Invalid Session Token while connecting to iCloud

[mgsray]

The associated forum post URL from https://forum.rclone.org

What is the problem you are having with rclone?

Invalid Session Token while connecting icloud China from today. It has worked finely before.

What is your rclone version (output from rclone version)

rclone v1.70.0-beta.8597.7f715befb.fix-8257-iclouddrive-cn

• os/version: Microsoft Windows 11 Pro 24H2 24H2 (64 bit)
• os/kernel: 10.0.26100.4061 (x86_64)
• os/type: windows
• os/arch: amd64
• go/version: go1.24.0
• go/linking: static
• go/tags: cmount

Which OS you are using and how many bits (e.g. Windows 7, 64 bit)

windows 11

Which cloud storage system are you using? (e.g. Google Drive)

icloud CN.

The command you were trying to run (e.g. rclone copy /tmp remote:tmp)

rclone config reconnect icloud_cn:

A log from the command with the -vv flag (e.g. output from rclone -vv copy /tmp remote:tmp)

Error: HTTP error 400 (400 Bad Request) returned body: "{"success":false,"error":"Invalid Session Token"}" Usage: rclone config reconnect remote: [flags]

Flags: -h, --help help for reconnect

Use "rclone [command] --help" for more information about a command. Use "rclone help flags" for to see the global flags. Use "rclone help backends" for a list of supported services.

2025/06/06 22:13:40 NOTICE: Fatal error: HTTP error 400 (400 Bad Request) returned body: "{"success":false,"error":"Invalid Session Token"}"

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

[Atsushi888]

1. Clean slate (no existing config or cache)

rm -f /workspace/bin/rclone.conf rm -rf ~/.config/rclone ~/.cache/rclone

2. Start fresh interactive config (must be in a real TTY/SSH, not a notebook):

rclone --config=/workspace/bin/rclone.conf config

3. In the menu: • Choose n) New remote • Name: iclouddrive (or any name) • Storage: select iclouddrive • apple_id: <your Apple ID> • password: <your iCloud password> • config_2fa: <6-digit 2FA code you receive> • Advanced config? → n • Save config? → y

4. Observe immediate failure with no 2FA prompt and:

HTTP error 400 (400 Bad Request): {"error":"Invalid Session Token"}

5. Verify cache never created:

ls ~/.cache/rclone/iclouddrive

→ “No such file or directory”

Expected Behavior After step 3, config file /workspace/bin/rclone.conf and cache folder ~/.cache/rclone/iclouddrive/ should exist, and rclone lsf iclouddrive: should list my iCloud Drive contents without error.

⸻

Please let me know if any additional logs or environment details would help!

[busmei]

I see the same behaviour in Switzerland too. I worked perfectly before but since the last token reached the 30 days I'm not able to create a new one due to the behaviour shown above.

[josefelixh]

Same issue from the Uk, tried to delete and recreate, but can't get it to work again, it doesn't even ask for the 2fa code anymore.

Exactly same behaviour as described in the comment above -> https://github.com/rclone/rclone/issues/8587#issuecomment-3092179365

[ncw]

@lostb1t any thoughts on this?

[Glutnix]

I too am suffering this bug from New Zealand. Clearing caches and config did not help.

rclone -vvvv config after recreating config

2025/07/21 22:10:27 DEBUG : icloud: config in: state="*all-advanced", result="false"
2025/07/21 22:10:27 DEBUG : icloud: config out: out=&{State:*postconfig Option:<nil> OAuth:<nil> Error: Result:}, err=<nil>
2025/07/21 22:10:27 DEBUG : icloud: config in: state="*postconfig", result=""
2025/07/21 22:10:27 DEBUG : icloud: config in: state="", result=""
2025/07/21 22:10:28 DEBUG : icloud: Authenticating as <[email protected]>
2025/07/21 22:10:29 DEBUG : icloud: config out: out=<nil>, err=HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"
2025/07/21 22:10:29 DEBUG : icloud: config out: out=<nil>, err=HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"
Error: HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"

[giuseppe99barchetta]

Same error here, can't get it working.

[randomhacker01]

Same problems with iCloud UK for the last two days, after my first 30-day 'trust token' expired. All error messages etc. exactly as described above, both reconnecting and installing/creating from scratch. Tried repeating everything with a clean install of v1.70.3 with exactly the same results as already reported. Being new to the rclone world, could someone tell me if this is a 'don't hold your breath' situation, or are these problems usually soon resolved?

[crispynutella101]

Same problem, while connecting from Germany

[vinyli85]

Same problem when trying to create a new remote. I have another instance running on a different system with a still valid token and on that system everything is working. When I try to do a rclone -vvvv config reconnect icloud: everything looks good

logs:

2025/07/23 19:35:46 DEBUG : rclone: Version "v1.70.3" starting with parameters ["rclone" "-vvvv" "config" "reconnect" "icloud:"]
2025/07/23 19:35:46 DEBUG : Using config file from "/root/.config/rclone/rclone.conf"
2025/07/23 19:35:46 DEBUG : icloud: config in: state="", result=""
2025/07/23 19:35:46 DEBUG : icloud: Valid session, no need to reauth
2025/07/23 19:35:46 DEBUG : Saving config "cookies" in section "icloud" of the config file
2025/07/23 19:35:46 DEBUG : icloud: config out: out=<nil>, err=<nil>
2025/07/23 19:35:46 DEBUG : rclone: Version "v1.70.3" finishing with parameters ["rclone" "-vvvv" "config" "reconnect" "icloud:"]```

[keimag]

same issue here after clearing cache, deleting and re-adding the remote, etc.

[rorymurtagh]

Same issue in the US. Worked last night, fails this morning. iCloud side problem/outage?

[wips]

Same from Ukraine on versions 1.69.2 and 1.70.3

[SiroxCW]

Same issue in austria using fedora. rclone version is v1.70.3

[cosmicalotter]

Exact issue here in South America on Windows after 30 days, on my Debian rclone I was able to use a new token successfully but on Windows nothing works. Rclone v1.70.3

[Vestarija]

Same issue in France / Proxmox / rclone v1.69.1

[y4code]

Same, iCloud UK.

rclone v1.69.1
- os/version: ubuntu 24.04 (64 bit)
- os/kernel: 6.8.0-1028-oracle (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.24.0
- go/linking: static
- go/tags: none

Run rclone command every 10 mintues(with crontab) on Oracle cloud(region: SG)

[darthShadow]

It's understood that this issue is not limited to a specific region. Adding "me too" for each and every region in the world is not helping solve the issue.

Please follow the instructions mentioned in the first post:

How to use GitHub:

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Otherwise, I will need to lock this thread for contributors only.

[gabrielpalassi]

Found a temporary workaround that worked for me using rclone 1.70.3 on Fedora 42 x86_64, by manually extracting session data from the iCloud web interface:

Manually edit your config file at ~/.config/rclone/rclone.conf, or wherever your configuration is stored (you can find the exact path by running rclone -vvvv config reconnect <remote>:).

1. Log in to icloud.com in your browser.
2. Open developer tools and inspect the cookies of any request.
3. Copy all relevant cookies from the browser session into the config. Most can be pasted directly, just remove any surrounding double quotes.
4. From X-APPLE-WEBAUTH-TOKEN or X-APPLE-WEBAUTH-VALIDATE, extract the value from the :t=<value> segment (ends with ==). This value is used as X-APPLE-UNIQUE-CLIENT-ID.
5. Leave X-APPLE-WEBAUTH-LOGIN empty.
6. From X-APPLE-WEBAUTH-HSA-TRUST, extract the part after the first underscore (_) and set it as trust_token in the config.

This is not a long-term solution since the cookies may expire, but it restores access for now.

[pedrofragola]

Hi @gabrielpalassi I tried this workaround, but unfortunately, it does not help me

[gabrielpalassi]

Hi @gabrielpalassi I tried this workaround, but unfortunately, it does not help me

Make sure the cookies are in the same order as in the original config file, that all double quotes have been removed, and that no semicolons (;) are missing.

If it still doesn’t work: After saving the config file, reboot immediately and try connecting to the remote again (rclone may cache the configs in memory).

[JanLeonard]

Make sure the cookies are in the same order as in the original config file

Tried importing all cookies as describe in your workaround but worked for just half an hour. If you mind would you like to share which and the order of key cookies you used?

[marcovn]

These are the keys in order that I found in my config file

array (
  0 => 'X-APPLE-WEBAUTH-HSA-TRUST',
  1 => 'X-APPLE-WEBAUTH-PCS-Events',
  2 => 'X-APPLE-WEBAUTH-PCS-Documents',
  3 => 'X-APPLE-WEBAUTH-PCS-Photos',
  4 => 'X-APPLE-WEBAUTH-PCS-Cloudkit',
  5 => 'X-APPLE-WEBAUTH-PCS-Safari',
  6 => 'X-APPLE-WEBAUTH-PCS-Mail',
  7 => 'X-APPLE-WEBAUTH-PCS-Notes',
  8 => 'X-APPLE-WEBAUTH-PCS-News',
  9 => 'X-APPLE-WEBAUTH-PCS-Sharing',
  10 => 'X-APPLE-WEBAUTH-HSA-LOGIN',
  11 => 'X-APPLE-WEBAUTH-LOGIN',
  12 => 'X-APPLE-WEBAUTH-VALIDATE',
  13 => 'X-APPLE-WEBAUTH-TOKEN',
  14 => 'X-APPLE-WEBAUTH-USER',
  15 => 'X_APPLE_WEB_KB-Y2EB1ASC3V3M7GOUXA4DRHLMLFA',
  16 => 'X-APPLE-DS-WEB-SESSION-TOKEN',
)

However, copying the values from the browser session to the matching keys list as above still yields the same error message.

[bigrup]

Tried to copy this, but I dont have the X-APPLE-WEBAUTH-HSA-LOGIN login in my cookies...

[marcovn]

Hey, just an observation: my setup uses rclone v1.70.3 (running on ubuntu 25.04). It fails consistently as listed above.

However on that same machine I now cloned the latest source from Github, resulting in v1.71.0-DEV. That build is able to login to iCloud without issues! I do need to perform rclone config reconnect xxx: but everything works again for me now.

I can even use the system installed rclone to access icloud as it is able to use my new config.

Will see how that holds up in the next days.

[ciromattia]

That build is able to login to iCloud without issues! I do need to perform rclone config reconnect xxx: but everything works again for me now.

Confirmed, the reconnect works and then I can use v1.70.3 as usual. Many thanks, you're a lifesaver!

[TimoD87]

I tried the rclone v1.71.0-beta.8968.d4e68bf66 which is still not working for me, same issue :-(

[marcovn]

I tried the rclone v1.71.0-beta.8968.d4e68bf66 which is still not working for me, same issue :-(

Sorry to hear that. My build is from this commit https://github.com/rclone/rclone/commit/d4e68bf66b0b98bd35bf3eb1aab4fed6db317e75 which seems to be identical to what you are using.

I went ahead and downloaded the pre-built version here https://beta.rclone.org/v1.71.0-beta.8968.d4e68bf66/rclone-v1.71.0-beta.8968.d4e68bf66-linux-amd64.zip and tested it on my system. It works just fine.

@TimoD87 did you reconnect the remote or setup a new one just to be sure?

[esturniolo]

I tried the rclone v1.71.0-beta.8968.d4e68bf66 which is still not working for me, same issue :-(

Sorry to hear that. My build is from this commit d4e68bf which seems to be identical to what you are using.

I went ahead and downloaded the pre-built version here https://beta.rclone.org/v1.71.0-beta.8968.d4e68bf66/rclone-v1.71.0-beta.8968.d4e68bf66-linux-amd64.zip and tested it on my system. It works just fine.

@TimoD87 did you reconnect the remote or setup a new one just to be sure?

I just tried with the version that you posted, without any luck. I tried to recconect the "old" iCloud session and create a new one. Using the real password, app password... everything gives me an error 400.

2025/08/07 23:23:29 NOTICE: Fatal error: HTTP error 400 (400 Bad Request) returned body: "{\"success\":false,\"error\":\"Invalid Session Token\"}"
user@host:~$ rclone --version
rclone v1.71.0-beta.8968.d4e68bf66
- os/version: debian 12.10 (64 bit)
- os/kernel: 6.1.0-32-amd64 (x86_64)
- os/type: linux
- os/arch: amd64
- go/version: go1.24.5
- go/linking: static
- go/tags: none
user@host:~$

[marcovn]

I just tried with the version that you posted, without any luck. I tried to recconect the "old" iCloud session and create a new one. Using the real password, app password... everything gives me an error 400.

Weird but unfortunately reproducible on my end as well. Just tested setting up a new connection and it fails right after entering the password.

My 2 existing connections that I reconnect yesterday still work fine. I am using these multiple times daily to sync files to the NAS. Hoping they will last at least 30 days for now.

So maybe an issue with the stability iCloud servers?

In my lab I also use 2 docker containers to perform icloud syncing (mainly photo's). They use the same API as rclone, but no issues there. For those interested:

• boredazfcuk/icloudpd
• mandarons/icloud-drive

Initially I cloned the source to be able to debug in more detail. Next week I will have some time to look into it. Not a go developer but I will see how far I can get.

[TimoD87]

Same on my side also tried setting up a new one :-(