Consider switching to use a Python eero client to enable adding new features more easily

[rsnodgrass]

Depends on whether these start being actively developed.

For example, see: https://github.com/343max/eero-client

[jrlucier]

This uses a derivative client of that, for simplicity. If we want to expose more things, we're going to need a fairly robust rewrite.

Initially it was keeping things simple and doing one thing well, lol. I support the idea, but we'll need quite a few devs to reverse engineer the APIs even further. :)

[rsnodgrass]

Lol. Yes. Keep it simple is great!

Though the eero client has some additional functionality this last year. I’d suggest we just add whatever enhancements they introduce that make sense.

When I have time, I’m happy to eventually contribute any that I would find useful and use (like pausing family profiles)...profiles are inline with device tracking it feels so we wouldn’t be branching out too far.

Hope my documentation edits/etc were fine. I went a bit crazy editing this morning.

[rsnodgrass]

Out of curiosity, why the extra step for generating the eero.session using an external script vs directly configuring in YAML the eero username & password (using HA secrets model)? This extra step just makes it a bit harder to install (at least for those who want to add as an add-on or may not be installing via the command line)...for a potentially very minimal (if any) security increase.

[jrlucier]

The session key that comes out of that script gets updated periodically during the polling of the API. Traditionally it would go into the YAML but it's a big security issue if the app is writing/updating to the YAML on your behalf. Let alone it could create an overwrite condition where I write over top of your changes with a stale copy if we're updating the file at the same time.

It's far from ideal, but it's the closest I could come up with given the design of the API and HA :(

[rsnodgrass]

Sorry, I meant having the username and password in the YAML (with the password in secrets.yaml). When eero starts up, it would generate a new session key by logging in. Most other modules I see login upon startup, with password recommended to be stored in secrets.yaml.

On Tue, Jan 14, 2020 at 4:22 PM jrlucier notifications@github.com wrote:

The session key that comes out of that script gets updated periodically during the polling of the API. Traditionally it would go into the YAML but it's a big security issue if the app is writing/updating to the YAML on your behalf. Let alone it could create an overwrite condition where I write over top of your changes with a stale copy of we're hosting the file at the same time.

It's far from ideal, but it's the closest I could come up with given the design of the API and HA :(

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/jrlucier/eero_tracker/issues/18?email_source=notifications&email_token=AAQY4XH2BSAPNEGLMMJPL6DQ5ZJL7A5CNFSM4KD5MIRKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEI6TP4Y#issuecomment-574437363, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQY4XEOA264UQC3VYIUO63Q5ZJL7ANCNFSM4KD5MIRA .

[jrlucier]

Eero requires secondary validation via email or phone number (2 factor authentication) to validate a login. There's no support in HA for an interactive login. So the init script will request a login to eero given your phone or email, and they'll SMS/email you a confirmation pin which you then give it to get the initial session token.

[rsnodgrass]

I wonder if this is something that can be added to a config_flow within Home Assistant, so that the confirmation PIN can be entered in the Home Assistant UI.

[coelholm]

I remember that device tracker for Apple iCloud asks for a code using HA UI. It might be an option to this interactive login issue. Hope it helps.

[

If two-step authentication is enabled for your iCloud account, some time after Home Assistant startup the integration will ask which device you want to use as the Trusted Device via a notification in the Home Assistant UI. The integration will send an SMS prompt to that device with the auth code to enter in Home Assistant. The duration of this authentication is determined by Apple, but is currently 2 months, so you will only need to verify your account every two months.

] https://www.home-assistant.io/integrations/icloud/