Hey, I know this sounds like a duplicate to the role-based access topic that already exists, but I mean something different.
I’d love to have a more standardised way to make a subset of sensors and maybe commands available from remote. Not for guests or other users, but for myself. At the moment I create dedicated telegram bot commands for that (switching the heating on and off, sending a status with the most important sensor values to me, …). The user experience compared to the companion app is of course limited, but the big advantage is: only what I manually set up in HA as a telegram command/automation is available from outside the apartment. Even if someone hacks my phone, or someone at telegram takes over my bot, there is simply nothing setup in my HA instance that would let them execute random commands or export statistics or grab camera images, or or or.
I know this somehow goes against the whole approach that Nabucasa is providing (remote access as if you were at home), but I simply dont feel comfortable enough with making my whole HA setup reachable from the Web. Encryption, 2fa, etcetc, don’t make the difference for me.
Definitely not a quick win, but an approach could be: separate login/access url or endpoint, which is the only thing that gets forwarded to the outside world. The companion app would then store both urls, and switch to the external one once wifi is not available anymore.
Alternative approach I want to look into: web-hosted mqtt server, or just a simpler way to send and receive telegram commands then typed commands 