Identified - From June 15th, 2017 Apple will require that all end-users who want to give access to their iCloud calendar use an app-specific password.
The Cronofy authorization flow will change shortly to reflect this requirement. Initially, encouraging users to use app-specific passwords and then making it mandatory on June 15th.
This support article from Apple explains how to set up app-specific passwords
https://support.apple.com/en-gb/HT204397.
What you need to do will depend on whether your application sends calendar account relink emails or not, eg when a password expires.
Cronofy Sends Relink Emails
This is the standard behaviour of applications using Cronofy, In this case we will be sending a specific email just to iCloud users that don't have app-specific passwords on their account. This email will encourage them to do this and explain why.
It might be a good idea to contact your users directly and let them know this is happening so when the email comes from Cronofy they're ready to action it.
We will be begin sending this email to iCloud users from Wednesday 7th June.
My App Sends Relink Emails
You will need to contact your affected users and request that they setup an app-specific password.
So you can target the correct users, we've provided an additional attribute on the profiles end point for Apple iCloud accounts.
"icloud_app_specific_password_required": true
If you would like us to provide you a list of potentially affected users, please contact
support@cronofy.com and we will organise a CSV export for you.
We will append updates to the incident.
Jun 2, 14:50 BST