Authelia Authentication fails inside iOS app (required key not provided)

[LeehamElectronics]

iOS device model, version and app version

Model Name: iPhone 8 Plus Software Version: iOS 15.2.1 App version: 2022.3

Home Assistant Core Version

core-2022.4.2

Describe the bug When using Authelia to manage authentication on nginx reverse proxy, the Home Assistant app fails to authenticate through Authelia when using the iOS app. Authentication works perfectly when accessing Home Assistant through the Safari app on iOS, this issue only effects the app and its attempt to allow HTTPS extra authentication. I also tried authenticating in Safari with HA / Authelia and pressing "remember me" in both services, and yet when I try to sign in via the app, I am always prompted for a login despite the fact that my device is already authenticated in Safari.

To Reproduce Setup Authelia service to protect your Home Assistant domain with 1FA or 2FA (doesn't make a difference), open iOS app, input Home Assistant domain name, press connect, Authelia prompt shows up, log in, an error message is displayed, "Error: Message format incorrect: required key not provided @ data['client_id']"

Expected behaviour After logging into Authelia, the app should redirect and the user should be prompted to sign in with their Home Assistant account. A possible solution would be to either allow Authelia to "remember me" and not ask for a login when the user has already authenticated in Safara (which seems like an Authelia issue, but it only occurs in the Home Assistant app...) Alternativly there could be a way for Authelia to pass authentication to Home Assistant and bypass Home Assistant authentication all together while still allowing separate user accounts, however this would require a lot of work I assume. The real solution would of course be to patch whatever that error code means, but I wouldn't know where to start.

Screenshots

Additional context

Operating System: Home Assistant OS 7.6 (in a VM) supervisor-2022.04.0

Thanks for your help.

[LeehamElectronics]

Figured I would post an update from the iOS dev from Discord about this issue, here are some screenshots:

I'm not sure if this will get anywhere but I think it would be pretty great if it did work, I'm not really a fan of just putting Home Assistant or any service directly on the internet, even behind my reverse proxy. Is there anyone else out there trying to use this method to secure HA? If not, how are other people securing Home Assistant besides using a VPN? VPN is not really an option for me as I need to be connected to HA at all times on my iPhone for push notifications among other reasons.

[abayomi185]

I've been able to work around this by temporarily setting my home assistant address to bypass in the authelia config then doing the initial login into the app. After enabling authelia again, everything works as it should; authelia asks for verification on the main screen (Dashboard) of the app, I click `remember me' and it works.

[szethh]

I've been able to work around this by temporarily setting my home assistant address to bypass in the authelia config then doing the initial login into the app. After enabling authelia again, everything works as it should; authelia asks for verification on the main screen (Dashboard) of the app, I click `remember me' and it works.

This worked for me!

[wisbit]

I've had the same situation with Nextcloud. It was first behind authelia and worked great in a browser, but the nextcloud app would fail to access, and if it did, it didn't keep the info required to be kept logged in. The only way I was to bypass authelila and setup 2FA on nextcloud, it's not ideal, but it works.

That being said, I would love to be able to find a way to only bypass when using the app, I don't know if that could be implemented with the configuration.yml of Authelia.

[ohare93]

Same issue as wisbit. Wish there was a fix