I am using the SimpleCalDAV client to get calendar events from iCloud (Apple) using PHP. This client worked great until Apple introduced app-specific-passwords. Since then, for some user accounts I always get “403 Forbidden” as result:
Connect to iCloud server:
OPTIONS / HTTP/1.1 Host: p30-caldav.icloud.com Authorization: Basic bWFxxxxmZlbGRlckBxxxxxbmNlcHQuY2xxxxxxxxxtY3pyeC15YWZxxxxxxxx3b3o= User-Agent: cURL based CalDAV client Accept: */* Content-type: text/plain
HTTP/1.1 200 OK Server: AppleHttpServer/2f080fc0 Date: Sun, 21 Jan 2018 15:29:33 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 0 Connection: keep-alive X-Apple-Jingle-Correlation-Key: 3IAOX5DL3ZA5NGIXT57LTVFH3Q apple-seq: 0 apple-tk: false Apple-Originating-System: UnknownOriginatingSystem X-Responding-Instance: caldavj:15701001:st41p57ic-qufb10212001:8501:17H89:22adb24b Allow: ACL, COPY, DELETE, GET, HEAD, LOCK, MKCOL, MOVE, OPTIONS, PROPFIND, PROPPATCH, PUT, REPORT, UNLOCK DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync, calendar-audit, caldavserver-supports-telephone X-Accept-Client-Encoding: gzip Strict-Transport-Security: max-age=31536000; includeSubDomains via: icloudedge:fr02p01ic-ztde011002:7401:17HotFix6:Frankfurt X-Apple-Request-UUID: da00ebf4-6bde-41d6-9917-9f7eb9d4a7dc access-control-expose-headers: X-Apple-Request-UUID access-control-expose-headers: Via
Trying to get calendar events:
REPORT /xx76669xx5/calendars/ HTTP/1.1 Host: p30-caldav.icloud.com Authorization: Basic ZmVsZG1hcnYuc3VwcG9ydEBnbWFpbC5jb20xxxxxxxxxxXVzLWJxbWxxxxxxxxxxxxreg== User-Agent: cURL based CalDAV client Accept: */* Content-type: text/xml Depth: 1 Content-Length: 367
<?xml version="1.0" encoding="utf-8" ?> <C:calendar-query xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav"> <D:prop> <C:calendar-data/> <D:getetag/> </D:prop><C:filter> <C:comp-filter name="VCALENDAR"> <C:comp-filter name="VEVENT"> <C:time-range start="20180115T000000Z" end="20180121T235959Z"/> </C:comp-filter> </C:comp-filter> </C:filter> </C:calendar-query>
HTTP/1.1 403 Forbidden Server: AppleHttpServer/2f080fc0 Date: Sun, 21 Jan 2018 15:49:26 GMT Content-Type: text/plain; charset=UTF-8 Content-Length: 9 Connection: keep-alive X-Apple-Jingle-Correlation-Key: QI5L3MI7AJD6ZONONAAGCMBXZ4 apple-seq: 0 apple-tk: false Apple-Originating-System: UnknownOriginatingSystem X-Responding-Instance: caldavj:33000101:mr21p30ic-hpaf07173601:8501:17H89:22adb24b DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-audit, caldavserver-supports-telephone, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync Strict-Transport-Security: max-age=31536000; includeSubDomains via: icloudedge:fr02p00ic-ztde011131:7401:17HotFix6:Frankfurt X-Apple-Request-UUID: 823abdb1-1f02-47ec-b9ae-6800613037cf access-control-expose-headers: X-Apple-Request-UUID access-control-expose-headers: Via
What I find strange is that I can connect to the server (login) and I get a 200 response, that means I was able to login to iCloud. It seems to be a user account specific problem. It works on my Apple account, but not on the one of my friend. What could be this problem?
Any hint is highly appreciated.
According to this:
HTTP status code 403 responses are the result of the web server being configured to deny access to the requested resource by the client.
I expect that it maybe possible that your friend did not allow you to access his private calendar.
He have to share his calendar with you (invite you to view the calendar) before you may access the calendar data with your account.
And according to this documentation, the calendar could not be set as “Public” in the same time.
Finally, you may also double check if the 403 error is not relative to this issue on your friend’s side (Too Many iCloud Accounts)
And note also, that if you want use third-party app with your iCloud account, you’ll have to enable two-factor authentication and generate individual passwords for each app.