Auth_providers with trusted_users isn't working

thecurto · June 26, 2020, 3:46pm

I’ve been trying to configure auth_providers following the instructions here: https://www.home-assistant.io/docs/authentication/providers/

It works fine until I add trusted_users, then HA won’t start. The config is passing the a config check, but it doesn’t like something. Here is my config which is at the top of my configuration.yaml file:

homeassistant:
  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        - 192.168.1.0/24
      trusted_users:
        192.168.1.0/24: 
        - cast
      allow_bypass_login: true

I’m trying to set this up so I can use CATT for a user_id named ‘cast’. Can anyone tell me what I’m missing?

thecurto · June 26, 2020, 5:25pm

After a couple more hours I was able to resolve this. I was using the user ID that I set when I created the user; in this case ‘cast’. However, if you click on the user under Configuration > Users, there is a long string presented for the ID. That’s what I needed. This is what my working config looks like:

homeassistant:
  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        - 192.168.1.0/24
      trusted_users:
        192.168.1.55: edf4e1fb6833e223b92eb0c4e34b06a4
      allow_bypass_login: true

Kjoere · May 12, 2021, 9:35am

thanhs for sharing your solution!

wifi75 · June 28, 2021, 7:22am

below my configuration, but not work

auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 192.168.1.0/24  # Casa
        - 138.1.216.88  # Booorr
        - fd00::/8
      trusted_users:
        138.1.216.88: xxxxxxxxxxxxx4159abcxxxxxxxxxx
        192.168.1.0/24:
          - xggg1dxxxxxxxxxxxxxx9abc8c9xxx   # Tiziano
          - xxxxxxxxxxd481b9edxx3a62xxxxx   # Alice
        "fd00::/8":
          - xxxxxxxxxxxxxxxxxx8d84159abcxxxxxx   # Tiziano
          - xxxxxxxxxxxxxxxxxxxxxxxdd3a6xxxxxx4   # Alice

why ??

fireheadman · January 19, 2022, 3:12am

what I’m confused about is why have trusted users? Seems like a security flaw in my use case…
I have 4 family members using HA mobile. so if/when they logout (for whatever reason), then relaunch… any of them are able to click “Trusted Network” and assume any user listed and no password is prompted.

I didn’t realize this right away until I accidentally clicked my username (which is admin) and they became me for a few min! (very out of body experience!).

So if you have all users setup as trusted-users, it seems like it becomes more of the “trust” system that they will stay logged in using their userid…

Or am I missing a critical piece that prevents this behavior?

chris2172 · December 2, 2022, 5:42pm

I spent hours doing the same thing and using the user name and not the user ID
I am so glad I came across your post