[BUG] login with App-Passwords not working

[knmax]

Describe the bug When starting the container I receive the following error: 2023-08-19 20:55:09,745 :: ERROR :: icloudpy.base :: base.py :: 186 :: Missing apple_id field

To Reproduce Steps to reproduce the behavior:

Start container with docker compose up

Expected behavior start of the container and run

Screenshots

Configuration If applicable, please share the configuration details

app: logger:

level - debug, info (default), warning or error

level: "info"
# log filename icloud.log (default)
filename: "icloud.log"

credentials:

iCloud drive username

username: "my-apple-id"
# Retry login interval - default is 10 minutes
retry_login_interval: 600

Drive destination

root: "icloud" smtp:

If you want to receive email notifications about expired/missing 2FA credentials then uncomment

# email: "user@test.com"
## optional, to email address. Default is sender email.
# to: "receiver@test.com"
# password:
# host: "smtp.test.com"
# port: 587
# If your email provider doesn't handle TLS
# no_tls: true

region: global # For China server users, set this to - china (default: global) drive: destination: "drive" remove_obsolete: false sync_interval: 300

filters: # Optional - use it only if you want to download specific folders.

# File filters to be included in syncing iCloud drive content

folders:

#  - "folder1"
#  - "folder2"
#  - "folder3"
#file_extensions:
  # File extensions to be included
#  - "pdf"
#  - "png"
#  - "jpg"

[mandarons]

Login manually if ENV_ICLOUD_PASSWORD is not specified and/or 2FA is required

docker exec -it icloud /bin/sh -c "icloud --username=<icloud-username> --session-directory=/app/session_data"

[knmax]

I‘m sorry - apparently I forgot to mention, I have already used the ENV_ICLOUD_PASSWORD in my .env.icloud Do I need to add a seperate ENV value for the appleid itself?

[mandarons]

No. You don't need apple ID environment variable. It takes from the config.yaml file. Please still try manually logging in using below command: docker exec -it icloud /bin/sh -c "icloud --username=<icloud-username> --session-directory=/app/session_data" If it still doesn't work, please share your docker compose file.

[knmax]

Thanks for the feedback. I managed to put in the command while the container was starting - it seems as it is doing something now - at least when I pull up docker container stats it shows the container being active every few seconds, before it was just stuck at 0. Is there any way how I can verify if it is working or not?

[mandarons]

Please share your docker-compose file. What you're experiencing is highly unusual.

[knmax]

I hope this helps to figure out was is going on... I start the container either by using "docker compose up" directly in the folder or I use "docker container start icloud" icloud-drive-docker.zip

[mandarons]

To keep it simple, please try below configuration -

docker-compose.yaml

version: "3.4"
services:
  icloud:
    image: mandarons/icloud-drive
    env_file:
      - icloud.env #should contain ENV_ICLOUD_PASSWORD=<password>
    container_name: icloud
    restart: unless-stopped
    volumes:
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
      - ${PWD}/config.yaml:/app/config.yaml
      - ${PWD}/data:/app/icloud
      - ${PWD}/session:/app/session_data

For ENV_ICLOUD_PASSWORD, use your iCloud login password (i.e. password you use to log into iCloud.com) and not an app password.

[knmax]

I tried to login with those settings - also changed the password to my usual icloud password, the problem is I can't login as I have 2FA enabled - where do I put in my 2FA Code?

Edit: Nevermind - I started the container via docker compose up -d and afterwards used your previously mentioned "exec" command - typed in my 2FA-code and it now seems to be working.

[knmax]

I also found the option how to change the directory where the data will be stored - already downloaded 5.5Gb - so apparently truly working.

Would be great if it would be possible to use a App-Password in the future - but I guess there still needs to be done some work if it's even possible.

[mandarons]

This app pretends like a web client of iCloud.com. It is not registered with Apple. I think, you can use app passwords only with the apps that are registered with Apple through their developer account (which costs money).

Yes, it would be ideal to have this officially registered with Apple and using CloudKit API. It would unlock many possibilities. But that might also mean I will need to charge $$$ for this app to cover Apple's costs. I want to keep it free and open for everyone to use. Cheers!

[knmax]

Oh, didn't know that to be honest, completely understandable with that knowledge, can you tell me how long one login will last? So how long until a new 2FA code is needed to be able to use the service again? On another note, is the usage of the CloudKit API only bound to having a developer account or would you need to pay for that usage on top of it?

[mandarons]

It will not ask for a new 2FA for at least a few weeks. If you configure SMTP settings in config.yaml, the app will send you email indicating 2FA is required.

Regarding Apple registered app - I quickly scanned through their developer API offerings and it doesn't seem like there is any that allows access to iCloud Drive and Photos outside of their ecosystem. Only way to access it is through iCloud.com on non-Apple devices. There is no web service I could find besides authentication (i.e. login with Apple) that is exposed on non-Apple devices. I might be missing something but wouldn't know without doing some prototypes with Apple dev account.

I don't think Apple charges extra to developer of app besides developer account for operations. They may charge for development activities like cloud hosted testing etc.

[knmax]

Ok thanks, I will configure the mail-settings so I get notified About CloudKit - no worries, was just thinking about it 😊