Authentication Providers Update - Now Getting HAMMERED by Auth Errors from Unknown Source

After the Authentication Providers update that started the deprecation of Legacy API Password, my system is getting pounded by hundreds of errors that show something on my host IP is attempting to log into Home Assistant.

Login attempt or request with invalid authentication from


Login attempt or request with invalid authentication from

And the Notification within Home Assistant regularly shows:

Login attempt failed
Login attempt or request with invalid authentication from

My config currently shows this:

    - type: homeassistant

And I’ve gone through everything I can think of to ensure the legacy API password is not being used, but have come up short. Here are some other details about my configuration:

  • HA hosted in Docker on Synology NAS
  • Using MySQL db in Docker on Synology NAS for recorder
  • Using Unifi device tracker platform
  • Using Nabu Casa
  • Also have reverse proxy set up through Synology NAS (so SSL certificate and port management is managed there).

Any ideas or suggestions for what I can do to remove this error?

You’ve got almost identical setup as mine. I’m also getting auth problem from time to time. I suspect someone is trying to log on via external IP via reverse proxy. The problm is that I think it’s the reverse proxy to blame for not showing the real, public IP of the person trying to log on.
Did you find a solution for this? There must be a way to force ngnx in Synology to pass the real IP instead of to Home Assisatnt

haven’t figured it out yet, but I still get these all the time. I can tell it’s coming from me, so there’s still something in my config that is off…or not working with Nabu Casa in this configuration…

If it’s a reverse proxy, see the http: section in config, specifically trusted_proxies and x_forwarded_for - then you will see the real ip address. I also use the custom_component authenticated which makes a sensor showing ip address of last auth plus keeps a log file.

Do you do that with Nabu Casa?

I originally had the trusted_proxies and x_forward_for in my config, but had to remove those when I added Nabu Casa to my system.

I don’t use Nabu Casa

Correct! I introduced these to my setup shortly after posting this question. I’ve made some research and these things solved my problem. I can confirm to others that it’s working fine. Thanks for the reply anyway :slight_smile:

and to clarify, you don’t use Nabu Casa either?

1 Like

It may be worth looking into LDAP authentication if you are having issues with HA’s authentication