Illegal login - camera entity IDs always changing

you can have legacy password AND tokens AT THE SAME TIME!
you just need to set the legacy password in the HA config.

what did you use for password untill now? the user password? that wont work. you need the legacy password also in 0.87

i updated my custom camera widget, but that also expects the legacy (API) password in HA

This is a fresh install of HA v87 not an upgrade. When installing HA I created a user name and password. In the camera widget url I have tried the api_password=thepasswordIcreatedforHA and it doesn’t work for me.

thats because you dont want to use THAT pasword.
if you would have read the things i told you, you would know 2 days ago that you need to add:

http: 
  api_password: !secret http_password

to your HA configuration
and you use THAT password and that IS the legacy api password

The problem I see is the use of refresh tokens in the camera_entity. I can use it’s current refresh token but as soon as 5 minutes elapses, the token in HA refreshes and as soon as I refresh the screen that token is no longer valid.

What I’m trying to figure out is what has changed between v73 and v87 to cause this problem. You did suggest earlier that the generic camera widget creator did not change the code to reflect the changes between the two versions of HA,

Am I wasting both your time and mine trying to get this to work. I have tried every combination I know in the url but all that will work for a short period is the inclusion of a short term token in the url for 5 minutes only

Have you tried what @ReneTode has suggested

My apologies @ReneTode and @nickrout I had the secrets.yaml file commented out while trying to figure out another problem last week.

I had the required line in the configuration.yaml and the secrets.yaml. They are both working correctly now and the stream is functioning correctly on HA Dashboard

Once again thank you both for your help in this matter.

any updates here? i also want to camera entity picture, can it be done without token?
dont want to use the API key, but bearer instead

wont be possible without api password, untill at least a new release from AD is there.

Although this is a fairly old thread, I want to document here that there is another solution which avoids using the deprecated api_key option:

home assistant configuration part:

homeassistant:
  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      allow_bypass_login: true
      trusted_networks:
        - 192.168.100.123
      trusted_users:
        192.168.100.123: 2cfdca395f8d40d2b35ad2b61ddd5a03

^ where 192.168.100.123 is the IP-address of the e.g. tablet computer running the HADashboard and 2cfdca395f8d40d2b35ad2b61ddd5a03 is the User-ID of the designated user account mapping in Home Assistant.

HADashboard configuration:

camerawidget:
    widget_type: camera
    entity: camera.your-camera-entity
    refresh: 0.5
    base_url: https://your-base-url