0.77: Authentication system 👮‍♂️ + Hangouts bot 🤖


It’s time for a great new release and it includes a big change: the new authentication system has been activated! We’ve worked very hard on this for the last couple of months to make the transition as smooth as possible. Updating to this release is a non-breaking change (unless you had no API password configured). As can be seen in the video above, when you start Home Assistant after the update, you will be presented with our new onboarding flow. This will ask you to create a new account after which you will be able to log in to Home Assistant.

Once logged in, you will have access to the following new features:

  • Change your password
  • Configure multifactor authentication (TOTP)
  • Manage other users (limited to account created during onboarding)

Although it’s possible to configure authentication, we strongly recommend to stick with the default authentication configuration. If you had auth providers configured in a previous Home Assistant release, we recommend to remove the configuration and start using the default.

It will take some time before all of the Home Assistant ecosystem has been migrated over to the new auth system. Home Assistant will print a warning whenever an application connects to Home Assistant with the legacy authentication. This will help users notify the application developers to transition to use the new OAuth2 authentication. For non-interactive scripts or other applications that are unable to update, we are planning to introduce a migration path for components to adopt url specific auth tokens and also introduce long lived access tokens to replace API passwords. A list of impacted components can be found here.

Our iOS app will soon be updated to work with the new auth. It’s already in testing. The old app will continue to work with the legacy API password support. It will however require a second login when using the webview.

If you are using a proxy server (NGINX etc) in front of Home Assistant to provide authentication, check this blogpost by @DubhAd how to make it work.

I want to say a biiiig thank you to all the people that have been involved in the development and testing of the new authentication system. It’s been a big project and it’s been great to see how we, as a community, have rallied together to tackle it. Especially a big shout out to @awarecan who has done an amazing job on this.


And that’s not it ! @hobbypunk90 has contributed a new integration for Google Hangouts. You can send messages but can also configure intents to handle incoming messages from specific people. Very cool!


You didn’t think we would forget about Lovelace, did you? This release include a new notification drawer thanks to @jeradM. It will collect all persistent notifications and configurator entities and shows it in a new sidebar toggleable from the toolbar.

New Platforms

Release 0.77.1 - August 29

Release 0.77.2 - August 31

Release 0.77.3 - September 3

Frontend changes only:

  • Ask “save login” after hass connected PR @awarecan
  • Show an error when invalid client id or redirect uri PR @balloob
  • Disable autocapitalization of username field PR @timmo001
  • Upgrade MDI icons PR @balloob
  • Update translations

If you need help…

…don’t hesitate to use our very active forums or join us for a little chat. The release notes have comments enabled but it’s preferred if you use the former communication channels. Thanks.

Reporting Issues

Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.

Backward-incompatible changes

Beta Fixes

All changes