babybuddy / babybuddy-for-android

Android client for the Baby Buddy webapp
MIT License
16 stars 6 forks source link

How to use the app with REVERSE_PROXY_AUTH #67

Open zjean opened 8 months ago

zjean commented 8 months ago

Hi, I am using the baby buddy web app configured with the REVERSE_PROXY_AUTH setting, to use my Authelia user header. How can I use this with the mobile app as well? It would need to know how to sign in to Authelia, and extract the header, I guess. Any ideas how I could setup this? Thanks for this great app!

MrApplejuice commented 8 months ago

Hello! First of all let me say that your setup seems to be very cool and advanced. I assume that you had to use a custom Django-config for this to work as well, is that correct?

Second, I unfortunately must say that I am not properly equipped to answer your question. I do not know how Authelia is handling authentication exactly and if the regular baby buddy authentication still is in-place? Normally, the app uses the username/password combo to do an initial login and then scrape the baby-buddy apptoken which then is used to access the app in the future.

The app does not (appear) to offer entering the apptoken directly, however, the QR-code scanner actually does this! So this is, if token authentication is still working for you(?), probably your best bet:

You could even manufacture your own QR code if you can provide some other means of authentication that is compatible with the babybuddy API access. The QR code is very much readable (JSON-)text. Here an example from my testservers:

BABYBUDDY-LOGIN:{"url":"http://localhost:9002/","api_key":"499856ac563097b26a161215f12e5913eb78637e","session_cookies":{}}

api_key is used for the traditional auth-header:

Authorization: Token 499856ac563097b26a161215f12e5913eb78637e

session_cookies is a bit of a crutch to allow the app to authenticate with homeassistant-ingress_servers. Kind of a crutch. But you can supply arbitrary cookies in that section which then will be sent alongside the Authorization header.

So, what I suggest is that you can try and populate your own QR-code here with the correct tokens etc and then try to login that way! I think it is unlikely at this point that I will have time or motivation to support a specialized authentication system that does not ship with babybuddy by default.