0.77: Authentication system 👮‍♂️ + Hangouts bot 🤖


If you scroll up a little you can find my response to a similar question earlier, we of course already thought about that, however there is a security concern and architecture complexity blocked this feature. We may revisit this idea in future release, but it will not be on my priority.

As always, pull request is welcome.


You can save your login, then HA will not ask you for login again.

All of the auth providers and MFA modules we provided in default setup are internet independent.


Is there a particular reason why the login behaviour from a web browser (firefox in my case), now differs from that of the application on my android phone?

Once I’ve logged in once on my android phone, I never need to authenticate again; i can close the app, refresh the page no issues. However on my PC, whether I use username/pass or trusted network login, I need to do this every time I refresh my page or close my browser.


same issue here 77.2 hassio. FF 62.0 (64-bit), chrome dosn’t request authenticate again. IE is still eating paste.


Clear your browser’s local storage.


I have cleared browser cache and cookies, still same issue. Chrome on 2 different computers and my phone.

There is no option to remember my login so I have to manually type the user and password every single time.


Sometimes an explicit log out helps, i.e. login, go to user’s settings (by clicking your large initial), click ‘log out’ and then log in again. I would also clear the browser cache once more just before this operation. I got the prompt to save login only after all these steps.


Yes, it works. Thanks.


Would you please consider providing a “null” or “implicit” authentication provider, that uses the new authentication flow but grants access to all requests implicitly? Would be a benefit for users like me who want to stay up-to-date with Home Assistant, but don’t need no user management or HA internal password protection.

Tried to achieve the pre 0.77 behaviour (no user, no login required) with Trusted Networks but failed (still required to create and select a user). Hints are welcome.


Yep tried, clearing everything from the browser, and tried logging in and then back out. Issue hasn’t resolved. Right after posting this, I found a thread on the issue and it looks like a bug has been submitted.


Upgrade went smooth and I setup my users. Although my external access now won’t load the page. Eventually it times out. I’ve been reading through trying to figure out what I am missing. I have cleared the cache on my browser on the phone and looked through the auth documentation. Am I missing something simple?

Disregard, my cert had expired and my router was also acting goofy. All good and working now.


After upgrading to 0.77.2, the auth procedure went through as advertised. I do have however three existing accounts in my Users config screen (2 x ‘Hass.io’ user accounts with seperate GUID’s, and 1 ‘homeassistant’ user). Can these three existing accounts be deleted or do they serve a purpose? I’d prefer to just keep the custom account(s) that I have created.


Good question. I’ve asked something similar but haven’t got to the bottom of it yet.


2 x Hass.io user, 1 is from prior version, 1 is for current version. (during one of previous update, we changed implementation detail of hass.io user, which may cause you have two hassio users)
1 x homeassisant user, for leagcay_api_password auth provider.

You can delete them, and they will be recreated when need it.


0.77.3 has been released and it includes a fix by @awarecan for a race condition that could cause the “save login” popup to not show.


After “LOG OUT” in the profile and login again, the theme and default ui-lovelace settings are gone.
FF and Chrome. :slight_smile:


Could you open an issue in github for this? Current theme and default ui-lovelace setting only storage in frontend, and will be clear out after logout. It should be saved in backend and retrieved after login.


Just to confirm, the two ‘Hass.io’ users can be deleted (which I have done). If I remove the ‘homeassistant’ user, will that prevent any addons that require the legacy API password etc from working? Thinking of this like the MQTT broker, etc.


In current release, nothing will break if you delete ‘homeassistant’ user. But I won’t give you same guarantee for next release. Better keep it there.


Just upgraded to .77 from .73. It asked me to create a new account which I tried to do but it says “Error: Something went wrong.” It flips between Legacy API Password and Home Assistant Local but does nothing else. Tried going direct so no proxy but get the same thing. Going back to .73 for now as I can no longer log in.