i am trying to make my home assistant as the auth provider of the other apps i have installed in my home network using vouch-proxy. it works great until i realized that the home assistant itself does not provide an api to query at least the username to make authorization work.
then could you at least point me to the api for retrieving username within HA? once i get the docs for that i will forward that to them or i will open a PR myself. thanks
The url you pasted above shows an url, to the HA auth-api / The Devs Docs, so im sure they “Vouch-Devs” knows where to look
What i still don’t know is, Which HA User , do you want to use as “Auth-Provider” ( is it the HA-Front-end User(s), or OS-Admin(root), or Samba maybe ?
As their(Vouch) solution was to just use the name “homeassistant”, i guess you could use any names as-well
To be honest i don’t really understand what you are requesting a FR for
im sorry but from the past 2 messages it seems clear to me that now you dont have any idea how oauth and sso should work.
but basically it is to make one single login (with HA) to be used to authenticate to other apps which works great.
what i am asking here is the api for getting the currently logged in user’s username so that i can make AUTHORIZATION work.
authorization simply means deciding what a user can access. so without a username nothing can be done about that.
about the docs, i am a dev, and i can assure you 100% that there is not a single docs that shows how to retrieve a username or any user info in general. asking the vouch proxy dev to just look at the non existent docs again will just make me look embarassing.
HA isn’t built to be identity or OAuth (e.g.) provider, thus neither authentication nor authorization. If anything, it should be the other way around. I’m not aware of anything in the API that will allow you to do what you want to.
all i am asking is just an api for retrieving username. oauth login is already supported with HA + vouch proxy. what is lacking is just an api to get the current user’s username to make authorization work. vouch proxy itself already supports basic rbac but if thats not enough there is openresty.
i agree that the auth should be the other way around but given the lack of support after all these years, i dont think it will happen at all.
edit: it also seems that you are misunderstanding where the authorization should happen. all HA needs to do is to authenticate (already working) and providing resources about the user (what the FR is about). authorization is done within vouch proxy or openresty as the oauth client in this case.
so the HA dev apparently just does not want to add any new REST API at all. fortunately there is an undocumented websocket API that i can use for now. case closed.
