Auth_providers not working

Im trying to grant local access to HA without requiring a password, while still requiring a password when accessing HA externally. Every time I put this in the configuration under homeassistant I get locked out and have to comment out this section in the conifguration yaml through ssh. Then manually power cycle the pi.

I read the trusted networks docs but I’m not sure why this isnt working. Any ideas?

 auth_providers:
      - type: homeassistant
      - type: trusted_networks
        trusted_networks:
          - 127.0.0.1
          - 192.168.1.0/24

Me too. Same problem.

The indenting in the top post is totally stuffed. Can you post your config? It works perfectly for me and I even added the trusted_users in 0.91 and that works great as well…

Sorry for delay.

On error log :

2019-04-29 21:40:28 ERROR (MainThread) [homeassistant.setup] Setup failed for auth_providers: Integration not found.

What integration is missing ?

This is my config :

auth_providers:
  - type: trusted_networks
    trusted_networks:
      - 192.168.1.0/24
      - 127.0.0.1
      - ::1
      - 172.30.32.1
    allow_bypass_login: true
  - type: homeassistant

I can’t get this working either, I’m running hassio and ‘Fully Kiosk Browser’ on the tablet.

homeassistant:
  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        - 192.168.1.0/24
        - 192.168.1.131
        - 127.0.0.1

the 131 address is the tablet, but it still asks for the username and password.

Not sure if you resolved your issues, but I found this issue was related to loading packages. I’m on .93, and use packages to load my integrations. When I tried to load auth_providers from the homeassistant file in my Integrations folder, it would not work. When I put the auth_providers section into my main configuration.yaml file, it works perfectly.

My best guess is it has something to do with auth_providers loading before packages. There was a similar issue with the old api_password feature.

1 Like

Authentication providers are configured in your configuration.yaml under the homeassistant: block.

You get this error when you put auth_providers: as a top entity. It needs to look like:

homeassistant:
  auth_providers:
2 Likes

Sorry to bring up an old thread but I thought it was better than creating a new one on the same topic.

I had my HassIO install IP ban itself today (127.0.0.1) so I thought I’d try to prevent this…but then I broke the UI and don’t understand why.

I removed the IP ban from ip_bans.yaml and then added the following ‘auth_providers’ section to my config, restarted HA. HA restarted (I got a push notification as per one of my automations) but I can’t get to the GUI. What is wrong with my config here?

homeassistant:
  name: Home
  latitude: !secret latitude
  longitude: !secret longitude
  elevation: 16
  unit_system: metric
  time_zone: Australia/Perth
  
  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        - 192.168.0.0/24
        - 127.0.0.1

further down I have this:

http:
  cors_allowed_origins:
    - http://192.168.0.14:8123

…although I’m not really sure what cors_allowed_origins does or if I need it there…

If someone can please let me know how to fix the GUI and prevent further self banning, that would be awesome.

EDIT: so last night I commented out the auth_providers code and restarted HA, GUI is happy again. My question still remains, why is the above code causing issues?

I can’t able to work this out. This is my code:

  auth_providers:
    - type: homeassistant
    - type: legacy_api_password
    # - type: trusted_networks
       # trusted_networks:
         # - 127.0.0.1
         # - 192.168.1.2/24
         # - 192.168.1.3/24
         # - fe80::/8

    
http:
  api_password: !secret http_password

when I comment the - type: legacy_api_password everything was fine. But after un commented the line, the GUI is not loading and when I opened the Home Assistant log text file in /config folder, shows these lines,

2019-07-17 16:50:34 ERROR (MainThread) [homeassistant.auth.providers] Invalid configuration for auth provider legacy_api_password: required key not provided @ data[‘api_password’]. Got None
2019-07-17 16:50:37 ERROR (MainThread) [homeassistant.config] Invalid config for [homeassistant]: required key not provided @ data[‘api_password’]. Got None. (See /config/configuration.yaml, line 1).
2019-07-17 16:50:37 ERROR (MainThread) [homeassistant.core] Error doing job: Task exception was never retrieved

I have api_password in secret file that was valid in earlier versions before using auth_providers. Can someone able to tell me what mistake I did?

probably it is because api_password is deprecated from .96. If you have a version greater or equal to that, then you need to choose a different auth provider.

cheers
tom

found it. previously the api_password: !secret http_password was present in both auth_providers: and http: sections. I removed the line in http: section and issue resolved.

Thanks. This finally helped me to get the configuraiton check working :heart_eyes:

I am also unable to make this work even though everything seems to look right to me. The first half of the logs is me trying to reach the UI through my external domain using hairpin-NAT on the LAN, that’s why the source appears to be my router. The second half of the logs is me going directly to the port that Home-Assistant is running on, thus the source is the IP of my computer. I am running Home-Assistant using Docker with networking set to “host” so it is directly bound to the port on my servers NIC, no docker port mapping stuff.

The login page just says my computer is not allowed when I try to do local network login.
image

I have the following configuration:

homeassistant:
  # Name of the location where Home Assistant is running
  name: redacted
  # Location required to calculate the time the sun rises and sets
  latitude: !secret loc_lat
  longitude: !secret loc_lon
  # Impacts weather/sunrise data (altitude above sea level in meters)
  elevation: 35
  # metric for Metric, imperial for Imperial
  unit_system: metric
  # Pick yours from here: http://en.wikipedia.org/wiki/List_of_tz_database_time_zones
  time_zone: Europe/Stockholm
  # Auth stuff
  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        - 192.168.0.0/16
        - 172.16.0.0/12
        - 127.0.0.1

  # URL
  external_url: https://redacted.tld
  internal_url: http://192.168.11.31:8123
  # Customization stuffs
  customize: !include customize.yaml

# web ui and auth stuff
http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 192.168.0.0/16
    - 172.16.0.0/12
    - 127.0.0.1

# logging
logger:
  default: critical
  logs:
    homeassistant.components.http: debug

The logs say this:

[14:42:53] INFO: Home Assistant Core finish process exit code 100
2022-08-23 14:42:54.587 INFO (MainThread) [homeassistant.components.http] Now listening on port 8123
2022-08-23 14:42:56.558 DEBUG (MainThread) [homeassistant.components.http.view] Serving /api/websocket to 192.168.11.1 (auth: False)
2022-08-23 14:42:57.319 DEBUG (MainThread) [homeassistant.components.http.view] Serving /api/websocket to 192.168.11.1 (auth: False)
2022-08-23 14:43:01.705 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/providers to 192.168.11.1 (auth: False)
2022-08-23 14:43:01.805 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to 192.168.11.1 (auth: False)
2022-08-23 14:43:03.027 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow/6069e06d0e451eb8bef459573ab06bfb to 192.168.11.1 (auth: False)
2022-08-23 14:43:03.034 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to 192.168.11.1 (auth: False)
2022-08-23 14:43:07.631 DEBUG (MainThread) [homeassistant.components.http.view] Serving /api/websocket to 192.168.11.1 (auth: False)
2022-08-23 14:43:23.169 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/providers to 192.168.11.30 (auth: False)
2022-08-23 14:43:23.301 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to 192.168.11.30 (auth: False)
2022-08-23 14:43:24.703 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow/22bb924caae31cc9c94dec75bc1fa4d5 to 192.168.11.30 (auth: False)
2022-08-23 14:43:24.708 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to 192.168.11.30 (auth: False)

how I it possibl allaw login only by private lan?

Go to Settings → People → select the user:

In case anyone is wondering, local LAN logins seem to work fine. It’s just not very obvious what to click on to do it. There’s this kind of hidden link below the login form -

I am having a similar issue now while trying to remove the login screen for local users. I have only setup trusted_networks as auth_providers and not homeassistant, so the login screen doesn´t appear, and it is actually working fine for new devices, but for devices that have logged in before I made the change, I get the error “No auth providers returned. Unable to finish login.”:

image

Which is fixed after cleaning the cookies of the browser and retrying, so it seems the cookies store some value that is not valid after removing homeassistant from the auth_providers, but it is pretty anoying as I need to clean the cookies in all the devices of the family, is there any way to avoid this error from HA itself that doesn´t include deleting the cookies from the browser?