Caldav access iOS 15.5 fails for token error

sectorchan · June 29, 2022, 10:26am

I try to establish a caldav connection from my iOS 15.5 device to the calender which runs under 24.0.2

Nextcloud version (eg, 20.0.5): 24.0.2
Operating system and version (eg, Ubuntu 20.04): Synology DSM 6.2.4 with Linux server 3.10.105 #25556
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4
PHP version (eg, 7.4): PHP74

The issue you are facing:

Is this the first time you’ve seen this error? (Y/N): Yes

Steps to replicate it:

copy the caldav link from the calender webIF
iOS settings: add caldav, server: the copied link from #1, username: the username from the webIF calender user, the password which matches and works for the webIF

The output of your Nextcloud log in Admin > Logging:

{"reqId":"aBp0aXOMtTtW1W3IdaBA","level":0,"time":"June 29, 2022 10:16:51","remoteAddr":"REMOTEADDR","user":"--","app":"webdav","method":"PROPFIND","url":"/remote.php/dav/principals/users/patrick/","message":"No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured","userAgent":"iOS/15.5 (19F77) accountsd/1.0","version":"24.0.2.1","exception":{"Exception":"Sabre\\DAV\\Exception\\NotAuthenticated","Message":"No public access to this resource., No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured, No 'Authorization: Bearer' header found. Either the client didn't send one, or the server is mis-configured, No 'Authorization: Basic' header found. Either the client didn't send one, or the server is misconfigured","Code":0,"Trace":[{"file":"/volume1/web/nx/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["beforeMethod:PROPFIND",[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/volume1/web/nx/apps/dav/lib/Server.php","line":352,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/volume1/web/nx/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},{"file":"/volume1/web/nx/remote.php","line":166,"args":["/volume1/web/nx/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","Line":152,"CustomMessage":"--"}}
{"reqId":"W225BIOOmTFbzX3wFlyU","level":0,"time":"June 29, 2022 10:16:51","remoteAddr":"REMOTEADDR","user":"--","app":"no app in context","method":"PROPFIND","url":"/remote.php/dav/principals/users/patrick/","message":"Token is not valid: Token does not exist: token does not exist","userAgent":"iOS/15.5 (19F77) accountsd/1.0","version":"24.0.2.1","exception":{"Exception":"OC\\Authentication\\Exceptions\\InvalidTokenException","Message":"Token does not exist: token does not exist","Code":0,"Trace":[{"file":"/volume1/web/nx/lib/private/Authentication/Token/Manager.php","line":133,"function":"getToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/lib/private/User/Session.php","line":520,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/lib/private/User/Session.php","line":436,"function":"isTokenPassword","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/apps/dav/lib/Connector/Sabre/Auth.php","line":129,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php","line":103,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/apps/dav/lib/Connector/Sabre/Auth.php","line":251,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/apps/dav/lib/Connector/Sabre/Auth.php","line":154,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":180,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":135,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["beforeMethod:PROPFIND",[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/volume1/web/nx/apps/dav/lib/Server.php","line":352,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/volume1/web/nx/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},{"file":"/volume1/web/nx/remote.php","line":166,"args":["/volume1/web/nx/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/volume1/web/nx/lib/private/Authentication/Token/PublicKeyTokenProvider.php","Line":115,"Previous":{"Exception":"OCP\\AppFramework\\Db\\DoesNotExistException","Message":"token does not exist","Code":0,"Trace":[{"file":"/volume1/web/nx/lib/private/Authentication/Token/PublicKeyTokenProvider.php","line":111,"function":"getToken","class":"OC\\Authentication\\Token\\PublicKeyTokenMapper","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/lib/private/Authentication/Token/Manager.php","line":133,"function":"getToken","class":"OC\\Authentication\\Token\\PublicKeyTokenProvider","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/lib/private/User/Session.php","line":520,"function":"getToken","class":"OC\\Authentication\\Token\\Manager","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/lib/private/User/Session.php","line":436,"function":"isTokenPassword","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/apps/dav/lib/Connector/Sabre/Auth.php","line":129,"function":"logClientIn","class":"OC\\User\\Session","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Auth/Backend/AbstractBasic.php","line":103,"function":"validateUserPass","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":["*** sensitive parameters replaced ***"]},{"file":"/volume1/web/nx/apps/dav/lib/Connector/Sabre/Auth.php","line":251,"function":"check","class":"Sabre\\DAV\\Auth\\Backend\\AbstractBasic","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/apps/dav/lib/Connector/Sabre/Auth.php","line":154,"function":"auth","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":180,"function":"check","class":"OCA\\DAV\\Connector\\Sabre\\Auth","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Auth/Plugin.php","line":135,"function":"check","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/event/lib/WildcardEmitterTrait.php","line":89,"function":"beforeMethod","class":"Sabre\\DAV\\Auth\\Plugin","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Server.php","line":456,"function":"emit","class":"Sabre\\DAV\\Server","type":"->","args":["beforeMethod:PROPFIND",[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Server.php","line":253,"function":"invokeMethod","class":"Sabre\\DAV\\Server","type":"->","args":[{"__class__":"Sabre\\HTTP\\Request"},{"__class__":"Sabre\\HTTP\\Response"}]},{"file":"/volume1/web/nx/3rdparty/sabre/dav/lib/DAV/Server.php","line":321,"function":"start","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/volume1/web/nx/apps/dav/lib/Server.php","line":352,"function":"exec","class":"Sabre\\DAV\\Server","type":"->","args":[]},{"file":"/volume1/web/nx/apps/dav/appinfo/v2/remote.php","line":35,"function":"exec","class":"OCA\\DAV\\Server","type":"->","args":[]},{"file":"/volume1/web/nx/remote.php","line":166,"args":["/volume1/web/nx/apps/dav/appinfo/v2/remote.php"],"function":"require_once"}],"File":"/volume1/web/nx/lib/private/Authentication/Token/PublicKeyTokenMapper.php","Line":89},"CustomMessage":"Token is not valid: Token does not exist: token does not exist"}}

The output of your config.php file in /path/to/nextcloud (make sure you remove any identifiable information!):

<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' =>
  array (
    0 => '192.168.1.8/nx',
  ),
  'datadirectory' => '/volume1/web/nx/data',
  'dbtype' => 'mysql',
  'version' => '24.0.2.1',
  'overwrite.cli.url' => 'http://192.168.1.8/nx',
  'dbname' => 'nx',
  'dbhost' => '192.168.1.8:3307',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'dbuser' => '',
  'dbpassword' => '',
  'maintenance' => false,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'updater.release.channel' => 'stable',
  'theme' => '',
  'installed' => true,
  'mysql.utf8mb4' => true,
  'default_phone_region' => 'DE',
  'log_type' => 'file',
  'logfile' => '/volume1/web/nextcloud.log',
  'loglevel' => 0,
  'logdateformat' => 'F d, Y H:i:s',
  'default_language' => 'en',
  'default_locale' => 'en_US',
  'app_install_overwrite' =>
  array (
    0 => 'richdocumentscode_arm64',
  ),
);



I tried to research this on reddit, google and here, but no solution which might helps user users, helps here in my case. I have no clue what happen and why...
Username is correct, Password ofcourse aswell. The URL works because I can access the Nextcloud from this iOS device.

I have no idea anymore and hope, you can help me in this case!

Thank you very much!

rogerthn · June 29, 2022, 4:21pm

I do have similar problems after upgrade to 24.0.2 but I’m not able to get anything displayed on Admin > Logging
After the upgrade CalDAV and CardDAV stopped working on my iOS 15.5
Browsing with Safari and Chrome from iOS is failing, Chrome do say ERR_INVALID_RESPONSE
Browsing from Android and Windows is OK.
Might shed some light on the issue?

rogerthn · June 30, 2022, 11:21am

SORRY my bad!
I do have my nextcloud behind a nginx proxy and I did replace my Debian stretch server with a Debian bullseye and there seems to be some “iOS 15 invalid configuration” on bullseye.
Once I had a squid proxy in place with “hosts_file /etc/hosts” active with 192.168.c.d nextcloud.mydomain.se added.
Set proxy for my WiFi on the iOS device and I can sync my iPhone when at home connected to my WiFi

rogerthn · June 30, 2022, 12:22pm

Issue resolved
Browsing, CalDAV and CardDAV without proxy OK
From my nginx config

        location / {
                # Line proxy_hide_header added 2022-06-30
                proxy_hide_header Upgrade;
                proxy_pass https://192.168.c.d;
                proxy_set_header X-Forwarded-For $remote_addr;
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Proto https;
                proxy_set_header X-Forwarded-Host $remote_addr;
        }

nginx version: nginx/1.18.0