I am using the SimpleCalDAV client to get calendar events from iCloud (Apple) using PHP. This client worked great until Apple introduced app-specific-passwords. Since then, for some user accounts I always get "403 Forbidden" as result:
Connect to iCloud server:
Request Header:
OPTIONS / HTTP/1.1
Host: p30-caldav.icloud.com
Authorization: Basic bWFxxxxmZlbGRlckBxxxxxbmNlcHQuY2xxxxxxxxxtY3pyeC15YWZxxxxxxxx3b3o=
User-Agent: cURL based CalDAV client
Accept: */*
Content-type: text/plain
Request Body
HTTP/1.1 200 OK
Server: AppleHttpServer/2f080fc0
Date: Sun, 21 Jan 2018 15:29:33 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 0
Connection: keep-alive
X-Apple-Jingle-Correlation-Key: 3IAOX5DL3ZA5NGIXT57LTVFH3Q
apple-seq: 0
apple-tk: false
Apple-Originating-System: UnknownOriginatingSystem
X-Responding-Instance: caldavj:15701001:st41p57ic-qufb10212001:8501:17H89:22adb24b
Allow: ACL, COPY, DELETE, GET, HEAD, LOCK, MKCOL, MOVE, OPTIONS, PROPFIND, PROPPATCH, PUT, REPORT, UNLOCK
DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync, calendar-audit, caldavserver-supports-telephone
X-Accept-Client-Encoding: gzip
Strict-Transport-Security: max-age=31536000; includeSubDomains
via: icloudedge:fr02p01ic-ztde011002:7401:17HotFix6:Frankfurt
X-Apple-Request-UUID: da00ebf4-6bde-41d6-9917-9f7eb9d4a7dc
access-control-expose-headers: X-Apple-Request-UUID
access-control-expose-headers: Via
Trying to get calendar events:
Request Header:
REPORT /xx76669xx5/calendars/ HTTP/1.1
Host: p30-caldav.icloud.com
Authorization: Basic ZmVsZG1hcnYuc3VwcG9ydEBnbWFpbC5jb20xxxxxxxxxxXVzLWJxbWxxxxxxxxxxxxreg==
User-Agent: cURL based CalDAV client
Accept: */*
Content-type: text/xml
Depth: 1
Content-Length: 367
Request Body:
<?xml version="1.0" encoding="utf-8" ?>
<C:calendar-query xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav">
<D:prop>
<C:calendar-data/>
<D:getetag/>
</D:prop><C:filter>
<C:comp-filter name="VCALENDAR">
<C:comp-filter name="VEVENT">
<C:time-range start="20180115T000000Z" end="20180121T235959Z"/>
</C:comp-filter>
</C:comp-filter>
</C:filter>
</C:calendar-query>
Response Header:
HTTP/1.1 403 Forbidden
Server: AppleHttpServer/2f080fc0
Date: Sun, 21 Jan 2018 15:49:26 GMT
Content-Type: text/plain; charset=UTF-8
Content-Length: 9
Connection: keep-alive
X-Apple-Jingle-Correlation-Key: QI5L3MI7AJD6ZONONAAGCMBXZ4
apple-seq: 0
apple-tk: false
Apple-Originating-System: UnknownOriginatingSystem
X-Responding-Instance: caldavj:33000101:mr21p30ic-hpaf07173601:8501:17H89:22adb24b
DAV: 1, access-control, calendar-access, calendar-schedule, calendar-auto-schedule, calendar-audit, caldavserver-supports-telephone, calendar-managed-attachments, calendarserver-sharing, calendarserver-subscribed, calendarserver-home-sync
Strict-Transport-Security: max-age=31536000; includeSubDomains
via: icloudedge:fr02p00ic-ztde011131:7401:17HotFix6:Frankfurt
X-Apple-Request-UUID: 823abdb1-1f02-47ec-b9ae-6800613037cf
access-control-expose-headers: X-Apple-Request-UUID
access-control-expose-headers: Via
Response Body:
Forbidden
What I find strange is that I can connect to the server (login) and I get a 200 response, that means I was able to login to iCloud. It seems to be a user account specific problem. It works on my Apple account, but not on the one of my friend. What could be this problem?
Any hint is highly appreciated.
According to this:
HTTP status code 403 responses are the result of the web server being configured to deny access to the requested resource by the client.
I expect that it maybe possible that your friend did not allow you to access his private calendar.
He have to share his calendar with you (invite you to view the calendar) before you may access the calendar data with your account.
And according to this documentation, the calendar could not be set as "Public" in the same time.
Finally, you may also double check if the 403 error is not relative to this issue on your friend's side (Too Many iCloud Accounts)
And note also, that if you want use third-party app with your iCloud account, you'll have to enable two-factor authentication and generate individual passwords for each app.