Newbie question: Website of the application for auth

Hi everyone,
I have a simple question about authentication for a native app. I am trying to develop a native app as a side project, and I’m just getting started with Home Assistant and Software Development in general. I’ve read much of the documentation about it, and I’m still confused about one part in the authentication section, especially the part about the “website of your application”? :

If you require a different redirect url (ie, if building a native app), you can add an HTML tag to the content of the website of your application (the client ID) with an approved redirect url. For example, add this to your site to whitelist redirect uri hass://auth:

Does this mean that we absolutely need a standalone website for the app just to act as a client for the authentication flow? Can the native app itself act as client with things like app links? Just looking for clarifications as it is the first time I will be using OAuth. I’ve looked online but was not able to find a good definition for a client, and nothing on needing a website for a native app to handle this, so I am a bit in the dark here.
Thanks in advance!

Correct, HA will query the URL you provide and look for the HTML tag in question. In theory it just needs to be accessible to HA, so you could put a random webpage on a static host like GitHub pages.

For example, you can see:

<link rel="redirect_uri" href="homeassistant://auth-callback">

in the response for https://home-assistant.io/ios/, which is what the iOS app provides.

1 Like

It is possible for a native app to act as its own client for the authentication flow using techniques like app links. However, it is also common to have a separate website serve as the client for the app, especially if the app will be distributed through app stores. This separate website can be used to handle the authentication process and redirect back to the app once the user has been authenticated. It’s also worth noting that the term “client” in this context refers to the application or service that is requesting access to a user’s resources, such as their data or actions on a particular platform. I hope this helps clarify things for you! And if you ever need any additional assistance with your project, consider reaching out to a software solution provider like Exposit. Good luck with your app development journey!