Login attempt or request with invalid authentication

[TheLion]

The problem

Since a couple of days, I get the following error when opening the app when I'm at home. In this case on my iPad, but also happens on my iPhone.

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:128
integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/core/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22))
First occurred: 11:08:24 (2 occurrences)
Last logged: 15:31:55

Login attempt or request with invalid authentication from Tijns-iPad-2023.fourpets.net (192.168.xxx.121). Requested URL: '/api/websocket'. (Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Home Assistant/2024.3 (io.robbie.HomeAssistant; build:2024.608; iPadOS 17.4.1) Mobile/HomeAssistant, like Safari)

The app the displays an "unable to connect" screen with a countdown from 60 to 0.

When I close the app and start it gain, it connects without issues.

What version of Home Assistant Core has the issue?

core-2024.3.3

What was the last working version of Home Assistant Core?

Not sure if it is since the update

What type of installation are you running?

Home Assistant OS

Integration causing the issue

No response

Link to integration documentation on our website

No response

Diagnostics information

No response

Example YAML snippet

No response

Anything in the logs that might be useful for us?

No response

Additional information

No response

[home-assistant[bot]]

Hey there @home-assistant/core, mind taking a look at this issue as it has been labeled with an integration (http) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of http can trigger bot actions by commenting:

• @home-assistant close Closes the issue.
• @home-assistant rename Awesome new title Renames the issue.
• @home-assistant reopen Reopen the issue.
• @home-assistant unassign http Removes the current integration label and assignees on the issue, add the integration domain after the command.
• @home-assistant add-label needs-more-information Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue.
• @home-assistant remove-label needs-more-information Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

_{^{(message by CodeOwnersMention)}}

---

http documentation http source _{^{(message by IssueLinks)}}

[don66]

Hey. Confirm; I get the same error on my installation, behaving the same way.

Logger: homeassistant.components.http.ban Source: components/http/ban.py:128 integration: HTTP (documentation, issues) First occurred: 31 March 2024 at 08:14:25 (6 occurrences) Last logged: 09:30:25

Login attempt or request with invalid authentication from 192.168.X.55 (192.168.X.55). Requested URL: '/api/websocket'. (Mozilla/5.0 (iPhone; CPU iPhone OS 17_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Home Assistant/2024.3 (io.robbie.HomeAssistant; build:2024.608; iOS 17.4.1) Mobile/HomeAssistant, like Safari)

Note: When I try to modify the internal URL to for instance http://homeassistant.local:8123 I get: "Error Saving URL The operation couldn't be completed. No space left on device!

[MacHannes]

Same same.

[mariuszxeno]

I also confirm that there is an error.

`Rejestrator: homeassistant.components.http.ban Źródło: components/http/ban.py:128 integracja: HTTP (dokumentacja, Problemy) Pierwsze zdarzenie: 00:48:53 (633 zdarzenia) Ostatnio zalogowany: 08:51:40

Login attempt or request with invalid authentication from 192.168.x.7 (192.168.x.7). Requested URL: '/api/websocket'. (Home Assistant/2024.1.5-12102 (Android 13; motorola edge 30 neo)) Login attempt or request with invalid authentication from 192.168.x.69 (192.168.x.69). Requested URL: '/api/websocket'. (Home Assistant/2024.1.5-12102 (Android 13; motorola edge 30 neo))`

[TerryRhodes]

Same issue for me on my GalaxyWatch:

Logger: homeassistant.components.http.ban Source: components/http/ban.py:138 integration: HTTP (documentation, issues) First occurred: 7:17:22 PM (3 occurrences) Last logged: 7:21:25 PM

Login attempt or request with invalid authentication from GalaxyWatch-62EC.localdomain (192.168.xxx.xxx). Requested URL: '/api/states'. (Mozilla/5.0 (Linux; Tizen 5.5; SAMSUNG SM-R805U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.106 Mobile Safari/537.36)

[Noirbonn666]

Same here ... Iphone

[steffenhoelle]

Same here!

[watzupmark]

Similar issue for me started tonight:

Log details (WARNING) Logger: homeassistant.components.http.ban Source: components/http/ban.py:138 integration: HTTP (documentation, issues) First occurred: 9:28:57 PM (86 occurrences) Last logged: 10:19:06 PM

Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/auth/token'. (Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36) Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/auth/token'. (Home Assistant/2024.3 (io.robbie.HomeAssistant; build:2024.608; iOS 17.3.1) Alamofire/5.8.0)

[omakoti]

I'm getting a warning like this on my samsung tablet using fully kiosk app:

Logger: homeassistant.components.http.ban Source: components/http/ban.py:138 integration: HTTP (documentation, issues) First occurred: 10:11:58 (8 occurrences) Last logged: 10:30:42

Login attempt or request with invalid authentication from 192.168.2.109 (192.168.2.109). Requested URL: '/media/local/sounds/temp/chime_tts/cov73spj.mp3?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhYWJhYzczNjhkNWM0MTJlYjk2MmVkZjQwMTQyODI1ZiIsInBhdGgiOiIvbWVkaWEvbG9jYWwvc291bmRzL3RlbXAvY2hpbWVfdHRzL2Nvdjczc3BqLm1wMyIsInBhcmFtcyI6W10sImlhdCI6MTcwNzMxODQ3MiwiZXhwIjoxNzA3NDA0ODcyfQ.4sip82ggs0WAUnbCb70T3tHasQtlTx6NJxJIU5Yfeyk'. (Lavf/60.3.100)

[dennis07527]

Same problem. It started about a week ago (v2024.4.0)

[kjurcik]

Hi there, Same started after upgrade of HA last night with following , similar error comparable in the thread: Logger: homeassistant.components.http.ban Zdroj: components/http/ban.py:138 Integrácia: HTTP (dokumentácia, problémy) Prvýkrát sa vyskytol: 22:54:08 (1 výskytov) Naposledy prihlásený: 22:54:08

Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/auth/token'. (Home Assistant/2024.1.5-12102 (Android 13; IN2015))

[kjurcik]

Seems like an issues from 2024.4 ver.

[TheLion]

Seems like an issues from 2024.4 ver.

No, I already had the issue with 2024.3.3

[dshokouhi]

pretty sure this issue has been around a lot longer than when this was posted. Kinda comforting to see iPad has the same issue. I am closing the android bug in favor of this one.

[patienttruth]

I'm getting a warning like this on my samsung tablet using fully kiosk app:

Logger: homeassistant.components.http.ban Source: components/http/ban.py:138 integration: HTTP (documentation, issues) First occurred: 10:11:58 (8 occurrences) Last logged: 10:30:42

Login attempt or request with invalid authentication from 192.168.2.109 (192.168.2.109). Requested URL: '/media/local/sounds/temp/chime_tts/cov73spj.mp3?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhYWJhYzczNjhkNWM0MTJlYjk2MmVkZjQwMTQyODI1ZiIsInBhdGgiOiIvbWVkaWEvbG9jYWwvc291bmRzL3RlbXAvY2hpbWVfdHRzL2Nvdjczc3BqLm1wMyIsInBhcmFtcyI6W10sImlhdCI6MTcwNzMxODQ3MiwiZXhwIjoxNzA3NDA0ODcyfQ.4sip82ggs0WAUnbCb70T3tHasQtlTx6NJxJIU5Yfeyk'. (Lavf/60.3.100)

I came here to post about a similar issue. In my case it's also chime_tts. The IP getting flagged is the HAOS server itself which doesn't quite make sense to me. Chime_tts appears to work still, however maybe it's unable to reuse it's .mp3s or something.

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:138
integration: HTTP (documentation, issues)
First occurred: 09:17:59 (7 occurrences)
Last logged: 10:03:05

Login attempt or request with invalid authentication from HAOS (192.168.LAN.17). Requested URL: '/media/local/sounds/temp/chime_tts/5h3yyb7o.mp3?authSig=token'. (Lavf/60.3.100)

[JPZV]

I'm having the same issue. Same logs and message from the HomeAssistant portal, and from the phone (Android) it says "Failed to perform SSL handshake, please ensure your certificate is valid" after introducing the device name and enabling background location service. I know my server is well configured and working, including the HTTPS module (reverse proxy from apache), because I can login from the app (but it fails at the mentioned step and then log me out immediately), and because I can log in from the browser in both my phone (with and without WiFi) and from my computer.

So, my guess is there an issue from the last update, because yesterday it was working correctly (though this issue has two weeks now)

[sven-debug]

Same here. Issue started today. Can I provide something to a possibel resolution?

[Strega-Technologies]

Happy I am not alone: same here, coming from one of my two Fire Tablets ! Using Fully Kiosk. It started to happen a few days ago. My Fire tablet has now difficulties to show my dashboards...

**

Logger: homeassistant.components.http.ban Source: components/http/ban.py:138 integration: HTTP (documentation, issues) First occurred: 11:23:33 (4 occurrences) Last logged: 13:25:53

Login attempt or request with invalid authentication from 192.168.50.94 (192.168.50.94). Requested URL: '/api/webrtc/ws?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIyODQxYTExM2M5ZGI0YTkyYTRkODdkMTFmZTJiNGQxMCIsInBhdGgiOiIvYXBpL3dlYnJ0Yy93cyIsInBhcmFtcyI6W10sImlhdCI6MTcxMzQzMjExMiwiZXhwIjoxNzEzNDMyMTQyfQ.-q-p5nvbyS65LWaFT-SsvIstomHm5TyGaFBfvEhbvlw&url=rtsp%3A%2F%2Fdom3711%3Adom3711%40192.168.3.113%2Faxis-media%2Fmedia.amp%3Fvideocodec%3Dh264'. (Mozilla/5.0 (Linux; Android 9; KFTRWI Build/PS7329.3836N; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/114.0.5735.220 Safari/537.36) Login attempt or request with invalid authentication from 192.168.50.94 (192.168.50.94). Requested URL: '/api/webrtc/ws?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIyODQxYTExM2M5ZGI0YTkyYTRkODdkMTFmZTJiNGQxMCIsInBhdGgiOiIvYXBpL3dlYnJ0Yy93cyIsInBhcmFtcyI6W10sImlhdCI6MTcxMzQzNzYwOSwiZXhwIjoxNzEzNDM3NjM5fQ.SLGBMXme0d0jGS5pepULp-8ZqtJeI79kkdO-42L-FSU&url=rtsp%3A%2F%2Fdom3711%3Adom3711%40192.168.3.113%2Faxis-media%2Fmedia.amp%3Fvideocodec%3Dh264'. (Mozilla/5.0 (Linux; Android 9; KFTRWI Build/PS7329.3836N; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/114.0.5735.220 Safari/537.36) Login attempt or request with invalid authentication from 192.168.50.94 (192.168.50.94). Requested URL: '/api/webrtc/ws?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIyODQxYTExM2M5ZGI0YTkyYTRkODdkMTFmZTJiNGQxMCIsInBhdGgiOiIvYXBpL3dlYnJ0Yy93cyIsInBhcmFtcyI6W10sImlhdCI6MTcxMzQzOTM0MiwiZXhwIjoxNzEzNDM5MzcyfQ.rZjQnx8fO4QdPi5UiWs75UpwHTKFEwE-XMI5VN5z9Tc&url=rtsp%3A%2F%2Fdom3711%3Adom3711%40192.168.3.113%2Faxis-media%2Fmedia.amp%3Fvideocodec%3Dh264'. (Mozilla/5.0 (Linux; Android 9; KFTRWI Build/PS7329.3836N; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/114.0.5735.220 Safari/537.36) Login attempt or request with invalid authentication from 192.168.50.94 (192.168.50.94). Requested URL: '/api/webrtc/ws?authSig=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIyODQxYTExM2M5ZGI0YTkyYTRkODdkMTFmZTJiNGQxMCIsInBhdGgiOiIvYXBpL3dlYnJ0Yy93cyIsInBhcmFtcyI6W10sImlhdCI6MTcxMzQzOTUwMiwiZXhwIjoxNzEzNDM5NTMyfQ.qqcaYLlItVUKGdlF4WWVzikPQ3PXOWNEaDJAz39Pdvo&url=rtsp%3A%2F%2Fdom3711%3Adom3711%40192.168.3.113%2Faxis-media%2Fmedia.amp%3Fvideocodec%3Dh264'. (Mozilla/5.0 (Linux; Android 9; KFTRWI Build/PS7329.3836N; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/114.0.5735.220 Safari/537.36)

**

[MaBeniu]

I used to get this once in a day or so. I use android companion app that also is deployed on android watch. recently I started getting this more often and even with IP ban. something has changed really :(

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:138
integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/core/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22))
First occurred: 7:54:29 AM (3 occurrences)
Last logged: 9:27:46 AM

Login attempt or request with invalid authentication from md-hiddenIP (hiddenIP). Requested URL: '/api/states/switch.sonoff_hidden'. (Home Assistant/2024.4.1-12576 (Android 13; SM-R890))
Login attempt or request with invalid authentication from md-hiddenIP (hiddenIP). Requested URL: '/api/websocket'. (Home Assistant/2024.4.1-12576 (Android 13; SM-R890))

[MaBeniu]

Yesterday did clean app onboarding (cleared app cache and data), removed app device in HA. then logged in as new in the android app. added different - new device name. configured app as needed.

today during the day I got again two occurrences of the same error:

Login attempt or request with invalid authentication from md-hiddenIP (hiddenIP). Requested URL: '/api/states/switch.sonoff_hidden'. (Home Assistant/2024.4.1-12576 (Android 13; SM-R890))

both events occurred while being stationary in one place and not interacting with HA.

another example if ip ban is not enabled, withing 25seconds 49 retries and afterwards all works as normal:

Logger: homeassistant.components.http.ban
Source: components/http/ban.py:138
integration: HTTP ([documentation](https://www.home-assistant.io/integrations/http), [issues](https://github.com/home-assistant/core/issues?q=is%3Aissue+is%3Aopen+label%3A%22integration%3A+http%22))
First occurred: 7:11:09 PM (49 occurrences)
Last logged: 7:11:34 PM

Login attempt or request with invalid authentication from md-hiddenIP (hiddenIP). Requested URL: '/api/websocket'. (Home Assistant/2024.4.1-12576 (Android 14; RMX3301))

[Strega-Technologies]

Has ayone found a solution or workaround on this authentication issue ? I can now barely get my Fire tablet connect to HA now and even a full reboot on both the server or the tablet does not help... How does this work exactly when we post something on this GITHUB page ? will anyone from the HA development team have access to it or will take care of it ? Thanks for your help.

[MaBeniu]

It seems HA support gets similar to standard corporate support experience. I have seen a lot of responses on issues reported here but in this thread it is 0 attention :( Super demotivating, I start thinking disabling bad login attempts ban feature. As I have tried a lot of different things nothing helped and it happens for all app connected devices in my case. @frenck any escalation would be appreciated to someone at least to read and help debug.

[Strega-Technologies]

Thank you @MaBeniu, for your reply. Thing is that I really don't understand why this suddenly happened : first ennoying misbehaviour in 16 months of (succesful) operation of HA. Now that I have really a lot of things onto it, I feel embarrassed by no longer accessing one of my tablet. This being said - and if it can help anyone - I created a new user with new credentials and modified Fully Kiosk to log-in with the new ID. So far, no authentication ban, so good. Will let it run for sometime and will tell if stable or not. It is frustrating not knowing what caused such issue, though.

[yorb]

This just started happening to me yesterday, HA 2024.5.2. First I was getting a certificate error, but after renewing that everything worked again except an Android tablet I use as a wall panel that was getting the error reported in this thread.

I tried all kinds of things, but ultimately what resolved the issue was clearing app data for the companion app on that device.

To be clear, I tried many other things first with no success: clearing cache, rebooting the tablet, restarting HA, etc.

[extREHM]

I have the same error. But I think it's due to the user account. The error occurs on the computer and on the Android smartphone.

[chipsfrisch]

I have the same problem(s). Lokal Access is working. But if i try from phone with external net neither the App nor the browser with cloudflare Tunnel is working. Tried many Things. Also a new user. Nothing helps.

Edit: perhaps a problem with a new phone or an update of core or app.

[afya]

Encountering the same issue signing in from a new phone. The account was working on old device. Tried clearing data or even reinstalling the Android app but no success. I even reset the user password to ensure the credential to be correct.

[sephrioth]

Have the same issue. I use an external proxy to access HA, Chrome works good, but Safari (macOS) always failed.

WebSocket connection to 'ws://xxxx:8123/api/websocket' failed: There was a bad response from the server.

[Lesswood2322]

Same problem here. Works OK on Chrome and iPhone but iPad is problematic after running fine for years. Think it is since I updated to 2024.5 I tried to create new user, new people etc and restarted HA a number of times but keep getting same problem that the app on the iPad keeps logging out after a while. The log shows this: Logger: homeassistant.components.http.ban Source: components/http/ban.py:138 integration: HTTP (documentation, issues) First occurred: 24 May 2024 at 12:14:27 (2810 occurrences) Last logged: 09:07:25

Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/auth/token'. (Home Assistant/2024.4 (io.robbie.HomeAssistant; build:2024.624; iOS 17.4.1) Alamofire/5.8.0) Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/auth/token'. (Home Assistant/2024.4 (io.robbie.HomeAssistant; build:2024.624; iOS 17.5.1) Alamofire/5.8.0) Login attempt or request with invalid authentication from localhost (127.0.0.1). Requested URL: '/auth/token'. (HomeAssistant-Extensions-PushProvider/2024.4 (io.robbie.HomeAssistant.PushProvider; build:2024.624; iOS 17.5.1) Alamofire/5.8.0) Login attempt or request with invalid authentication from 192.168.2.75 (192.168.2.75). Requested URL: '/auth/login_flow/7b7294bee17aade521c53fa52c42ff7c'. (Mozilla/5.0 (iPad; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148) Login attempt or request with invalid authentication from 192.168.2.75 (192.168.2.75). Requested URL: '/auth/login_flow/a4dd720d61864c7b8a02dcbac4300d26'. (Mozilla/5.0 (iPad; CPU OS 17_5_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148)

[chipsfrisch]

Solved my problem!

I don't know why, but my user charged the setting Login only with local network To true. Don't know if this translation of user settings is correct. Perhaps the screenshot and this hint helps!