I am using the SimpleCalDAV client to get calendar events from iCloud (Apple) using PHP. This client worked great until Apple introduced app-specific-passwords. Since then, for some user accounts I always get "403 Forbidden" as result:
Connect to iCloud server:
Request Header:
OPTIONS / HTTP/1.1
Host: p30-caldav.icloud.com
Authorization: Basic bWFxxxxmZlbGRlckBxxxxxbmNlcHQuY2xxxxxxxxxtY3pyeC15YWZxxxxxxxx3b3o=
User-Agent: cURL based CalDAV client
Accept: */*
Content-type: text/plain
Request Body
HTTP/1.1 200 OK
Server: AppleHttpServer/2f080fc0
Date: Sun, 21 Jan 2018 15:29:33 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Apple-Jingle-Correlation-Key: 3IAOX5DL3ZA5NGIXT57LTVFH3Q
apple-seq: 0
apple-tk: false
Apple-Originating-System: UnknownOriginatingSystem
X-Responding-Instance: caldavj:15701001:st41p57ic-qufb10212001:8501:17H89:22adb24b
Allow: ACL, COPY, DELETE, GET, HEAD, LOCK, MKCOL, MOVE, OPTIONS, PROPFIND, PROPPATCH, PUT, REPORT, UNLOCK
DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync, calendar-audit, caldavserver-supports-telephone
X-Accept-Client-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
via: icloudedge:fr02p01ic-ztde011002:7401:17HotFix6:Frankfurt
X-Apple-Request-UUID: da00ebf4-6bde-41d6-9917-9f7eb9d4a7dc
access-control-expose-headers: X-Apple-Request-UUID
access-control-expose-headers: Via
Trying to get calendar events:
Request Header:
REPORT /xx76669xx5/calendars/ HTTP/1.1
Host: p30-caldav.icloud.com
Authorization: Basic ZmVsZG1hcnYuc3VwcG9ydEBnbWFpbC5jb20xxxxxxxxxxXVzLWJxbWxxxxxxxxxxxxreg==
User-Agent: cURL based CalDAV client
Accept: */*
Content-type: text/xml
Depth: 1
Content-Length: 367
Request Body:
<?xml version="1.0" encoding="utf-8" ?>
<C:calendar-query xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav">
<D:prop>
<C:calendar-data/>
<D:getetag/>
</D:prop><C:filter>
<C:comp-filter name="VCALENDAR">
<C:comp-filter name="VEVENT">
<C:time-range start="20180115T000000Z" end="20180121T235959Z"/>
</C:comp-filter>
</C:comp-filter>
</C:filter>
</C:calendar-query>
Response Header:
HTTP/1.1 403 Forbidden
Server: AppleHttpServer/2f080fc0
Date: Sun, 21 Jan 2018 15:49:26 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 9
Connection: keep-alive
X-Apple-Jingle-Correlation-Key: QI5L3MI7AJD6ZONONAAGCMBXZ4
apple-seq: 0
apple-tk: false
Apple-Originating-System: UnknownOriginatingSystem
X-Responding-Instance: caldavj:33000101:mr21p30ic-hpaf07173601:8501:17H89:22adb24b
DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-audit, caldavserver-supports-telephone, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync
Strict-Transport-Security: max-age=31536000; includeSubDomains
via: icloudedge:fr02p00ic-ztde011131:7401:17HotFix6:Frankfurt
X-Apple-Request-UUID: 823abdb1-1f02-47ec-b9ae-6800613037cf
access-control-expose-headers: X-Apple-Request-UUID
access-control-expose-headers: Via
Response Body:
Forbidden
What I find strange is that I can connect to the server (login) and I get a 200 response, that means I was able to login to iCloud. It seems to be a user account specific problem. It works on my Apple account, but not on the one of my friend. What could be this problem?
Any hint is highly appreciated.