SOLVED! - Home Assistant authentication issue with own native Android APP in Flutter

Tags: #<Tag:0x00007fc3f7a46f10>

Hi all,

I’m implementing a simple Android APP using Flutter to interact with my Home Assistance instance. Until yesterday I was able to interact with my HA instance, i.e., I could get authenticated, retrieve the entities’ list, call services, etc. However, I had to delete the APP, and right after reinstalling it I was unable to authenticate myself again.

To do so, I’ve followed the official HA guides (https://developers.home-assistant.io/docs/auth_api/), the steps of the Flutter Plugin I’m using (https://pub.dev/packages/flutter_web_auth), and the insights, comments, and suggestions from the HA community.

The function that tackles the authentication in Flutter looks like:

void authHA() async {
    final String clientId = 'https://www.my-domain.com';
    final String callbackUrlScheme = 'my-domain';
    final url = Uri.http('LOCAL-HA-IP:8123', '/auth/authorize', {
      'response_type': 'code',
      'client_id': clientId,
      'redirect_uri': '$callbackUrlScheme:/',
    });
    final result = await FlutterWebAuth.authenticate(
        url: url.toString(), callbackUrlScheme: callbackUrlScheme);
    final String code = Uri.parse(result).queryParameters['code'];
}

I also added the “activity” to my AndroidManifest.xml, as indicated in the flutter_web_auth plugin website:

<activity android:name="com.linusu.flutter_web_auth.CallbackActivity" >
  <intent-filter android:label="flutter_web_auth">
	<action android:name="android.intent.action.VIEW" />
	<category android:name="android.intent.category.DEFAULT" />
	<category android:name="android.intent.category.BROWSABLE" />
	<data android:scheme="my-domain" />
  </intent-filter>
</activity>

And finally, I add the HTML tag to the content of my website application (the client ID) as noted in the HA auth_api:

<link rel="redirect_uri" href="my-domain:/">

Once I start the APP, it redirects me to the HA login page where I can enter my login and password. However, I’m not redirected back to the APP (redirect_uri seems to not work). That is, the APP remains for ever at the login screen with the message “Please wait”:
HA_redirect_uri_issue

I’m struggling with that since yesterday and I’m afraid that I’m experiencing this issue now that I’ve “reinstalled” the APP on my phone, but being the issue linked to the “security” improvements that have been implemented along newer HA versions. I’ve recently read many posts talking about secured SSL connections, NGinX add-on combined with DuckDNS, port forwarding, remote HA authentication, auth providers, etc. Indeed, I’ve configured a new RPi from scratch following the guidelines: https://techtechandmoretech.com/guides/hass-duckdns/, https://help.konnected.io/support/solutions/articles/32000023964-set-up-hass-io-with-secure-remote-access-using-duckdns-and-nginx-proxy, DuckDNS - It's not just me - it's you!, but without success. I’ve to note that my my ISP not only assigns me a dynamic public IP but it seems that on the top it shares my IP with other users via CG-NAT. That would explain why I cannot remotely access to my HA instance from outside of my network using my-domain.duckdns.org.

Before initiating further discussions with my ISP to “order” a dedicated IP, I’d like to be sure that that’s the reason why now my APP freezes at the HA login and the “redirect_uri” doesn’t work. I was also wondering, if my issue is due to such security topic and if there exist a way to configure HA in a way that would work as before. Note that I don’t need to have remotely access.

The details of my RPi 3B+ installation are:

  • Home Assistant Version: 2021.1.4
  • Installation Type: Home Assistant OS
  • Host Operating System: Home Assistant OS 5.10
  • Update Channel: stable
  • Supervisor Version: 2021.01.5
  • Docker Version: 19.03.13
  • Installed Add-ons: Samba share (9.3.0), Terminal & SSH (8.9.1), Mosquitto broker (5.1), AppDaemon 4 (0.3.2)

And the second RPi 3B+ with NGinX, DuckDNS, SSL,…:

  • Home Assistant Version: 2020.12.2
  • Installation Type: Home Assistant OS
  • Host Operating System: Home Assistant OS 5.9
  • Update Channel: stable
  • Supervisor Version: 2021.01.5
  • Docker Version: 19.03.13
  • Installed Add-ons: File editor (5.2.0), Duck DNS (1.12.4), NGINX Home Assistant SSL proxy (3.0.1), Samba share (9.3.0)

Many thanks for your time and comments!

Hi all,

I’ve found a solution to my authentication issue.

I can confirm that the authentication procedure mentioned in my previous post was right but it seems that HA has implemented some security restrictions and requires SSL connections. From one of the HA community post I was linked to @DrZzs’s video (https://www.youtube.com/watch?v=fqi_p15eI8A) where he setups NGinX and DuckDNS addons. I already did it on my 2nd RPi, but I wasn’t aware that (without NGinX) I could still login to HA from my local network by using https://LOCAL_HA_IP:8123. Thus, I changed my URI in Flutter using Uri.https(…) instead of Uri.http(…). By doing so, I’ve been able to login into HA and be redirected afterwards to my APP.

Once I parsed the ‘code’ I could request the token BUT note that “Flutter throws a CERTIFICATE_VERIFY_FAILED, when making calls to a server with self-signed certificate”, as discussed here https://github.com/flutter/flutter/issues/19588. There are different ways to overcome the the “HandshakeException: Handshake error in client…” issue, and the one I’ve successfully implemented is to follow chunlea post (https://github.com/flutter/flutter/issues/19588#issuecomment-534144223). Once done I could authenticate, retrieve the tokens, etc (https://developers.home-assistant.io/docs/auth_api/).

Thank you!

1 Like