search

BeryJu / hass-auth-header

Home Assistant custom component, which allows you to delegate authentication to a reverse proxy.
GNU General Public License v3.0
257 stars 19 forks source link

Mobile app support? #124

Open patrik996 opened 2 years ago

patrik996 commented 2 years ago

I just setup auth_header with use of swag and Authelia authentication. It works fine in the browser but on the mobile companion app it just gets a black screen when i try to set it up.

Is the mobile app not supported?

fservida commented 2 years ago

I'm using it successfully with the app, however I had to protect only a very specific subset of the proxy, else every request will have to be authorized which breaks the API (at least I think) Maybe try something like this (adapted to Authelia, I use Apache with Shibboleth): image

anthr76 commented 2 years ago

im also facing this issue with ingress-nginx on kubernetes

BeryJu commented 2 years ago

I've not had to do anything custom, the App just works for me (using authentik as IDP, envoy/istio ingress on k8s and using proxy mode for HASS)

AngellusMortis commented 2 years ago

I had to wipe the data for my app to get it to work (on Android 12). Otherwise, it would try to open a browser and never work.

jimz011 commented 2 years ago

I can't get this to work, it will always try to open the browser (even after clearing the app as @AngellusMortis mentioned). Anyone that can tell me what they did perhaps?

hacker1024 commented 2 years ago

https://github.com/authelia/authelia/issues/1842#issuecomment-977695269

ajvpot commented 2 years ago

This is an issue with the app, https://github.com/home-assistant/android/issues/1438

Thesola10 commented 2 years ago

Try this, it works for me with the app: https://github.com/home-assistant/android/issues/1438#issuecomment-1244106690

christiaangoossens commented 1 year ago

@BeryJu By any chance, do you use iOS for HA app? Reading around a bit it seems that the iOS app works (although config is not easy, you should only proxy /auth), but that the Android app uses a really old Webview that makes Authentik impossible to use.

For me on Android, if you reset all data for the HA app and enter the URL (with Authentik Proxy configured), it shows Authentik in messed up state without FIDO2 support.

Seems more like a badly designed app, using old Android Webviews instead of Chrome Custom Tabs.

Conclusion, if you use 2FA and/or Android, this does not seem like a good route until HA gets their #$@ together and implements proper external OpenID Connect into their app.