this could be a solution. Zero Trust allow to add a skip policy for a token in header.
Anyway, with the last app update, now we can remove server and add it again. You have to reconfigure widgets but, at least, you don’t have to reconfigure all sensors
Has anyone found a solution for this? I would love to add the extra security One-time PIN to access my HA from the APP
Someone just opened a PR allowing the Android companion app to have custom headers, this will allow us to use Cloudflare service token!
Let’s manifest your interest for this feature with a 
on the PR so moderators know we care about this feature!
2 Likes
I would also like this capability! Give us remote access along with an additional secure layer of zero trust authentication!
You can implement SSL authentication in cloudflare Firewall (WAF).
Then you just install the certificate on your mobile. The android app allows to authenticate via certificate.
You only have to clear cache in the app, and log in. You will be asked to choose a certificate among those installed on your mobile. You choose cloudflare certificate and voilà.