0.77: Authentication system 👮‍♂️ + Hangouts bot 🤖


#142

If you scroll up a little you can find my response to a similar question earlier, we of course already thought about that, however there is a security concern and architecture complexity blocked this feature. We may revisit this idea in future release, but it will not be on my priority.

As always, pull request is welcome.


#143

You can save your login, then HA will not ask you for login again.

All of the auth providers and MFA modules we provided in default setup are internet independent.


#144

Is there a particular reason why the login behaviour from a web browser (firefox in my case), now differs from that of the application on my android phone?

Once I’ve logged in once on my android phone, I never need to authenticate again; i can close the app, refresh the page no issues. However on my PC, whether I use username/pass or trusted network login, I need to do this every time I refresh my page or close my browser.


#145

same issue here 77.2 hassio. FF 62.0 (64-bit), chrome dosn’t request authenticate again. IE is still eating paste.


#146

Clear your browser’s local storage.


#147

I have cleared browser cache and cookies, still same issue. Chrome on 2 different computers and my phone.

There is no option to remember my login so I have to manually type the user and password every single time.


#148

Sometimes an explicit log out helps, i.e. login, go to user’s settings (by clicking your large initial), click ‘log out’ and then log in again. I would also clear the browser cache once more just before this operation. I got the prompt to save login only after all these steps.


#149

Yes, it works. Thanks.


#150

Would you please consider providing a “null” or “implicit” authentication provider, that uses the new authentication flow but grants access to all requests implicitly? Would be a benefit for users like me who want to stay up-to-date with Home Assistant, but don’t need no user management or HA internal password protection.

Tried to achieve the pre 0.77 behaviour (no user, no login required) with Trusted Networks but failed (still required to create and select a user). Hints are welcome.


#151

Yep tried, clearing everything from the browser, and tried logging in and then back out. Issue hasn’t resolved. Right after posting this, I found a thread on the issue and it looks like a bug has been submitted.


#152

Upgrade went smooth and I setup my users. Although my external access now won’t load the page. Eventually it times out. I’ve been reading through trying to figure out what I am missing. I have cleared the cache on my browser on the phone and looked through the auth documentation. Am I missing something simple?

Disregard, my cert had expired and my router was also acting goofy. All good and working now.


#153

After upgrading to 0.77.2, the auth procedure went through as advertised. I do have however three existing accounts in my Users config screen (2 x ‘Hass.io’ user accounts with seperate GUID’s, and 1 ‘homeassistant’ user). Can these three existing accounts be deleted or do they serve a purpose? I’d prefer to just keep the custom account(s) that I have created.


#154

Good question. I’ve asked something similar but haven’t got to the bottom of it yet.


#155

2 x Hass.io user, 1 is from prior version, 1 is for current version. (during one of previous update, we changed implementation detail of hass.io user, which may cause you have two hassio users)
1 x homeassisant user, for leagcay_api_password auth provider.

You can delete them, and they will be recreated when need it.


#156

0.77.3 has been released and it includes a fix by @awarecan for a race condition that could cause the “save login” popup to not show.


#157

After “LOG OUT” in the profile and login again, the theme and default ui-lovelace settings are gone.
FF and Chrome. :slight_smile:


#158

Could you open an issue in github for this? Current theme and default ui-lovelace setting only storage in frontend, and will be clear out after logout. It should be saved in backend and retrieved after login.


#159

Just to confirm, the two ‘Hass.io’ users can be deleted (which I have done). If I remove the ‘homeassistant’ user, will that prevent any addons that require the legacy API password etc from working? Thinking of this like the MQTT broker, etc.


#160

In current release, nothing will break if you delete ‘homeassistant’ user. But I won’t give you same guarantee for next release. Better keep it there.


#161

Just upgraded to .77 from .73. It asked me to create a new account which I tried to do but it says “Error: Something went wrong.” It flips between Legacy API Password and Home Assistant Local but does nothing else. Tried going direct so no proxy but get the same thing. Going back to .73 for now as I can no longer log in.