[Notice] Deprecation/removal of password flow support from auth.tado.com

[mgmarino]

The problem

Hi, Mike from tado GmbH. We wanted to let you know that we will be removing support for the password flow on our Oauth server. We will be removing the functionality by ~~15 March 2025~~ 21 March 2025.

The replacement for this is to use the device code flow (for more info see here or here). This flow is more secure and more appropriate for dealing with use cases where there is limited access to a browser and/or there is no possibility to support the redirect in an authorization code flow (e.g. on the command line, in a script).

This can be used in tandem with the refresh token flow and must be in the case that you want to have long-lived access. Our current analysis finds that users using the password grant flow, including those through Home Assistant, do not, in general, use the refresh flow. This causes significant load on our servers because each password check requires expensive hash calculation.

For more information, see also this post on the tado support page.

Note, I've posted this also on the tado client currently being used by HA (see here also with a code snippet).

What version of Home Assistant Core has the issue?

core-*

What was the last working version of Home Assistant Core?

No response

What type of installation are you running?

Home Assistant OS

Integration causing the issue

tado

Link to integration documentation on our website

https://www.home-assistant.io/integrations/tado/

Diagnostics information

No response

Example YAML snippet

Anything in the logs that might be useful for us?

Additional information

No response

[home-assistant[bot]]

Hey there @erwindouna, mind taking a look at this issue as it has been labeled with an integration (tado) you are listed as a code owner for? Thanks!

Code owner commands

Code owners of tado can trigger bot actions by commenting:

• @home-assistant close Closes the issue.
• @home-assistant rename Awesome new title Renames the issue.
• @home-assistant reopen Reopen the issue.
• @home-assistant unassign tado Removes the current integration label and assignees on the issue, add the integration domain after the command.
• @home-assistant add-label needs-more-information Add a label (needs-more-information, problem in dependency, problem in custom component) to the issue.
• @home-assistant remove-label needs-more-information Remove a label (needs-more-information, problem in dependency, problem in custom component) on the issue.

_{^{(message by CodeOwnersMention)}}

---

tado documentation tado source _{^{(message by IssueLinks)}}

[erwindouna]

Thanks for reaching out, @mgmarino. We'll work this out and keep you posted about any progress.

[inverse]

What's the status of HA being ready for the API being turned off. I saw that https://github.com/wmalgadey/PyTado/releases/tag/0.19.0 was cut which includes the new flow changes but I guess some changes on HA side will be needed to be made to accommodate this.

e.g. token + refresh token will need to be stored on HA instead of user/pass due to the OAuth flow changes.

[mikelward]

It sounds like we're not ready? Can we reach back out to our Tado contact to let them know and ask for more time?

[mgmarino]

I have updated the referenced end date to correspond with the most recent communication to the customers (21 March 2025)

[erwindouna]

Development activities in HA have started. PR is coming. I have aligned with a Core Developer we get Priority on this PR. Also, additions in PyTado to properly return the access token and refresh token to HA and keep it updated, once PyTado is also underway.

[erwindouna]

PR has been made and already (sub)reviewed with a Core Developer. HA intends to push this in the Beta release, which will be on Wednesday. It should be included in the 2025.4 release, if I am not mistaken.

[mgmarino]

Thanks for the update, @erwindouna. We still need to remove the password flow this Friday. We will try to keep the refresh flow associated with this client open until the 2024.4 release. Keeping that open should allow users to continue using HA at least until a restart. For users who are forced to restart, then they should still have the option to use the Beta release.

[relighted]

I can at least confirm that you loose the tado device functions when you reboot today (21st) as other updates require it. Thanks for working this.

[Kraganov]

@erwindouna Thanks for working on this. Any idea on when this BETA release would be made available? Because I too lost my access to Tado from HA as previous post, which does break a lot of automation in my HA installation. Or if you know a workaround I'd be happy to hear it

[erwindouna]

@erwindouna Thanks for working on this. Any idea on when this BETA release would be made available? Because I too lost my access to Tado from HA as previous post, which does break a lot of automation in my HA installation. Or if you know a workaround I'd be happy to hear it

Unfortunately I don't know another workaround within HA. The refresh token would stay alive long enough when the 2024.4 would go alive. Only those installations that rebooted would potentially be impacted, regrettably. The Beta scheduled this Wednesday.

[derekoharrow]

Not a workaround per-se, but the Node Red Tado plugin has already been updated and works so you could use that

[Bamboooo67]

For me, an automatic reload of the integration was enough to destroy the connection 😕

[WhimsySpoon]

I restarted HA this morning, unaware of this issue. I didn't relish the thought of being without heading/hot water until Wednesday so I tried downloading the code in the open PR with a view to installing it as a custom_component.

Unfortunately for those considering this approach, it didn't work:

2025-03-21 09:27:29.593 ERROR (MainThread) [homeassistant.config_entries] Error setting up entry Home for tado
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/config_entries.py", line 753, in __async_setup_with_context
    result = await component.async_setup_entry(hass, self)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/tado/__init__.py", line 70, in async_setup_entry
    entry.data[CONF_REFRESH_TOKEN],
    ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
KeyError: 'refresh_token'
2025-03-21 09:27:33.859 DEBUG (MainThread) [custom_components.tado] Setting up Tado connection
2025-03-21 09:27:33.859 ERROR (MainThread) [homeassistant.config_entries] Error setting up entry Home for tado
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/config_entries.py", line 753, in __async_setup_with_context
    result = await component.async_setup_entry(hass, self)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/tado/__init__.py", line 70, in async_setup_entry
    entry.data[CONF_REFRESH_TOKEN],
    ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
KeyError: 'refresh_token'

[erwindouna]

I restarted HA this morning, unaware of this issue. I didn't relish the thought of being without heading/hot water until Wednesday so I tried downloading the code in the open PR with a view to installing it as a custom_component.

Unfortunately for those considering this approach, it didn't work:

2025-03-21 09:27:29.593 ERROR (MainThread) [homeassistant.config_entries] Error setting up entry Home for tado
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/config_entries.py", line 753, in __async_setup_with_context
    result = await component.async_setup_entry(hass, self)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/tado/__init__.py", line 70, in async_setup_entry
    entry.data[CONF_REFRESH_TOKEN],
    ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
KeyError: 'refresh_token'
2025-03-21 09:27:33.859 DEBUG (MainThread) [custom_components.tado] Setting up Tado connection
2025-03-21 09:27:33.859 ERROR (MainThread) [homeassistant.config_entries] Error setting up entry Home for tado
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/config_entries.py", line 753, in __async_setup_with_context
    result = await component.async_setup_entry(hass, self)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/config/custom_components/tado/__init__.py", line 70, in async_setup_entry
    entry.data[CONF_REFRESH_TOKEN],
    ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
KeyError: 'refresh_token'

That would require the latest PyTado as well. Which gives the device flow I built in.

[WhimsySpoon]

Good point. I guess doing this inside of an HAOS instance is going to be a pig to achieve.

[nickjuhhhh]

As i understand there is no work around at the moment and we need to wait for the pr to merge? Anything that can be done manualy?

[WhimsySpoon]

As I understand it, even with the PR merged, this won't be released until HA Core 2024.4 beta dropping next Wednesday, so it's going to be the better part of a week before it's resolved.

Looks like Node Red could be a work-around though.

[nickjuhhhh]

As I understand it, even with the PR merged, this won't be released until HA Core 2024.4 beta dropping next Wednesday, so it's going to be the better part of a week before it's resolved.

Looks like Node Red could be a work-around though.

Well i dont use nodered so i think i will pass that option :p

[EDelsman]

Thanks for your hard work! Another workaround might be to use homekit. but it is more limited. And less reliable. At least it aknowledges this is hell:

Most things work though :-)

[Aham330]

Plus the homekit solution is local.

[WhimsySpoon]

I'd love to use the local Homekit support, but unfortunately the water heater add on was never supported.

[CristianGonzalezFernandez]

Hi @erwindouna, could you confirm me what is going to be needed when you say: "It should be included in the 2025.4 release"? I am asking because I have a home assistant I would like to avoid updating and I don't know if your words mean that of course I will need to update core version or I will be able to continue with my current version (2024-11) and I will only need to update tado integration. Thanks

[erwindouna]

Hi @erwindouna, could you confirm me what is going to be needed when you say: "It should be included in the 2025.4 release"? I am asking because I have a home assistant I would like to avoid updating and I don't know if your words mean that of course I will need to update core version or I will be able to continue with my current version (2024-11) and I will only need to update tado integration. Thanks

This will also impact older versions. Tado has disabled the password flow. I would recommend to upgrade to 2025.4 when it's released.

[briancrocker42]

Thank to all who are working on this but has shown to me the vulnerabilities of some HA integrations. Not a complaint as its supported by very talented but essentially amateur folks. I am shifting to a localised TADO solution from now on.

[sven-debug]

Thank to all who are working on this but has shown to me the vulnerabilities of some HA integrations. Not a complaint as its supported by very talented but essentially amateur folks. I am shifting to a localised TADO solution from now on.

How? I am interested how you want to get rid of the cloud. Out of curiosity.

[EDelsman]

Thank to all who are working on this but has shown to me the vulnerabilities of some HA integrations. Not a complaint as its supported by very talented but essentially amateur folks. I am shifting to a localised TADO solution from now on.

'talented but essentially amateur' - Seriously?!? Are you blaming the fact that Tado changes their login method on amateurism of the people who work hard to follow suit as fast as they possibly can? You have now way to judge their skill level, but also no reason to doubt it.

[EDelsman]

They were given lots of notice but now scrabbling around trying to sort it out. As I said not complaining at all but it's not professional …

You do realize that you bought a Tado heating system that won't even operate on a schedule when internet is down? Maybe you should question your own actions before you judge others.

[DariukaB]

GitHub - smart7324/homebridge-tado-platform-next: Homebridge plugin for controlling Tado devices Homebridge plugin for controlling Tado devices

looks like they’ve managed to update the plugin for homebridge to use new oauth method

[dacootmeister]

sure to say 2025.3.4 core didn;t include the integration fix, as I am running it now