icloud_photos_downloader: Can no longer log in: Bad username or password

just following.

Then please just please subscribe, nobody wants to get spammed with “just following” updates!

1.17.0 released and has the fix

Update: All test are now passing for the auth_fix branch with 99% code coverage (matching the master branch). Hopefully this will allow for the branch to be pulled into the master.

The 2SA/2FA cases noted above will still need to be looked into but I’m hopeful these can be treated as separate issues and allow the core fix to be merged for those that are waiting on this due to various package distribution requirements.

Happy Holidays!

I can replicate the issue on docker with 1.16.3 without keyring, so it is general issue and most likely related to some changes on Apple side as my 1.16.3 was running for a number of days before the issue started.

Does anyone know how to apply this fix for docker running in synology nas?

@scaraebeus’ fix worked for me. Built a local docker image and successfully grabbed my photos from two accounts! 🎉

I’ve built a new container with iCloud 1.17.0, but the behaviour is not the same. I am no longer presented with the option to perform SMS based multifactor authentication. I also receive a warning about it not being able to parse JSON, which I’ve not seen before but I’m not too worried about, as the application downloads the photos regardless:

2023-12-20 12:08:01 DEBUG    Configure password
2023-12-20 12:08:01 DEBUG    Adding password to keyring file: /config/python_keyring/keyring_pass.cfg
2023-12-20 12:08:01 DEBUG    Switched to icloudpd: 1.17.0
Enter iCloud password for my@email.com:
Save password in keyring? [y/N]: y

Two-step authentication required.
Please enter validation code
(string) --> 137446

2023-12-20 12:08:46 INFO     Starting container initialisation
2023-12-20 12:08:46 DEBUG    Generate MFA cookie using password stored in keyring file
2023-12-20 12:08:47 DEBUG    Switched to icloudpd: 1.17.0
2023-12-20 12:08:47 ERROR    Authentication required for Account. (421)
Please enter two-factor authentication code: 119033
2023-12-20 12:09:20 WARNING  Failed to parse response with JSON mimetype

Is SMS based multifactor authentication no longer possible?

Previous behaviour was that saving to the keychain required SMS MFA, it did not have an option for Apple’s built in MFA.

Performing a download would then trigger a second MFA prompt, which had two options for MFA; SMS and Apple.

I noticed this behaviour when attempting to relocate the MFA cookie in my container from $HOME/.local to /config. Took me a lot of deletes/recreates to get it working reliably.

Edit: I think it’s also worth mentioning that I actually had two SMS numbers I could use for three of my containers. I have added my phone number as a trusted number to the three accounts of my family members. This allows me to re-authenticate their containers without me needing access to their devices. Very useful feature.

@scaraebeus I join previous comment to thank you for your great contribution here, I patched the main branch with #734, built and installed it with pip and got it working on both raspbian/debian bullseye (11) and bookworm (12) . I am also using edits as described in issue #249 so that I can download both edited media (the ones we see on the phone and in iCloud) and original media in a regular cron backup script to my pi-based NAS, which makes this script critical to me. thanks again and congrats for keeping it working !

@scaraebeus thanks a lot for your hard work and dedication. It is well appreciated by many.

Is there a update for the PIP (windows) Version? I don’t use docker. Or do I have to wait for next friday?

Not sure on timing for the official update. Unfortunately for my fix to be pulled in, there are a few things that need to be in place on my branch for it to be accepted. I’ve been working through updating the various tests and code coverage and in doing so I am finding some other parts of the pyicloud_ipd/base.py auth flow that are no longer working correctly due to (possibly) recent changes in how the responses are coming through.

I’m working through it but it will take some time - especially with the holidays coming up.

The only option I’m aware of at this time is to consume the auth_fix branch directly if your environment and setup allows you - with the risk that it has yet to be fully tested and vetted.

@amdydesign as above, git checkout auth_fix. Or wait until branch is merged into master.

The docker solution does not seem to work for me: I’m still getting invalid email/password combo when attempting this via a build docker container:

The master branch has yet to be updated. One proposed solution is available in PR #734.