From 5b37938c86342dd40f86b014e15bf5e86130aece Mon Sep 17 00:00:00 2001 From: Allen Porter Date: Mon, 31 Mar 2025 05:43:55 -0700 Subject: [PATCH] Document Model Context Protocol Server OAuth with Home Assistant (#38279) * Document Model Context Protocol Server OAuth with Home Assistant * Update source/_integrations/mcp_server.markdown Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * Fix lint errors * Update mcp_server.markdown * Apply suggestions from code review Co-authored-by: Paulus Schoutsen --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Paulus Schoutsen --- source/_integrations/mcp_server.markdown | 26 +++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/source/_integrations/mcp_server.markdown b/source/_integrations/mcp_server.markdown index e16d92ea6ba..4fef4c25ff3 100644 --- a/source/_integrations/mcp_server.markdown +++ b/source/_integrations/mcp_server.markdown @@ -61,14 +61,30 @@ to act as a gateway to the Home Assistant MCP SSE server. ## Client configuration -The Model Context Protocol specification does not yet define standards -for authentication and connecting to remote servers. These are a *work in progress* -and this configuration will likely change in the near future. +The Model Context Protocol specification has recently defined standards for +authorization and connecting to remote servers. The standards are a *work in progress* +and so some clients may not support the latest functionality, and the specification +will likely continue to evolve. ### Access control -For now, we can use -[Long-lived access token](https://developers.home-assistant.io/docs/auth_api/#long-lived-access-token) to control access to the API. +#### OAuth + +The Model Context Protocol supports OAuth for [Authorization](https://spec.modelcontextprotocol.io/specification/2025-03-26/basic/authorization/) and is fully supported by Home Assistant's +[Authentication API](https://developers.home-assistant.io/docs/auth_api/). MCP +Clients that support OAuth can use this to allow you to give the client access +to your Home Assistant MCP server. + +Home Assistant has adopted [IndieAuth](https://indieauth.spec.indieweb.org/) and does not require you to pre-define +an OAuth Client ID. Instead, the Client ID is the base of the redirect URL. + +- *Client ID*: If your redirect-uri is `https://www.example.com/mcp/redirect`, your client ID should be `https://www.example.com`. +- *Client Secret*: This is not used by Home Assistant and can be ignored or set to any value. + +#### Long-Lived Access Tokens + +Some MCP clients may not support OAuth, but may support access tokens. You may create a +[Long-lived access token](https://developers.home-assistant.io/docs/auth_api/#long-lived-access-token) to allow the client to access the API. 1. Visit your account profile settings, under the **Security** tab. {% my profile badge %}.