Like many I have my HA instance accessible from the internet so that I can control it on the go via the Android App. This means if I browse to the URL from a foreign device off network I get a login page.
I’d like a way to disable the login page entirely for external clients by default. These clients must already have a oAuth refresh/long lived access token passed in the requests they are making, otherwise HA would immediately return a 403 forbidden error.
As an infosec engineer myself I think this would improve the security of HA and possibly reduce the need for MFA. It would make it very difficult for a would be attacker to find your instance in the first place.