Hi!
Given that home assistant is meant to be the single source of truth for a home, perhaps it’s time we thought about making authentication a first class citizen?
LDAP is the standard “user” database, and enabling LDAP would allow such magic as SSO, two factor, adding other applications/platforms in, etc.
Additionally, something like Authelia, which can either be deployed as a static binary or as a docker image, could handle all of the web based auth.
With the add-ons, I have a username/password combo for:
nginx proxy manager
deconz
unifi controller
node-red
adguard
It’s a lot, and I think Authelia, correctly configured, could manage almost all of that authentication.
Heck, we could even use Vouch and authenticate directly against Home Assistant.
Having a standard “auth” platform would enable add-ons to be much more smoothly integrated to Home Assistant, opening up a plethora of potential features and functionality.
Essentially, it’s a tiny proxy that uses an identity provider to allow or deny requests. Could be put in front of all ingress and use the home assistant identity provider to permit access to add-ons, etc.