mirror of
https://github.com/home-assistant/developers.home-assistant.git
synced 2025-07-16 22:06:29 +00:00
Add long-lived access token (#82)
* Update auth_index.md * Add auth/long_lived_access_token WS API
This commit is contained in:
parent
4ea6246370
commit
cfa016e33a
@ -128,6 +128,8 @@ An HTTP status code of 400 will be returned if an invalid request has been issue
|
||||
|
||||
### Revoking a refresh token
|
||||
|
||||
> client_id is not need for revoke refresh token
|
||||
|
||||
The token endpoint is also capable of revoking a refresh token. Revoking a refresh token will immedeatly revoke the refresh token and all access tokens that it has ever granted. To revoke a refresh token, make the following request:
|
||||
|
||||
```
|
||||
@ -137,6 +139,29 @@ action=revoke
|
||||
|
||||
The request will always respond with an empty body and HTTP status 200, regardless if the request was successful.
|
||||
|
||||
## Long-lived access token
|
||||
|
||||
A long-lived access token is usally used for 3rd party API calls and webhook-ish integrations. To generate a long-lived access token, an active websocket connection has to be established.
|
||||
|
||||
Send websocket command `auth/long_lived_access_token` will create a long-lived access token for current user. Access token will not be saved in Home Assistant. User need to record the token in secure place.
|
||||
|
||||
{
|
||||
"id": 11,
|
||||
"type": "auth/long_lived_access_token",
|
||||
"client_name": "GPS Logger",
|
||||
"client_icon": null,
|
||||
"lifespan": 365
|
||||
}
|
||||
|
||||
Result will be a long-lived access token:
|
||||
|
||||
{
|
||||
"id": 11,
|
||||
"type": "result",
|
||||
"success": true,
|
||||
"result": "ABCDEFGH"
|
||||
}
|
||||
|
||||
## Making authenticated requests
|
||||
|
||||
Once you have an access token, you can make authenticated requests to the Home Assistant APIs.
|
||||
|
@ -29,10 +29,17 @@ The first user to log in to Home Assistant will be marked as the owner. This use
|
||||
|
||||
## Clients
|
||||
|
||||
Clients are applications that users use to access the Home Assistant API. Each client has a client identifier, a redirect uri and an optional client secret. The redirect uri is used to redirect the user after it has successfully authorized.
|
||||
Clients are applications that users use to access the Home Assistant API. Each client has a client identifier and a redirect uri. The redirect uri is used to redirect the user after it has successfully authorized.
|
||||
|
||||
## Access and refresh tokens
|
||||
|
||||
The client will be provided with an authorization code when a user successfully authorizes with Home Assistant. This code can be used to retrieve an access and a refresh token. The access token will have a limited lifetime while refresh tokens will remain valid until a user deletes it.
|
||||
|
||||
The access token is used to access the Home Assistant APIs. The refresh token is used to retrieve a new valid access token.
|
||||
|
||||
### Refresh token types
|
||||
|
||||
Refresh token has 3 different types:
|
||||
- *Normal*: is generated by a success log in request, and will be sent to user and possessed by user.
|
||||
- *System*: can only be generated by system user.
|
||||
- *Long-lived Access Token*: such refresh token is generated by user, but will not delivery to user, however the access token generated by this refresh token will send to user.
|
||||
|
Loading…
x
Reference in New Issue
Block a user