WTH Login attempt or request with invalid authentication

Hykario · December 17, 2024, 7:42pm

Login attempt or request with invalid authentication

opened 01:43PM - 01 Apr 24 UTC

integration: http

### The problem Since a couple of days, I get the following error when opening …the app when I'm at home. In this case on my iPad, but also happens on my iPhone. ``` Logger: homeassistant.components.http.ban Source: components/http/ban.py:128 integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/core/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22)) First occurred: 11:08:24 (2 occurrences) Last logged: 15:31:55 Login attempt or request with invalid authentication from Tijns-iPad-2023.fourpets.net (192.168.xxx.121). Requested URL: '/api/websocket'. (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Home Assistant/2024.3 (io.robbie.HomeAssistant; build:2024.608; iPadOS 17.4.1) Mobile/HomeAssistant, like Safari) ``` The app the displays an "unable to connect" screen with a countdown from 60 to 0. When I close the app and start it gain, it connects without issues. ### What version of Home Assistant Core has the issue? core-2024.3.3 ### What was the last working version of Home Assistant Core? Not sure if it is since the update ### What type of installation are you running? Home Assistant OS ### Integration causing the issue _No response_ ### Link to integration documentation on our website _No response_ ### Diagnostics information _No response_ ### Example YAML snippet _No response_ ### Anything in the logs that might be useful for us? _No response_ ### Additional information _No response_

Why is this not seen by any HA staff. It’s really annoying and there is no real issue to be found.

jbarthel · December 17, 2024, 8:43pm

Goes in line with the ongoing problems that seem to be related IMHO to the Apple HA app. Had it recently with family visitor that she got logged out every few hours (between less than one and more than 24) from HA in her Apple devices. Then I got the notification of an invalid login from 127.0.0.1 - which I get occasionally, now attribute it to Apple.

Though our only other Apple devices don’t fail to login, from what I read, I assume that the device fails to login with “cached” information and then recovers somehow and logs in.

I’m amateur, no expert, and for me it’s not a WTH … but only as I don’t bother much about Apple… But it seems rather a base-functionality being buggy here? And cause Apple users to WTH this?

ShadowFist · December 17, 2024, 8:46pm

Please don’t open WTH about issues in github without resolution. WTH are for feature requests, not for bumping ignored issues.

All I can say is, the only times I’ve seen that error log in my instance is when bots were trying to brute-force access and HA did what it had to do. If this were a widespread issue, then there would be way more forum posts (outside the WTH month) about it, given that it was originally reported in April.

distante · December 26, 2024, 5:38pm

Happens also on Android, but the problem is not always reproducible, I think that is reason why it is “low prio”

But I got kick out of local instance today and I could just fix it because I have an VPN to my home, otherwise I would have not be able to check anything for a week!

mkz212 · December 26, 2024, 5:41pm

Login failure happen if you log in to one account on one device and then login to the same account on different device OR login to different HA. If you clear cache before login there will be no failure message.

distante · December 26, 2024, 5:54pm

Personally I have not put any credentials in my phone for more than a year I think, It stills bans me from time to time.

I have external URL and Local URL credentials.

mkz212 · December 26, 2024, 6:43pm

Go to Profile / Security - there are tokens. I think that this is something with this. After you are succesfully login to one account on one device there is token, and if you try to log in on second device to same account login and password is ok but token is incorrect. Same if you try login on second HA instance where you have same login and password.

jbarthel · January 9, 2025, 9:56am

“Share your “What the heck?!” moment or discuss/vote those of others.”

IMHO it (better) is expressly not just about feature requests, but about what WTH moments happened and why they could not be resolved (or rather difficult). So giving the response IMHO would be quite contrary to sharing WTH moments? The best WTH is what could not be easily resolved with a feature request?

To not flood it, I for example shared the one WTH moment of 2024 that made it to the top of my personal list (Doorbell communication).