Operation system: Sequoia 15.3
Web Browser: Safari 18.3
What were you doing: Authenticating on the initial single-use link
What feature did you use: Authentication
What happened: I received an authentication error, two screenshots provided below.
What did you expect to happen: to be able to login and see my notes
It is worth mentioning that I have Advanced Data Protection enabled on my account. As well as MFA with a hardware token.
I believe this combination of security settings requires some additional work on your end to ensure the MFA prompt is shown. I could be wrong here.
I also installed Arc and tried there. It received the same authentication error.
Thanks for the report! We haven’t tested that specific combination yet, so we’re not sure what’s happening. We’ll look into it ASAP and keep you posted.
I have the same problem.
Removed Advanced data protection and now I am just stuck getting back to the login screen after authenticating 
Hey thanks for the report.
We haven’t been able to replicate this behaviour just yet. Can I ask you which browser / os are you on? Also, do you use any extension that may be interfering with web traffic (e.g. ad filters).
Meanwhile, we’ll keep investigating.
OS: Windows 11
Browser: Brave
I was stuck and got the authentication error when I had advanced data protection on. After turning it off it didn’t fail to authenticate.
Now I was just sent in a loop to the login prompt.
I turned off Brave shield and Proton VPN and was able to get in successfully.
I’ll troubleshoot to see if it was the VPN, Brave Shield or a combination. I’ll reply once done.
Thanks for the update. That’s very useful!
For me there is nothing that could be interfering. I tried in both Arc and Safari. With Arc I freshly installed it specifically to test the auth flow.
It seems as though there are reports of similar behaviour on other CloudKit based apps when ADP is enabled.
@Matteo / @bru just some additional information for you. I am getting the attached error in the console when trying to authenticate. The first token is missing but the second is present.
Hi Brendan! Thanks for sharing the info. The Error 421 is actually expected: it’s part of the negotiation with iCloud (we get back the url for the sign in popup). I assume that’s the only error you see in the console?
That is correct, the only error I see unfortunately. I tried running it through a proxy with MITM, however iCloud cracked the sads haha!
@bru just wondering if there has been any further progress with identifying how Bear can work with ADP ( + hardware MFA) enabled?
@BrendanThompson sadly no updates yet on the ADP+MFA side. The issue is still very much on our radar, and we’ll make sure to publish updates of any breakthrough on the matter.
