Updates docs for remote-user (#1691)

* Updates docs for remote-user

* Update configuration.md

* Update endpoints.md

* Update security.md
This commit is contained in:
Florian Bachmann 2023-08-24 16:25:25 +02:00 committed by GitHub
parent 59be20342a
commit 72871b7783
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 0 deletions

View File

@ -39,3 +39,13 @@ As a developer, follow the following best practices to make your add-on secure:
## Use Home Assistant User backend
Instead of allowing users to set new login credentials in plain text config, use the Home Assistant [Auth backend](/docs/api/supervisor/endpoints#auth). You can enable the access to the API with `auth_api: true`. Now you are able to send the login credentials to the auth backend and validate them in Home Assistant.
## Authenticating a user when using ingress
When the addon is accessed via the supervisor's ingress, the authorized user can be identified by its session token. The supervisor then adds some headers identifying the user to every request:
| Header name | Description |
| -------------------------- | ------------------------------------------- |
| X-Remote-User-Id | ID of the authenticated Home Assistant user |
| X-Remote-User-Name | The username of the authenticated user |
| X-Remote-User-Display-Name | The display name of the authenticated user |

View File

@ -1624,6 +1624,12 @@ Shutdown the host
<ApiEndpoint path="/ingress/session" method="post">
Create a new session for access to the ingress service.
**Payload:**
| key | type | optional | description |
| -------- | ------ | -------- | ---------------------------------------------------- |
| user_id | string | True | The ID of the user authenticated for the new session |
**Returned data:**
| key | type | optional | description |