, but generally, the process involves passing the previously received refresh token back to the API, which the backend takes as a request to extend the life of the access token and responds by returning a new, different refresh token for submission next time. As long as the refresh token is used at the required frequency, the access token should last for days, weeks, or even months.

Looking briefly at the source code, I would suspect that this activity should occur in icloud3.support.pyicloud_ic3.‎PyiCloudService._validate_token‎. A quick word search on the entire repo suggests that refresh tokens aren't being collected or operated on.

I apologise if this has been previously considered and not adopted for specific reasons—but I couldn't find any reference to this in the related bug reports, and so I thought I should ask.

My belief is that if refresh tokens are correctly managed, recurring reauthentication (and resultant emails) could be avoided.