Use Long-Lived Token to Access Camera Feeds

Jedman · January 12, 2021, 10:44pm

As is discussed in this thread: https://github.com/home-assistant/core/issues/24617 I would like to open a feature request to be able to use long-lived tokens to access a camera feed.

At this time I can use:
http://homeassistant.me:8123/api/camera_proxy_stream/camera.cameratest?token=“shortlivedtokenthatexpiresonreboot/reconnection”
but that of course expires often and will not work for a reliable connection to an NVR.

I have attempted to use the legacy api authentication but that is not working for me and we are told it will not be support for very long so I haven’t tried to fix it.

I would like to be able to replace the short lived token with a long lived token or have some other reliable way to access these streams with most NVRs.

byxil · February 8, 2021, 8:33pm

i am also interested in this development.
I have to insert in motioneye an esp cam which does not have the possibility of direct connection.
I would like to insert a long-lived token to be able to connect the cam
thank you

JimmyJones79 · March 5, 2021, 1:51am

Im also interested in this, having no luck, I can create the long lived token but I am on a loss on how to implement it and how to learn how to implement it for this use.

fbr1969 · April 28, 2021, 2:06pm

Me too, I have the same need.

Weissnix4711 · April 28, 2021, 3:12pm

The token query parameter only works for short lived tokens.

To use long lived tokens, the header Authorization: Bearer ABCDEFGH can be used, where ABCDEFGH is the long lived token.

See here for how this works and examples using curl.

As a fix for motioneye / other NVRs which do not allow for custom headers to be added, you can use nginx to add the header when the request originates from a certain IP address / range.

totalitarian · September 7, 2021, 3:50pm

Hans anyone managed to do this yet?

Jedman · September 7, 2021, 4:11pm

I have not. I tried to make it work with the nginx proxy and the nginx proxy manager add ons for HA without success so far (after spending a few hours…). I have attributed that lack of success to my limited knowledge of nginx and am slowly trying to learn more. For now I was forced to use Arduino ide for my cameras, though I would greatly prefer esphome (mostly because it makes it easy and I am lazy).

Weissnix4711 · September 9, 2021, 4:10pm

I’ll share my config, in case it’s of any use to anyone. I have never used proxy manager, so I’m not sure how it works and where / how to add config files. I’m using Nginx SSL Proxy addon, and I’ve added this to /share/nginx_proxy/motioneye.conf

server {
    server_name localhost;
    listen 80;

    location /api/camera_proxy {
        proxy_pass http://homeassistant:8123/api/camera_proxy;
        proxy_set_header Host $host:8080;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Authorization "Bearer abcdefABCDEF1234";
    }
}

Where abcdefABCDEF1234 is obviously your real token.

You may want to use SSL and change the server_name, if motioneye is running on a different machine. I’ve set server_name to localhost, so I’m not worried about any security issues from not using SSL/TLS. The way the nginx addon is set up for me, port 80 in the addon’s container is actually bound to port 8080 on the host, hence the Host header. Though the port is mostly irrelevant anyway, you can probably get away with changing that line to just .. $host;

totalitarian · September 23, 2021, 9:51pm

Struggling to get this to work

If I hit this URL
http://192.168.1.50:8123/api/camera_proxy/camera.front_door_nest_api
I get 401: Unauthorized

If I hit this URL
http://192.168.1.50/api/camera_proxy/camera.front_door_nest_api
I get This site can’t be reached

Here is my config

server {
    server_name %%DOMAIN%%;
    listen 80;

    location /api/camera_proxy {
        proxy_pass http://192.168.1.50:8123/api/camera_proxy;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Authorization "Bearer myToken";
    }
}

Weissnix4711 · September 24, 2021, 8:30am

Have you mapped port 80 in supervisor → nginx add-on → configuration?

totalitarian · September 24, 2021, 2:23pm

No, what would I map it to?

surge919 · February 4, 2022, 11:32pm

Any updates to this?
I’d also like to use long-lived tokens to access my camera feed.

Jedman · February 5, 2022, 4:02am

ESPHome did an update that allows us set up camera servers on the ESP itself. I’ve been using that now so I did not continue to pursue this.

DeBendeBurcht · April 19, 2022, 5:32pm

Do you know how to keep this in url form, as was described in the origional question?

Weissnix4711 · April 21, 2022, 7:36am

Not possible sadly. You have to use long lived tokens with the authorization header, and cannot use it as a query parameter.

Not sure why, but I also can’t seem to find the docs on the token query param anymore.

Unless motioneye allows you to run a custom curl command or something like that, you will have to use some sort of proxy to add that header.

Or, as @Jedman pointed out, point motioneye at the ESP32 directly, and bypass HA.