Skipping Token with trusted_networks

[BenediktAllendorf]

Hey everyone,

I am working on an easy (dev) setup using docker-compose. For that, I would like to have the app-daemon connect to my home-assistant instance without configuring anything more (i.e., the access token).

I thought this might be possible with the trusted_networks-configuration, but I'm getting only errors indicating the authorization did not work: AD: WARNING HASS: Disconnected from Home Assistant, retrying in 5 seconds HA: Disconnected: Did not receive auth message within 10 seconds

Access without login does work in my browser, though.

So my question is: should this work (given the configuration is correct)? If not, is this a limitation of HA or AD (and would it technically be possible to implement such a thing)?

---

I have the following configuration in HA:

homeassistant:
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 192.168.0.0/24
        - 172.0.0.0/8
        - 127.0.0.1
        - ::1
    - type: homeassistant

AppDaemon:

appdaemon:
[...]
  plugins:
    HASS:
      type: hass
      ha_url: http://homeassistant:8123
      token:
http:
  url: http://localhost:5050

And my docker-compose looks like this:

[...]
homeassistant:
  container_name: homeassistant
  image: homeassistant/home-assistant
  volumes:
    - ${DATA_PATH}/homeassistant:/config
    - /etc/localtime:/etc/localtime:ro
  restart: unless-stopped
  ports:
    - "8123:8123"
  privileged: true

appdaemon:
  container_name: appdaemon
  restart: unless-stopped
  image: acockburn/appdaemon:latest
  privileged: true
  depends_on:
    - homeassistant
  environment:
    - HA_URL=http://homeassistant:8123
    - DASH_URL=http://localhost:5050
  ports:
    - "5050:5050"
  volumes:
    - ${DATA_PATH}/appdaemon:/conf

[ReneTode]

im not sure if HA allows it at all to work completely without tokens nowadays (there are no tokens setup at all in your HA?) but if its allowed i think the reason could be that you did provide the keyword token.

   HASS:
      type: hass
      ha_url: http://homeassistant:8123
      token:

is the same as

   HASS:
      type: hass
      ha_url: http://homeassistant:8123
      token: ""

which is different then providing no token at all which would be

   HASS:
      type: hass
      ha_url: http://homeassistant:8123

[BenediktAllendorf]

Thank you for the reply!

You're right, that makes a difference - but only in the error messages ("no auth" vs. "invalid auth").

I have had a look at HA's WebSocket code, and a connection seems to be coupled to a specific user (even though I do not get why this is, and it should not be necessary for AD?). Of course, this user must be selected somehow, and for that, an access token is needed. Even if I could get around that, I'd still need an active user in HA.

So, this is a HA limitation, and I guess the best way to deal with it is to have data for a "dev setup" (e.g., users, tokens) and copy it every time I want to create a new dev instance. It seems a bit cumbersome, though, as I can't have "the infrastructure" (i.e., HA, Z2M, AD) entirely set up without entering data (i.e., users).

[ReneTode]

the HA devs made sure that you use security, if you like it or not. connecting AD to HA always needed a password or token ( i tried it without years ago, even before they had tokens) its an external program and they dont allow it without security.

there is 1 way though, that is by using the addon. that creates the token automaticly and when you use the addon you dont need to give token or url.