I personally don't think this is that big of a deal especially since I have a randomly generated password and two factor turn on my home assistant account. However more security options is never a bad thing.
how does the server identify that the user has logged in to decide whether to serve the page or not? is it cookies? I thought a site had to at least load to get hold of that data but I guess have to be wrong
I think it first tries to authenticate you using an existing token. If it does not work, it will go to login to check your credentials and generate new token. So you does not login each time, the browser does not send your username/password/MFA. Server keeps a list of valid tokens in /profile/security. And when you authenticate, the browser and server exchange encrypted messages to validate the token.
@@shailukov7440 No, it will work for local reverse proxy too, but you will have to configure that (YAML). It will apparently still make some time, it is rather complex, they need to make significant changes to the mobile apps.
Last minute change, this will not be included in 2024.5.0, it is pulled back from the beta, and will come in a later release. Sorry!
Great information. Thanks!
Thanks for sharing.
I apologize if you already talked about it, but how about Cloudflare tunnels?
I personally don't think this is that big of a deal especially since I have a randomly generated password and two factor turn on my home assistant account. However more security options is never a bad thing.
how does the server identify that the user has logged in to decide whether to serve the page or not? is it cookies?
I thought a site had to at least load to get hold of that data but I guess have to be wrong
I think it first tries to authenticate you using an existing token. If it does not work, it will go to login to check your credentials and generate new token. So you does not login each time, the browser does not send your username/password/MFA. Server keeps a list of valid tokens in /profile/security. And when you authenticate, the browser and server exchange encrypted messages to validate the token.
Interesting to see when it will be published.
Does it means that it will work for home assistant cloud only?
@@shailukov7440 No, it will work for local reverse proxy too, but you will have to configure that (YAML). It will apparently still make some time, it is rather complex, they need to make significant changes to the mobile apps.
@bruxy70 what is the difference between webui to the mobile app connection?
@@shailukov7440 They switch between local access and internet. This is where the issue is. When you left home, the mobile app stopped working.