I acknowledge that for the majority of users, the authentication options being added to Home Assistant are great. I’m also personally fond of the multi-user capability it affords for setting up the UI.
However, I’m trying to set up a long-term solution for my house, one that might hopefully survive even me some day (i.e. still continue to perform the same with little to no adjustment or modification) if something were to happen to me. I am trying to build my home services to not be reliant on internet services which have a tendency to be discontinued or upgraded to something completely different (looking at you, Alphabet). My HA is behind a VPN and isn’t exposed to any incoming ports, so I don’t have any real need for authentication.
Right now, it seems that auth breaks some things or isn’t fully implemented (AppDaemon still uses the legacy auth method, which I am not even using), and even the “long term token” option of 10 years means that at some point, if I stick with HA, things will just outright stop working, and I’ll be lucky to remember why it doesn’t work anymore. I do use HTTP API calls, so this could become an issue.
It also seems that auth will be woven into the very core of HA, which again I fully agree is a great thing for the majority of users, but that also means there’s likely no easy way to turn it completely off. I’d prefer that option, but recognize its difficulty.
To compromise, can there be an option to set up a token to never expire? This is built into the OAuth 2.0 framework and should be possible with relative ease: OAuth Access Token Lifetime