GithubHelp home page GithubHelp logo

hass-jwt-access-token's Introduction

Access Token Auth for Home Assistant

This custom component allows you to delegate authentication to a reverse proxy.

This integrations checks the value of a configured cookie and authenticates based on its content, after checking it is valid. The value of the configure username is checked against usernames already present in Home Assistant internal database. Users have to be created in Home Assistant by hand.

Use with caution. If misconfigured, this can lead to a Home Assistant instance that anyone can access

Installation

Add this repository to HACS.

Update your configuration.yaml file with

access_token:
    # Url to JWKS with your public keys / certs
    jwks_url: https://<yourworkspace>.cloudflareaccess.com/cdn-cgi/access/certs
    # Name of the cookie that contains the JWT
    cookie_name: CF_Authorization
    # Expected value for the audience claim
    audience: eefce7c8394f2e1882563d78e1c023f7a0ffb6add7565aca96be2475c3f26253
    # Optional: claim cointaining the username of the user to login, defaults to "sub"
    username_claim_key: email

# Optionally, if something is not working right, add this block below to get more information
logger:
    default: info
    logs:
        custom_components.access_token: debug

Afterwards, restart Home Assistant.

How it works

On boot, two main things are done when the integration is enabled:

  1. The default LoginFlowIndexView view is replaced. This view is called when you submit the login form. The replacement for this view, RequestLoginFlowResourceView, simply adds the HTTP Request to the context. This context is passed to authentication Providers.

    Normally the Request is not included, as none of the providers require it.

  2. The Access Token Authentication Provider is injected into the providers, before the other authentication providers.

    This ensures that Header auth is tried first, and if it fails the user can still use username/password.

Help! Everything is broken!

If anything goes wrong or Home Assistant fails to load the component correctly, simply remove the access_token block from your configuration file and restart Home Assistant.

Credits

This project is truly highly inspired and could not have existed without the incredible work from @BeryJu and @sidoh. Thank you guys, you rock ๐ŸŽธ.

hass-jwt-access-token's People

Contributors

sibest19 avatar dependabot[bot] avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.