After changing my smartphone from iPhone 13 Pro to iPhone 15 Pro and thus switching to iOS 17.7 and subsequently to iOS 18.0.1, the Vaults on OneDrive (Business) can no longer be unlocked after the initial setup.
As described above, I had these problems after restoring my backup. I then completely deleted the Cryptomator app on iOS and set up the Vaults again. Connected OneDrive, selected the vault, entered the password, unlocked the vault and activated unlock with FaceID. Access to the files is possible.
When I return to the Files app after a period of inactivity, I have to authenticate myself again. FaceID is performed and I end up back in the same authentication window in an endless loop. I then tried to deactivate FaceID and hoped that a password prompt would then appear, but unfortunately the following error occurs:
“Unauthorized operation cannot be performed” after confirming on ‘OK’, the files app freezes for about 10sec.
Only by repeatedly deleting the vaults and adding them again do I regain access for once, after which the problem repeats itself.
If I lock the Vault again directly after the initial setup, I can unlock it again with FaceID. If I do not activate FaceID, I am also redirected to the Cryptomator app to enter the password. This otherwise leads to the error described above after some inactivity.
Thank you for your answer. This works, but from my point of view it is only a workaround, because the actual problem persists. I have to re-authenticate against OneDrive after a certain time (a few hours?). Where do you think the problem might be? It seems as if the Auth Token is no longer valid after a short time.
A colleague of mine also has this problem, but he uses OneDrive Personal. So it can’t actually be a setting in the M365 tenant, as there are almost no options to adjust this in Personal.
Do you see the problem more in the Cryptomator iOS app, in iOS itself or in OneDrive?
That’s… interesting. I’m using OneDrive Personal, as the colleague of yours, and I haven’t used OneDrive for days/weeks and just checked that the token is still valid. Technically, the refresh token is relevant here, because access tokens are supposed to be short-lived. I’m not 100% sure, but I believe the refresh token expires in 90 days.
I haven’t found anything that allows clients like Cryptomator to customize the expiration date of refresh tokens. My best guess is that it’s a “OneDrive problem”, it may be a setting in the M365 tenant, but my knowledge here is limited.
I wanted to give a short feedback on my tests.
I have found a workaround that works permanently.
Of course it would be nice to find out why the behavior is the way it is.
If I have installed the Microsoft Authenticator app on my device and connect to OneDrive in Cryptomator, it opens the MS Authenticator app to log in, I select the account and enter my password and I am connected. With this method, however, I am asked to authenticate against OneDrive again in the Cryptomator app after a few hours. I then checked my login (last activities) in M365 and could see that it had stored the following as an app when logging in: “Microsoft Authentication Broker”, this type of login leads to the problem that the login only lasts a few hours.
If I now delete the MS Authenticator app on the iPhone, it opens the browser when I add the account in the Cryptomator app and I log in to OneDrive there again. This time, however, the login looks completely different and he logs me in with the app “Cryptomator for iOS” and then the behavior is also as I knew it until then. I remain permanently authenticated and don’t have to log in again. This has been the case for many days now.
That’s interesting, and I’m glad you at least found a workaround, thank you for your feedback!
I’m also using the MS Authenticator app and haven’t encountered this issue before. Where did you see those entries? I just found this overview: https://account.microsoft.com/privacy/app-access
If you are logged in to your MS account and go to “account” for your user, you will find the item “My logins”. There you can see all login events for your account.
