SSO with Vouch Proxy

Hi,
I‘m using vouch proxy for authenticating 3rd party apps. Auth provider is homeassistant. But when I try to access those apps, a has login prompt appears, regardles if there‘s already a valid logon session to has frontend itself.
Is there an option to recognize the already authenticated session to signin transparently?

Have you found a solution already?

Just managed to get vouch working for authentication to my other servers using home assistant authentication. Would be sweet to have seamless SSO between HA and everything else.

Not yet. For my opinion there are two ways to get this working:

  • Configure has to authenticate users also with vouch. But I don‘t know if this breaks the authentication process in has completly, neither other services such as alexa or long lived access tokens would work afterwards.
  • There would be an option in has auth api to configure trusted auth providers (e.g. vouch.domain.tld). If the login request‘s source matches the trusted auth provider and there is already a valid authentication to has itself, has would automatically send an auth token to vouch, without prompting for credentials.

For my opinion the second way would be the best choice.

For me even better would be to get rid of vouch and have nginx auth_request point directy to home assistant.

An authorized list in the configuration would be one way, but what really trips me up is the reprompting for credentials. Instead it should be an “Authorize this application” button on the Home Assistant side reusing the prior authentication. (I.e. not redo authentication, just do authorization.)