jeans/home-assistant.io
jeans/home-assistant.io
1
0
Fork 0
mirror of https://github.com/home-assistant/home-assistant.io.git synced 2025-04-25 13:57:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
home-assistant.io/source/_docs/authentication.markdown
DubhAd 57f631f0f8 Note about bearer tokens (#6215) 
* Note about bearer tokens

Given that there's zero documentation about those warnings, and it comes up many times a day, time to document *something* about them.

* Update

* ✏️ Tweaks

* ✏️ Formatting tweak
2018-09-10 12:40:31 +02:00

4.8 KiB
Raw Blame History

layout title description date redirect_from sidebar comments sharing footer
page Authentication Guide on authentication in Home Assistant. 2018-08-23 09:40 /components/auth/ true false true true

Access to Home Assistant is secured by our authentication system. Each member of your household will get their own user account to log in and access Home Assistant.

Home Assistant contains two different user types: the owner user account and normal users. The owner user account is created when you start Home Assistant for the first time. This account has some special privileges compared to the other users of the system:

  • Manage users
  • Configure integrations and other settings (soon)
  • Configure Hass.io (soon)

{% linkable_title Authentication %}

When a user wants to use Home Assistant, they have to log in. When navigating to the frontend without authentication, the user is asked for a login. The login page will always show you the website that you're logging in to.

Screenshot of the login screen

When logging in, make sure that the URL in the URL bar is showing the address of your Home Assistant instance.

{% linkable_title Profile %}

Once you're logged in, you can access the profile page by clicking on the badge next to the Home Assistant title in the sidebar. Here you can change your preferred language or change your password. You can also log out.

Screenshot of the profile page

{% linkable_title Multi-factor authentication %}

As a user, you can setup multi-factor authentication with time-based one-time passwords. This is an extra challenge that you have to solve after you finish your login. You will be able to set up these challenges from the profile page once you're logged in.

Screenshot of setting up multi-factor authentication

{% linkable_title Troubleshooting %}

{% linkable_title Bearer token warnings %}

Under the new authentication system you'll see the following warning logged when the legacy API password is supplied, but not configured in Home Assistant:

WARNING (MainThread) [homeassistant.components.http.auth] You need to use a bearer token to access /blah/blah from 192.0.2.4

If you see this, you need to add an api_password to your http: configuration.

{% linkable_title Bearer token informational messages %}

If instead, you see the following, then this is a message for component developers, to tell them that they need to update how they authenticate to Home Assistant. As an end user you don't need to do anything:

INFO (MainThread) [homeassistant.components.http.auth] You need to use a bearer token to access /blah/blah from 192.0.2.4

{% linkable_title Lost owner password %}

While you should hopefully be storing your passwords in a password manager, if you lose the password associated with the owner account the only way to resolve this is to delete all the authentication data. You do this by shutting down Home Assistant and deleting the following files from the .storage/ folder in your configuration folder:

  • auth
  • auth_provider.homeassistant
  • onboarding

When you start Home Assistant next you'll be required to set up authentication again.

{% linkable_title Error: invalid client id or redirect url%}

Screenshot of Error: invalid client id or redirect url

You have to use a domain name, not IP address to remote access Home Assistant; otherwise you will get Error: invalid client id or redirect url error on the login form. However, you can use the IP address to access Home Assistant in your home network.

It because we only allow using IP address as client ID when your IP address is one of internal network address (e.g., 192.168.0.1) or loopback address (e.g., 127.0.0.1).

If you don't have a valid domain name for your Home Assistant instance, you can modify the hosts file on your computer to fake one. For example, if you are on Windows, edit C:\Windows\System32\Drivers\etc\hosts file with administrator privilege, add following entry.

12.34.56.78 hassbian.home

(Please replace 12.34.56.78 with your Home Assistant's public IP address)

It will allow you to open Home Assistant instance by access http://hassbian.home:8123/

{% linkable_title Stuck on Loading data %}

Some advert blocking software, such as Wipr, also blocks web sockets. If you're stuck on the Loading data screen, try disabling your ad blocker.