Open letter for improving Home Assistant's Authentication system (OIDC, SSO)

+1 for the feature request. Looking for a possibility to configure SSO.
Not sure why Hass isn’t supporting OIDC, but it’s about time :slight_smile:

1 Like

Why not think differently and use HA as an SSO system, tie other applications into HA and accessed from the HA sidebar or lovelace ui?

Sorry about that. Auth has too many terminologies that are incorrectly used interchangeably. What I meant was support for an external auth provider. And dont say hass-auth-headers: im talking native auth flow integration so i can actually use the hass phone app with my sso

1 Like

I could be wrong, but as far as I know, HA doesn’t have a generic way to be an identity provider. So any service you’d want to put in the sidebar or UI would either have to be an integration (custom or built-in) and implement auth with the service ad-hoc, or the service would have to allow unauthenticated access. That would work in the small, but isn’t a solution to the problem.

This idea also precludes doing things like using SSO for something outside of the HA UI. E.g. the kubectl CLI, or some other scenario where another fairly standard identity provider would work. You’d basically have to have a second identity provider for everything else outside of HA.

It should be priority nr1 to integrate OIDC and proper permissions (especially for the history and logbook pages!). Is there anyone here who could make this possible. maybe we should set up a bounty for this feature? I would pledge 50 eur right now

4 Likes

If I’d guess users run these systems behind firewalls for most cases, so maintainers simply don’t care about auth and don’t want to spend development time a feature that nobody going to use much

As one user commented above

HA has a pretty good security record

this is like a windows computer, connect it to internet without firewall - it gets hacked within minutes/hours

1 Like