It’s time for a great new release and it includes a big change: the new authentication system has been activated! We’ve worked very hard on this for the last couple of months to make the transition as smooth as possible. Updating to this release is a non-breaking change (unless you had no API password configured). As can be seen in the video above, when you start Home Assistant after the update, you will be presented with our new onboarding flow. This will ask you to create a new account after which you will be able to log in to Home Assistant.
Once logged in, you will have access to the following new features:
- Change your password
- Configure multifactor authentication (TOTP)
- Manage other users (limited to account created during onboarding)
Although it’s possible to configure authentication, we strongly recommend to stick with the default authentication configuration. If you had auth providers configured in a previous Home Assistant release, we recommend to remove the configuration and start using the default.
It will take some time before all of the Home Assistant ecosystem has been migrated over to the new auth system. Home Assistant will print a warning whenever an application connects to Home Assistant with the legacy authentication. This will help users notify the application developers to transition to use the new OAuth2 authentication. For non-interactive scripts or other applications that are unable to update, we are planning to introduce a migration path for components to adopt url specific auth tokens and also introduce long lived access tokens to replace API passwords. A list of impacted components can be found here.
Our iOS app will soon be updated to work with the new auth. It’s already in testing. The old app will continue to work with the legacy API password support. It will however require a second login when using the webview.
I want to say a biiiig thank you to all the people that have been involved in the development and testing of the new authentication system. It’s been a big project and it’s been great to see how we, as a community, have rallied together to tackle it. Especially a big shout out to @awarecan who has done an amazing job on this.
And that’s not it ! @hobbypunk90 has contributed a new integration for Google Hangouts. You can send messages but can also configure intents to handle incoming messages from specific people. Very cool!
You didn’t think we would forget about Lovelace, did you? This release include a new notification drawer thanks to @jeradM. It will collect all persistent notifications and configurator entities and shows it in a new sidebar toggleable from the toolbar.
- Netatmo public (@colinfrei - #15684) (sensor.netatmo_public docs) (new-platform)
- Add ecovacs component (@OverloadUT - #15520) (ecovacs docs) (vacuum.ecovacs docs) (new-platform)
- Add support for NOAA tide information (new PR) (@jcconnell - #15947) (sensor.noaa_tides docs) (new-platform)
- Hangouts (@hobbypunk90 - #16049) (hangouts docs) (notify docs) (new-platform)
- Fix trusted networks login error (@awarecan)
- Fix data_key override by parent class (@syssi - #16278) (binary_sensor.xiaomi_aqara docs)
- Fix error when vacuum is idling (@cnrd - #16282) (vacuum.xiaomi_miio docs)
- Correct wemo static device discovery issue. (@lamiskin - #16292) (wemo docs)
- Fix LIFX effects (@amelchio - #16309) (light.lifx docs)
- avoid error in debug log mode and rss entry without title (@exxamalte - #16316) (feedreader docs)
- Fix charts for climate devices (@jeradM)
- Fix header in Lovelace Glance cards (@balloob)
- Fix Profile page on Safari (@balloob)
- Fix redirect to login page on offline server (@balloob)
Frontend changes only:
- Ask “save login” after hass connected PR @awarecan
- Show an error when invalid client id or redirect uri PR @balloob
- Disable autocapitalization of username field PR @timmo001
- Upgrade MDI icons PR @balloob
- Update translations
Experiencing issues introduced by this release? Please report them in our issue tracker. Make sure to fill in all fields of the issue template.Read on →