🌐 Show HA Community: We built OAuth for your home

Hi, I’m John. Developer and long-time Home Assistant user.

We’ve built a way for developers to request access and control any device in any home using a single API. It’s like OAuth for your house.
We’re starting with support for Home Assistant and I’m looking for feedback and feature requests from developers.

Here’s a quick demo:

[Sign Up for Early Access]

Commands are written using a simple declarative language that can be generated from any programming language or tech stack.

Early access for developers is available now. If you are interested in trying out the API, sign up and I’ll walk you through the platform and get you developer credentials.

I’m also on the Home Assistant Community Discord as johndbritton#2356.

Appreciate your time and feedback.

I dunno about anyone else, but I feel that the idea of declaring devices like switches or media players, with the system not minding how it is imlpemented, and creating a universal way to turn things on and off is just what home assistant does. Like I use light.turn_on to turn a light on whether it is an esp bulb, a hue bulb, a led in the back of a cupboard or a spotlight on my driveway. Whether it is zwave, or wifi or zigbee or some proprietary protocol, it is universally turned off and on with a ha service. Same with a media player, they all use the same service call to adjust volume or mute or play media. So far, so replicated.

What really turned me off is the statement that the first element of your system is cloud control. It is the very anitihesis of what we are trying to do with ha. [1]

Also, what is all the secrecy. Sign up? Why? Why do I have to book a webinar. If the project is properly documented, the devs here will work it out.

Where is your code? This is an open source community. Show us the source.

Or is this some money making commercial venture?

I may have the wrong impression, and if I have I apologise - and will wait for you to hopefully convince me otherwise

[1] When I say “we” I don’t mean to claim any programming or architectural skills, I simply mean the ha community.

Thanks for your comments @nickrout, definitely appreciated. Part of why I posted here is to get better at describing what I’m trying to build. Let me see if some more detail will help clarify why this might be useful.

I’m trying to make it easier for developers to write apps that interact with other peoples’ spaces. Home Assistant is a great solution for a DIYer automating their own home, but what I was looking for that I couldn’t find and have been working on creating is an API that I can use to connect to other peoples’ homes.

The single API is to serve developers who want to interact with homes regardless of what system they use to manage it. I’m starting with Home Assistant homes, but want to support any home with connected devices including those homes that are orchestrated with Alexa, Google Home, and Apple HomeKit because there are many homes without Home Assistant.

I’m starting with Home Assistant because the API and Addons system provide many ways to interact. I’d like to add the ability for app developers to request access to only some of the devices within the home instead of to the whole home and give users the power to control that access.

The combination of limited access, a unified API across all homes, and the ability to send commands to users homes from an existing applications seems compelling to me as a developer.

What really turned me off is the statement that the first element of your system is cloud control. It is the very anitihesis of what we are trying to do with ha.

I prefer local solutions to most things as well.

With this project I decided to start with cloud control because the types of apps I have wanted to build will interact with many other services, rely on internet connectivity, and will be installed on many homes at once. It’s easier to build this way as a proof of concept to see if this idea is useful to anyone. I fully expect to do some things locally, but I need to see if anyone wants to use it and how first.

Also, what is all the secrecy. Sign up? Why? Why do I have to book a webinar. If the project is properly documented, the devs here will work it out.

No secrecy, I’m just very early on this project. I only have a proof of concept that is not the simplest to get running right off the bat. I haven’t built any UI for user accounts or things that are not 100% necessary as I’m trying to see if anyone besides me will find this useful before I invest more time in those things.

As for booking a meeting to get access, that’s so that I can help anyone interested get set up and also to find out what their intended uses are so that I can help them and also implement any required features. I’d love to have people treat this as an opportunity to have another developer (me) help them build whatever their idea is.

Where is your code? This is an open source community. Show us the source.
Or is this some money making commercial venture?

I haven’t made a decision yet what parts to open source. One implementation detail is that I may build a Home Assistant Addon. If so, it will be open source.

My focus is first and foremost to solve a real problem. If I can prove that there’s a real problem here and that I can build something that they find value then I will see if there’s any commercial value.

I may have the wrong impression, and if I have I apologise - and will wait for you to hopefully convince me otherwise

I hope that I’ve clarified a bit more about what this is. Definitely eager to hear more of your thoughts. Even if you dislike the idea, I appreciate you taking the time to comment and give your feedback.

Why would I want you in my space?

I doubt whether anyone here wants you or anyone else service to access anything inside their home.

my thoughts exactly.

The idea that someone else I might not even know is managing devices in my private sphere is creepy!

And in case I am getting into a senile state in the faaaar future with no family member left at my home I’d rather let a carer in person switch my lights/blinds/cams/whatever rather than some phantom somewhere in the world is doing those tasks.

I shared the confusion at first, thinking “Why would I want this?”

But now I think I understand. I can imagine setting this up to monitor, maybe even control, some environmental entities for a non-tech-savvy relative. We’ve all been “the IT guy” for family members. They already trust us with their computers, sometimes even passwords.

Having someone “keep an eye on” my house while I’m away could be made easier this way. I wouldn’t need to give them access to a bed occupancy sensor, or a smart toothbrush. Just a few temperature and door sensors. Maybe a water sensor in the basement, or the power-monitoring smart plug which controls my sump pump. Or an “away” lighting automation.

My point is, this isn’t for everyone. I probably wouldn’t use it at this point. But it would add options to HA which would be useful to some users, maybe even myself some day. There are HA options I use which are important to me, even though they’re only used by a small fraction of HA users. We shouldn’t discourage development of this type of thing.

Pretty much my thoughts, an interesting project which I’m gonna follow but I can’t think of a use-case for myself right now, maybe if I want to manage things elsewhere in the future…

Don’t be put off by the negative comments , I’ve seen a lot of users on these forums talk about managing HA for older relatives etc that might find this useful as it evolves

Great proof of concept. However, it reminds me of the old days when Mark Zuckerberg came up with the great idea of building a community for reconnecting people, and now they are selling our data… it’s just as creepy tho.

Don’t understand why everyone isn’t quite getting this.
The idea is - this is a backend service and an authentication service right?

So a 3rd party app company could for instance create an app that lets you control your home (regardless of what technologies you have in your home), it would using your server, pop up a dialog asking what devices from Home Assistant you would like to allow access to, and then the 3rd party app would be able to control those devices.

Cloud wise, having something like Twitch be able to flash the lights or change the colour or something when you receive whatever the equivalent of a tip is on there. Or a Discord bot that flashes your lights or changes the colour, when you specifically have been mentioned in a channel - BUT only if you are home.

This sounds pretty interesting to me. Especially for non technical users.

I do manage an HA instance for my mum who is not tech savvy,

It runs locally and I remote in to the computer running it (Docker).

I am also a user on her system, so I can access all the dashboards etc very really easily through the iPad app - just switch servers (we both have Nabu Casa).

Yeah, the tech to do this for people you want to let into your space.

It seems kind of like re-inventing the wheel.

I think the way the OP worded his post made the whole thing a bit confusing, but I don’t think this is reinventing the wheel at all. In fact this is a pretty interesting project. As far as I know there is no (good) way to so this in HA as of now.

Basically what he is describing is a generic programmatic remote interface to a HA instance. This is not to give people access, it’s to give programs access. The API could be leveraged by third party applications to access someones home automation system (or parts thereof). At least that’s the way I understand it. I personally don’t have a use for this myself, but I can absolutely see use cases in assistive technologies or remote third party monitoring systems here.

You mean like the already existing API of Home Assistant?. Sorry still not getting it

He assistant does not have an api

I’m trying to figure out what this brings to the table that is not answered by Matter’s Border Router + Multi Admin functionality. All someone needs to do (yes I realize it’s nontrivial but I’m also completely convinced someone in the community will do this within months of Matter being officially available in a supportable fashion) is write an integration, add on or something that bridges HA’s non-Matter devices to a matter fabric and properly implement the spec to expose that fabric and then ANY properly authorized Matter controller would be able to access devices allowed by HA. Nobody has to learn a new spec except how to deal with Matter… Only the devices you want to allow to a foreign fabric are exposed securely, so…

uhm…

REST API | Home Assistant Developer Docs (home-assistant.io)

And WebSocket API | Home Assistant Developer Docs

Yeah, HA does have the REST and WS APIs. Sadly these two APIs are really badly designed. They’re limited in what they can do and the WS API specifically is very poorly documented. They’re also non-standard and prone to random breaking changes. Working with them as an external developer is a PITA. It feels like these APIs were never developed for external use to begin with and mostly a technical artifact from glueing together frontend and backend components.

Especially for commercial use scenarios I can fully understand the idea of having something better and well designed here. Now I don’t think that a custom component will do much here, especially with all the weird secrecy and signup stuff the OP mentioned. This is something that should be added to core. But tbh, I wouldn’t hold my breath on that. Paulus had mentioned in the past (on the Tuya ‘partnership’ discussion, before it all fell appart) that the external HA APIs were intentionally crippled so to push third party manufacturers to create custom integrations instead of relying on the API. Not sure I followed him there tbh…

Anyway. Do we need a better API to HA ? Hell yes we do. Will the OPs project achieve that ? I doubt it. But I still wish him good luck. The only thing that really put me off was all that stuff with registering and the secrecy part. Put it up on github. Open and generic APIs breathe on open discussion.

Sounds a lot like an ifttt kind of integration. Often done though webhooks. Don’t need anything for that. Or if you want full control, why not use MQTT? I don’t get it either. But then again, I don’t want Discord or Twitch to flash my lights either.

Integrations work best if they are built for HA, inside HA. If you put a generic integration in HA, and build the integration outside HA, you’re opening a can of worms with compatibility i.m.o. Unless it is with a very stable kind of intermediate interface like an ESB or MQTT or the like.

Also, you’re connecting outside in, instead of inside out it seems. That is yet another security problem I’d like to avoid.