I totally agree with your opinion and still I think Frenck is kind of right that the majority of users would not go through the hassle of setting this up. And then there is also nabu casa cloud, which provides remote access and backups to homeassistant.
That being said I would like to share my mixed bag of success. I started using pangolin and right on could set up access to my local homeassistant instance by putting
html:
use_x_forwarded_for: true
trusted_proxies:
- <ip of the newt endpoint>
in my configuration.yaml but I needed to turn authorization off. This also works with the homeassistant companion app on android (no Apple devices to test here).
adding
to HACS
and setting
auth_header:
username_header: Remote-User
AND making sure that the HA user == pangolin user now enables me to use pangolin for sign on and connect to my HA instance remotely without being prompted for a password.
This is about 60% of where I would like to be in terms of SSo but better than nothing. Since I did not find anything about HA + pangolin I hope this post can save someone on the internet some time to figure out the details. Especially the proxy part caused me some headache since it is a bit counter intuitive first. But if you think about the architecture with the wireguard tunnel it actually makes sense.