Your Apple ID was used to sign in to iCloud via a web browser.

Question

Your Apple ID was used to sign in to iCloud via a web browser.

Closed this issue 10 months ago · 8 comments

Checklist before opening an issue

Tried the sync a couple of times and the issue is persisting
Checked out known issues
Enabled crash and error reporting

Describe the bug

Every time the sync runs, I get an email from Apple saying:
"Your Apple ID was used to sign in to iCloud via a web browser."

I checked the docs, but didn't see any way to indicate to Apple that the "browser" should be trusted.

Error code

NA

Logs

NA

Operating environment

OS: Synology
Version: 1.1.1-beta3
Execution environment: docker

Answer 1 · 2023-07-09T09:04:22.000Z

See PR #240.

As a workaround, you can configure server side rules in your email provider to move them out of the way (this is how I'm currently handling those emails)

Answer 2 · 2023-08-06T12:04:53.000Z

HeaderJar and global NetworkManager are now persisting cookies between scheduled sync executions. It seems the aasp cookie in connection with the sessionToken are suppressing this email. This was added with 1.2.0-nightly.6.

Currently those cookies are not persisted between process restarts (not sure if it should) - please check it out and provide feedback.

Answer 3 · 2023-09-18T12:45:31.000Z

v1.2.0 only sends this notification after a restart and/or after the session expires (after what appears to be thirty days) - closing this

Answer 4 · 2023-09-18T17:19:59.000Z

I am still getting this when running a manual sync command on an already running container in v.1.2.0. Is this expected behavior?

Answer 5 · 2023-09-18T18:03:53.000Z

Yes, session info is held in memory - so not shared between processes.

Only daemon mode shares between sync executions

Answer 6 · 2023-10-09T04:05:22.000Z

@steilerDev Is it possible to persist this to disk similar to the implementation by icloud-photos-downloader? In the event I need to reboot the host or similar keeping it in memory will cause it to re-trigger prior to 30 days.

Answer 7 · 2023-10-09T09:28:58.000Z

It's technically possible, but I think I don't want to circumvent this security feature. If someone would be able to access your resource file, they could login and authenticate unnoticed - by keeping this information only in memory you would get notified in case someone logs in using your trust token.

Answer 8 · 2023-10-10T04:03:00.000Z

That is a fair point. I was mostly considering wife factor if I’m running watchtower on my containers, rebooting for random reasons, etc. Could you consider this as an option that would need to manually be specified via a flag, and by default remains in memory only? Adam M. Flagg

…

On Oct 9, 2023 at 2:29:09 AM, Frank Steiler ***@***.***> wrote: It's technically possible, but I think I don't want to circumvent this security feature. If someone would be able to access your resource file, they could login and authenticate unnoticed - by keeping this information only in memory you would get notified in case someone logs in using your trust token. — Reply to this email directly, view it on GitHub <#292 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AHPMJCGXVGOVS76CL5L3YH3X6O7WLAVCNFSM6AAAAAA2DLZH3KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONJSGY2DCNBUGE> . You are receiving this because you commented.Message ID: ***@***.***>