New Authentication and what to do with old api_password?

platup · August 22, 2018, 12:30am

So when switching to the new authentication, should the old api_password be removed?
For example I now have:

homeassistant:
  auth_providers:
   - type: homeassistant

…

http:
  # Secrets are defined in the file secrets.yaml
  api_password: !secret http_password

So should I comment out the “api_password:” now?

awarecan · August 22, 2018, 2:32am

If you don’t have other integration depends on api password, then you can delete it.

platup · August 22, 2018, 3:39am

Thank you. I had commented it out and was getting an authentication error, but I couldn’t figure out what was triggering it. Ended up a system reboot and it went away.

platup · August 22, 2018, 3:44am

And as soon as I typed that, the authentication error popped up again.
I’ll try un-commenting the api password and see if that stops it. Problem is, I don’t know what’s causing it.

awarecan · August 22, 2018, 3:53am

There is a warning message ‘Please change to use bearer token access %s’ from http component
It will only once, so you may need to restart to find it

platup · August 22, 2018, 4:20am

Yes, I have several of those.
Please change to use bearer token access /api/
Please change to use bearer token access /api/services
Please change to use bearer token access /api/events
Please change to use bearer token access /api/states

awarecan · August 22, 2018, 6:10am

Are you using trusted networks? If so, we have a trusted_networks auth provider will be included in next release.

platup · August 22, 2018, 1:28pm

I don’t think so? At least not intentionally.
I have a pretty basic setup and haven’t exposed anything yet, so I’m not using SSL, Encryption, DNS… yet.
It’s Hass.io that I’m running on HassOS (64bit).
I do have MQTT Mosquito setup, but I was using a username/password before switching to the new authentication. So I don’t think MQTT is the issue.
Everything else seems to show up properly in the UI, so I’m not sure what it is.

awarecan · August 22, 2018, 4:59pm

Maybe iOS app?

platup · August 22, 2018, 5:39pm

Nope, no iOS.
And the error popped up again with api_password setup, so I’ll go ahead and comment it out again.
The warning that keeps appearing is:
Login attempt or request with invalid authentication from 172.30.32.2
My internal network is 192.168… so I’m guessing that’s something local on the Hass box.

awarecan · August 22, 2018, 6:31pm

hass.io supervisor version 125 and above should changed to use new auth. What is your version?

platup · August 22, 2018, 7:25pm

I’m on the latest, supervisor is at 127, OS is 1.9 and Hass is .76.2

rolamento · November 26, 2018, 6:20pm

Hi, Im having the exact same issue and same ip my network also on 196.168…

Getting the message “You need to use a bearer token to access /api/ from 172.30.32.2”

No clue about this ip address. Any idea about this?

Thank you.

larsentim · December 10, 2018, 4:51am

Its the IP address of your hassio_supervisor I believe. It’s used for DNS IP for hassio I think as well, since supervisor handles that? I think its saying some internal app/add-on/dns query isn’t getting the right authentication?