[iCloud] Bridge-Thing generates Communication Error #13282
Comments
RalphSester
added
the
bug
|
This issue has been mentioned on openHAB Community. There might be relevant details there: https://community.openhab.org/t/icloud-binding-communication-error/122131/336 |
|
This is related to this #13231 previously reported issue, but it appears to have gotten worse. At least for me, A disable/enable cycle, restart of the binding, or restart of openHAB no longer fixes the issue. From the comments in the openHAB community, https://community.openhab.org/t/icloud-binding-communication-error/122131/336?u=biggeorgetx, this is impacting many users. Tagging those who worked on the last iCloud binding fix just to make sure they are aware of the issue. |
|
Maybe this information helps: If I read it right (I' no developer), looks like apple changed something in authentication and is not compliant to specifications anymore. |
|
This issue returned today for many users. https://community.openhab.org/t/icloud-binding-communication-error/122131/327?u=biggeorgetx |
|
It seems, that the iCloud-Binding has no developer since a couple of months. if this problem can't be fixed soon, it would be better to remove it from OH 3.4 !! @digitaldan: Do you have some ideas? |
|
I'm not very active currently as a maintainer, and will most likely not be so in the near future because of a planned move, but fixing such issues in an open-source project is not the sole responsibility of the binding maintainers, everyone is allowed, and should make a PR to fix this issue if they are capable to do so. However, please note that in this specific case we are NOT using an official API provided by the company but relying on some internal API that was never intended for us to use. So it could well be that it is both hard to fix and only a temporary fix. I do have a short amount of time now to spend on it and I do think that the suggested resolutions are not perse correct because the error tells us that Apple send us a 401 without including a We do send authentication in a so-called basic auth header, I just validated in Postman what happens when I perform such a request and it is actively killed by some service in between: I receive the following response: So my guess is that they might be explicitly banning us from using this old endpoint and the binding might have to be rewritten. |
|
This issue has been mentioned on openHAB Community. There might be relevant details there: https://community.openhab.org/t/icloud-binding-communication-error/122131/377 |
|
It’s not a binding issue, apple not in line with http specs at the moment |
Source ? |
|
Al lot of research 6 month ago when same error was shown. You can look in the community too |
err, i don't use this binding and don't think i have contributed to it so i'm not sure how to help. ( i sometimes mix up threads about this binding and the openHAB Cloud binding since they sound similar in name, maybe thats the case here?) |
|
My solution was to install Home Assistant in my docker, installed iCloud integration, and established communication between the two systems via MQTT, and automations in HA. For example if me, as a person changing location, HA sends ON/OFF to my atHome, atWork switches. Or when my battery level changes, HA sends the value, and OH rule can warn me to charge my phone/watch. It was urgent to solve the issue, because lot of my rules depending on if somebody is at home, or not. You can do that in less than 2 hours. |
|
OwnTracks with mqtt works fine too. |
|
I am using OwnTracks with the GPSTracker Binding, which works well, perhaps better with my and my wife’s iPhone. Better because you can set a geofence and get real-time presence versus the potential 5 minute or more delay with iCloud. But I use iCloud for devices like my AppleWatch that do not, at least as far as I know, support OwnTracks. |
|
Does anyone know where to find information about the "official" way to connect to iCloud, if we should re-write the binding? |
|
Might be able to use the picklepete's pyicloud source code as a guide. |
|
I looked at picklepete's pyicloud and got it running on my Windows machine in Visual Studio Code. I can trigger "Find my iPhone" and get location etc. It is actually not very complicated. I think it is "easy" to migrate the authentication principles to the the existing OpenHAB iCloud binding, but I dont have any clue about how to make or test an OpenHAB binding. I can probably make a Postman Collection showing all the principles and endpoints, but if some one could make the changes in the binding-code, then I would like to help making the changes - we could work together over Teams or something. |
|
We could also pay someone from freelancer to do it.... |
|
If you could post the required HTTP request (inlcuding headers) here, I could have a look and try to create a PR + patched jar. The current implementation doesn't look too complicated. |
|
Hi Maihacke. First Endpoint looks something like this (replace all the xxx with your own values): |
|
Ok, what about the clientId. According to the docs it is something we need to acquire from WWDC: https://developer.apple.com/documentation/sign_in_with_apple/clientconfigi/3230948-clientid Is it okay to use the one from pyicloud? |
|
Hi Maihacke. The ClientId from pyicloud is created using a function "uuid1" in python. It says: "uuid1(), uuid3(), uuid4(), uuid5() for generating version 1, 3, 4, and 5 UUIDs as specified in RFC 4122." Unfortunately Apple has blocked sending more authenticationcodes to my iPhone at the moment - i cant test if other uuid's are working... |
|
Maihacke -> If you like we could make a teams meeting and I can show you the pyicloud in action. Then I guess it is easier for you to understand what it takes to implement in OH. |
|
The clientId is hardcoded here: https://github.com/picklepete/pyicloud/blob/332cc9fa767862480c27253233c2cfdf9f2ea0d9/pyicloud/base.py#L392 The state is generated, which is compliant with the docs. Regarding meeting, I'm currently very busy... Hope I can contribute here something nevertheless. |
|
Ok, there are two different client id's I was talking about client id in line 398 from your link above. |
|
I was able to send the mentioned request from within the binding. But this triggers a popup for 2FA on my local mac. I had a look on the pyicloud code and my impression is, that there is a lot more to do to handle 2FA correctly... |
|
Yes, im working on the next requests - It takes some time because Apple will only send a few codes to my phone pr. day, and then I have to wait. |
|
Again, if we could look at it together it would be easier I think. |
|
OK. I am good with that given that I came out with a workaround. |
@Matsuo3rd Glad to hear that worked for you. The second call after 20 seconds works great! Thanks for the tip. |
|
Hello everybody, with new modified binding of @maihacke , everything is working fine for me. Thank you very much for this work. But every day the binding is going offline and has to be restarted at the moment. Everytime when i restart the binding i receive an email from Apple, that "Your Apple-ID is used to login with a browser". Thank You! |
This is not the normal behaviour. Probably something with the 2-FA went wrong or you haven't 2-FA activated for your iCloud account. |
I have 2-FA activated, but everytime, when i start the binding i get this email...... Can i check something to find the problem? |
|
That's strange normally you should receive a code on one of your devices, which you have to provide in the config to prevent further logins/mails. You should check the logs, what happens here. Alternativly you could try to "reset" the bridge by removing it and re-adding it to openhab. |
|
I'm seeing the same things as @RalphSester. Every day or so, the iCloud binding goes Offline with the 450 error. If a cycle the iCloud Account Thing in the UI, it comes right back on line. And then I get an email telling me that my Apple ID was used to sign into iCloud. Ralph: can you share your code for automatically restarting the iCloud account thing when it goes offline? Thanks |
ok @BigGeorgeTx , here is my solution: I use the following rule to detect, if the Bridge-Thing comes offline: The command line starts a batch-file, which is starting putty.exe with the "RestartApple.txt" as script.
All the files (putty.exe, the batch-file and the RestartApple.txt) are stored in a directory "Putty" in the "userdata"-directory of OpenHAB. I am using OpenHAB in a Windows Server environment. May be, that there are some differences to RASPI or other plattforms. Ralph |
|
Restarting the full binding not necessary is my experience. Wait (normally bridge comes offline in a few minutes again) or disable and enable the bridge thing. This login again without a new 2FA, but creates a mail about new login via apple |
Yes, i know. But to disable and re-enable the bridge-thing is not automateable....therefore i restart the binding (automatically) |
|
That’s not true. You can do via rest-API (enable/disable) just another hint: here one bridge went offline 6 times this morning, but came online again within next 3 minutes. So you better not should restart binding immediately. ;) |
|
As already said the current auth flow is not optimal. I suggest to not put to much effort into automating workarounds, since the behaviour will be changed in the future. |
|
I created a new RC |
|
I have installed RC2 yesterday....with no problems until now. |
|
Hi @maihacke , after more than 24 hours since I installed your RC3, i can report, that the binding does not going offline like before and it seems that the renewal of the icloud-session-token is working transparent for users. It seems, that your work is exellent! Ralph |
|
Thanks, that are good news. Hopefully this could be integrated into the next OH release which is very close. |
|
This issue has been mentioned on openHAB Community. There might be relevant details there: https://community.openhab.org/t/openhab-3-4-milestone-discussion/138093/131 |
|
A lot of work as been done to prepare merge into main line. Code should work as before, but one can never know. So please test the new https://github.com/maihacke/openhab-addons/releases/tag/rc-4. |
|
Hello everyone, I installed and set up the RC4. Thank you so much for doing the binding programming. The configuration of the bindings also works wonderfully as a text file. Regards |
|
Here is another one for testing: https://github.com/maihacke/openhab-addons/releases/tag/rc-5 |
|
jo....installed now....comes online....retrieving all data.....will report after 24 hours again! |
|
Here is another one for testing: https://github.com/maihacke/openhab-addons/releases/tag/rc-6 (you do not have to follow all RCs for sure, but if people join, the should always use the latest one) |
|
The PR was approved. This is a RC for the version, which is going to be merged. If you find the time please test it: https://github.com/maihacke/openhab-addons/releases/tag/rc-7 |
|
Thanks everybody !!! |
|
Hello, |
|
Hey! Thanks! |
|
Sorry switches my notebook inbetween. Doesn't have it either. You could also think of using the java code as a blueprint, starting from org.openhab.binding.icloud.TestICloud#testAuth. It's not to complicated. |
The Brigde-Thing (iCloud-Account) does not go online.
It gets the state: COMMUNICATION_ERROR with the following details information:
java.util.concurrent.ExecutionException: org.eclipse.jetty.client.HttpResponseException: HTTP protocol violation: Authentication challenge without WWW-Authenticate headerThe binding is not usable completly at this time.
Current Behavior
The Bridge-Thing does not come online.
Restart of binding or OH doesn't help.
Possible Solution
It seems, that apple has changed something in their api.
Steps to Reproduce (for Bugs)
Environment
The text was updated successfully, but these errors were encountered: