OAuth (including Google) redirection support #1719
Replies: 29 comments 13 replies
-
@Warstomper Do you get HA beta to even open a webview for the auth? I tried doing something similar with Cloudflare Access, and the HA app doesn't have any logic to trigger an auth screen as far as I've learned. |
Beta Was this translation helpful? Give feedback.
-
I got to the point where it loaded the google error message as seen in the linked blogpost atleast, as I let nginx first force the auth via a 302 redirect. |
Beta Was this translation helpful? Give feedback.
-
@torarnv May be able to provide a update on this one. Turns out there was a implementation issue with HA front end which I believe he has already gotten a fix merged for? |
Beta Was this translation helpful? Give feedback.
-
Actually this issue is due to Google not allowing just any user-agent to do the oauth flow. The HA issue i fixed in the frontend was after oauth successfully completed. I got around this issue by overriding the user-agent: self.webView.customUserAgent = "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36" Since WKWebView doesn't allow custom headers for subresource requests this was the only option. I now have a mix of:
|
Beta Was this translation helpful? Give feedback.
-
Just ran into this issue as well. Trying to use google oauth via 302 redirect on my nginx ingress. |
Beta Was this translation helpful? Give feedback.
-
I ran into this as well. It seems like the pop-up web view in the iOS app is using some old libraries. I'm not a mobile developer so I'm not sure that I can help, but I imagine there should be a better web view that can be used. Many apps are able to use the Google OAuth flow. |
Beta Was this translation helpful? Give feedback.
-
Anyone know of any progress on this? It's still a problem on both ios and android. Or have people given up on using oauth in front? |
Beta Was this translation helpful? Give feedback.
-
+1 - in my use case I am setting up a Cloudflare tunnel with an on-prem Authelia service. Did not succeed due to the limitation. As a workaround I have setup a VPN which automatically creates a VPN connection towards home, as soon as my WiFi connection is lost. Unfortunately this requires portforwarding on my router to work, which I was hoping to eliminate. |
Beta Was this translation helpful? Give feedback.
-
I also ran into this issue while using Cloudflare Zero Trust Access and am looking forward to adding support. |
Beta Was this translation helpful? Give feedback.
-
I also tried to add this to Cloudflare tunnel for security and it failed. |
Beta Was this translation helpful? Give feedback.
-
One more upvote here. Using Authentik as IdP |
Beta Was this translation helpful? Give feedback.
-
One more up for Cloudflare Zero Trust Access and authelia/authentik 😉 |
Beta Was this translation helpful? Give feedback.
-
And one for me using a Cloudflare ZeroTrust tunnel and Google OAuth. |
Beta Was this translation helpful? Give feedback.
-
This has my vote too! Please. |
Beta Was this translation helpful? Give feedback.
-
Me too - I just changed all my hosts chalanged from emailed pin to google oauth2 and everything is working except the homeassistant i[phone app - for the same reasons above. yes - I can use a safari generated saved 'app' for access, but its not as good as the real thing. |
Beta Was this translation helpful? Give feedback.
-
I am interested in this feature. I have a Cloudflare tunnel serving access to my Home Assistant server and it authenticates me via Azure AD. |
Beta Was this translation helpful? Give feedback.
-
This has been an open issue for 3 years. I bet devs feel this is a corner case and we should use HA Cloud instead. Seems like using github as an auth agent, if that's an option, can help. Would be nice if they simply implemented the right browser agent instead, seems fairly straightforward as described in the comments on this thread here https://stackoverflow.com/questions/69370491/you-cant-sign-in-from-this-screen-because-this-app-doesnt-comply-with-googles |
Beta Was this translation helpful? Give feedback.
-
I ran into this issue as well when implementing Authentik for my home systems. It works great on any browsers, but I've just discovered the iOS companion app is now broken, even though all the authentication steps worked fine. I would really love to have the option of using an authentication system. |
Beta Was this translation helpful? Give feedback.
-
+1 for this. I'd be happy if anyone figured out a workaround. Is there for instance a way to add a device to any biomass policies? |
Beta Was this translation helpful? Give feedback.
-
The update in the unraid App Store is working fine. Just had a popup 2fa on iPhone and I said ok and did nothing with the code. All working fine. |
Beta Was this translation helpful? Give feedback.
-
+1 for the solution |
Beta Was this translation helpful? Give feedback.
-
Same here, iOS, ZeroTrust, and GitHub identity provider |
Beta Was this translation helpful? Give feedback.
-
Same here, iOS, Cloudflare Zero Trust... |
Beta Was this translation helpful? Give feedback.
-
To folks here who can log in through the web but not from the iOS app due to NSCocoaErrorDomain 3840, I am using Authentik and was able to solve this by excluding the HA /api path. Hope this helps someone. Cheers. |
Beta Was this translation helpful? Give feedback.
-
would like to see this implemented as well. |
Beta Was this translation helpful? Give feedback.
-
It looks as though this issue has been fixed. I use the Cloudflared add-on to create the tunnel and have then enabled two factor authentication using Cloudflare Zero Trust. I can use the iOS Home Assistant app remotely. The only issue is I must use another device to retrieve the authentication code as the authentication process resets if I switch between the HA application and my email program. |
Beta Was this translation helpful? Give feedback.
-
I am using CloudFlare ZTNA + GitHub auth. I still have this issue. |
Beta Was this translation helpful? Give feedback.
-
I’d love this to work. |
Beta Was this translation helpful? Give feedback.
-
another one for using a Cloudflare ZeroTrust tunnel and Google OAuth. |
Beta Was this translation helpful? Give feedback.
-
I have been trying to secure my various webapps (like home assistant) using https://github.com/vouch/vouch-proxy. Mostly, this is working fine fom browsers, however, I can't seem to get it to work with the HA app (I am running the latest beta). The error mentioned in the following article is observed:
https://blog.cloudrail.com/solving-disallowed_useragent-for-google-services/
From my limited knowledge, I understand that the User Agent being used by the app is basically blacklisted by google for these kinds of authentications and it could be only a matter of changing the uer-agent as mentioned here:
https://stackoverflow.com/questions/40591090/403-error-thats-an-error-error-disallowed-useragent
Would this be something that's possible to add/support?
Thanks a lot in advance.
Beta Was this translation helpful? Give feedback.
All reactions