Operation system: Mac Sequoia 15.3.1
Web Browser: Arc 1.91.2 (Chromium Engine Version 135.0.7049.116)
What were you doing: Attempting to Sign in with iCloud
What feature did you use:
What happened: A new tab is created for Apple’s auth flow, after successfully signing in I am taken back to bear but the “Sign in With Apple” prompt remains even after multiple attempts, refreshes and new sessions.
What did you expect to happen:
Hey there! Could you make sure you have turned off ADP in the system setting?
Hey I just went to check:
Should have clarified, the data protection was off the whole time.
I’m getting the same error, and I noticed that the request returns a 421 Misdirected Request
response.
Well spotted. But that’s just Apple’s way of telling Bear Web it needs to authenticate. We’ll keep digging.
I’m having the same issue on my work computer.
It may have something to do with DISA isolating the page?
That could actually be the case. From what I understand that message means the page “is being loaded in a secure, isolated environment, and that its traffic is not being routed through other networks”. If that is the case, it won’t be able to contact iCloud and download the notes data. I added this to the list of scenarios to investigate.
Just tried again this morning no luck. I’m not on a work computer just my regular Mac.
I am encountering the same error and have attempted most of the suggested solutions on the website without success in logging in.
me too.
ADP turned off.
the request returns a 421 Misdirected Request
Needs sometime to collect more useful diagnostic information.
FYI, here is the verbose curl invocation output. I removed the sensitive info. Hope that helps.
OS: MacOS 14.4.1 (23E224)
Browser: Chrome, Version 136.0.7103.49 (Official Build) (arm64)
curl 'https://api.apple-cloudkit.com/database/1/iCloud.net.shinyfrog.bear/production/public/records/query?ckWebAuthToken=foo&ckAPIToken=bar' \
-H 'Accept: application/json' \
-H 'Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6,fr-FR;q=0.5,fr;q=0.4' \
-H 'Connection: keep-alive' \
-H 'Content-Type: text/plain; charset=UTF-8' \
-H 'Origin: https://web.bear.app' \
-H 'Referer: https://web.bear.app/' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Site: cross-site' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36' \
-H 'sec-ch-ua: "Chromium";v="136", "Google Chrome";v="136", "Not.A/Brand";v="99"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "macOS"' \
--data-raw '{"zoneID":{"zoneName":"_defaultZone"},"query":{"recordType":"SFBetaInvite","filterBy":[{"comparator":"EQUALS","fieldName":"ticket","fieldValue":{"value":"example@example.com"}}]},"resultsLimit":30}' \
-vv
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 17.248.216.69:443...
* Connected to api.apple-cloudkit.com (17.248.216.69) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
} [327 bytes data]
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* (304) (IN), TLS handshake, Unknown (8):
{ [25 bytes data]
* (304) (IN), TLS handshake, Certificate (11):
{ [3134 bytes data]
* (304) (IN), TLS handshake, CERT verify (15):
{ [80 bytes data]
* (304) (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* (304) (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server accepted http/1.1
* Server certificate:
* subject: C=US; ST=California; O=Apple Inc.; CN=api.apple-cloudkit.com
* start date: Feb 20 23:24:45 2025 GMT
* expire date: Mar 18 17:38:01 2026 GMT
* subjectAltName: host "api.apple-cloudkit.com" matched cert's "api.apple-cloudkit.com"
* issuer: C=US; O=Apple Inc.; CN=Apple Public Server ECC CA 1 - G1
* SSL certificate verify ok.
* using HTTP/1.1
> POST /database/1/iCloud.net.shinyfrog.bear/production/public/records/query?ckWebAuthToken=foo&ckAPIToken=bar HTTP/1.1
> Host: api.apple-cloudkit.com
> Accept: application/json
> Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7,zh-TW;q=0.6,fr-FR;q=0.5,fr;q=0.4
> Connection: keep-alive
> Content-Type: text/plain; charset=UTF-8
> Origin: https://web.bear.app
> Referer: https://web.bear.app/
> Sec-Fetch-Dest: empty
> Sec-Fetch-Mode: cors
> Sec-Fetch-Site: cross-site
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
> sec-ch-ua: "Chromium";v="136", "Google Chrome";v="136", "Not.A/Brand";v="99"
> sec-ch-ua-mobile: ?0
> sec-ch-ua-platform: "macOS"
> Content-Length: 198
>
} [198 bytes data]
< HTTP/1.1 421 Misdirected Request
< Server: AppleHttpServer/028f5837b2b6
< Date: Thu, 22 May 2025 12:44:30 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Responding-Instance: ckdatabasews:280195880:prod-p24-ckdatabasews-50percent-8757d69c6-4r85x:8080:2518B240:f7ef15ab23e462c9fa545a38cabccc5e9b802f08
< Access-Control-Allow-Origin: *
< X-Apple-CloudKit-Web-Auth-Token: foo
< Strict-Transport-Security: max-age=31536000; includeSubDomains;
< x-apple-user-partition: 24
< via: xrail:mr42p00ic-qujn09141701.me.com:8301:25R150:grp20,631194250daa17e24277dea86cf30319:4e580ca2b29b75b5f4f527ad066a0c55:hkhkg2
< X-Apple-Request-UUID: 4ee7fcad-36de-46fe-b467-ee13f664aa5d
< access-control-expose-headers: X-Apple-Request-UUID,X-Responding-Instance,Via
< X-Apple-Edge-Response-Time: 1003
<
{ [441 bytes data]
100 627 0 429 100 198 378 174 0:00:01 0:00:01 --:--:-- 553
* Connection #0 to host api.apple-cloudkit.com left intact
{
"uuid" : "4ee7fcad-36de-46fe-b467-ee13f664aa5d",
"serverErrorCode" : "AUTHENTICATION_REQUIRED",
"reason" : "request needs authorization",
"redirectURL" : "https://idmsa.apple.com/IDMSWebAuth/auth?oauth_token=zzzz"
}%
So for me, I had to turn of passkeys to get it working. Then even with ADP on, it worked. Can you confirm if you use passkeys or not, currently?
Thank you for the information. I tried logging in using only the password, but that didn’t work either. Later, I discovered that I might be facing the same issue described in this post: Mainland China Apple ID unable log in account - #4
Oh possibly! I don’t have access to one to test it with sorry
Ah. I didn’t try this in Safari, I generally play in the Chromium playground (Arc or something similar) but this worked in Safari.
Same here. After authenticating with my Apple ID and Bear web showing “Verifying invite ticket…”, nothing happens. Looks like we have to wait for the public beta.