This page only apply to release 0.77 and above.
This is an advanced feature. If misconfigured, you will not be able to access Home Assistant anymore!
When a user logs in, it needs to authenticate against an auth provider. An auth provider will check the users’ credentials, and if credentials are linked to a user in the system, allows the user to log in.
By default, Home Assistant has enabled an auth provider that stores the users in the configuration directory. An owner account can manage these users from the frontend.
To make the transition from API password to authentication system easier, we’ve added a legacy API password auth provider. This enables users to log in with the API password. This authentication provider is enabled by default if a user has an API password configured.
Home Assistant automatically configures the standard auth providers and you do not need to specify
auth_providers in your
configuration.yaml file. Specifying
auth_providers in your configuration will disable all auth providers that are not listed and can reduce your security or create difficulties logging in.
Issue 16441: the legacy API password auth provider won’t be automatically configured if your API password is located in a package. This is because Home Assistant processes the
auth_provider during the
core section loading, which is earlier than the
Authentication providers are configured in your
configuration.yaml under the
homeassistant: auth_providers: - type: homeassistant - type: legacy_api_password
Below is a list of currently available auth providers.
This is the default auth provider which stores the users in your configuration directory. All passwords are stored hashed and with a salt, making it almost impossible for an attacker to figure out the password from the storage.
Users for this auth provider can be managed via the UI by the owner. Navigate to the configuration panel and click on users.
homeassistant: auth_providers: - type: homeassistant
With the trusted networks auth provider you can whitelist an IP range for which no authentication will be required. The user will be prompted to pick a user to log in as.
The multi-factor autentication module will not participate in login process by using this auth provider.
homeassistant: auth_providers: - type: trusted_networks # Temporary, this will be moved to be part of auth provider config # https://github.com/home-assistant/home-assistant/issues/16149 http: trusted_networks: - 127.0.0.1 - ::1 - 192.168.0.0/24 - fd00::/8
Activating this auth provider will allow you to authenticate with the API password set in the HTTP component.
homeassistant: auth_providers: - type: legacy_api_password http: api_password: !secret http_password
Activating this auth provider will also allow you to provide the API password using an authentication header to make requests against the Home Assistant API. This feature will be dropped in the future in favor of long-lived access tokens.