supervisor icon indicating copy to clipboard operation
supervisor copied to clipboard
verified publisher icon home-assistant

Internal http://supervisor/auth doesn't support Bearer tokens (long lived)

Open slords opened this issue 1 month ago • 0 comments

Describe the issue you are experiencing

I'm trying to write a tool to manage node-red. Node-red has an endpoint (https://server:1880) that I can hit and authenticate with my home assistant username:password. I've tried configuring a long term token to access this endpoint and am getting a 500 error back.

Tracing the auth through it appears that node-red is attempting to pass the authentication along to http://supervisor/auth to handle the authentication. This in turn is calling the /usr/src/supervisor/supervisor/api/auth.py to do the authentication which only supports basic authentication. When passing a Bearer token to authenticate I'm seeing the following on the docker logs for the supervisor:

Traceback (most recent call last):
  File "/usr/local/lib/python3.13/site-packages/aiohttp/web_protocol.py", line 510, in _handle_request
    resp = await request_handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/aiohttp/web_app.py", line 569, in _handle
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/aiohttp/web_middlewares.py", line 117, in impl
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/supervisor/supervisor/api/middleware/security.py", line 198, in block_bad_requests
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/supervisor/supervisor/api/middleware/security.py", line 208, in system_validation
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/supervisor/supervisor/api/middleware/security.py", line 276, in token_validation
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/supervisor/supervisor/api/middleware/security.py", line 289, in core_proxy
    return await handler(request)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/supervisor/supervisor/api/utils.py", line 71, in wrap_api
    answer = await method(api, *args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/supervisor/supervisor/api/auth.py", line 88, in auth
    if not await self._process_basic(request, addon):
                 ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^
  File "/usr/src/supervisor/supervisor/api/auth.py", line 52, in _process_basic
    auth = BasicAuth.decode(request.headers[AUTHORIZATION])
  File "/usr/local/lib/python3.13/site-packages/aiohttp/helpers.py", line 150, in decode
    raise ValueError("Unknown authorization method %s" % auth_type)
ValueError: Unknown authorization method Bearer

What is the possibility of adding support for authenticating with Bearer tokens to internal auth endpoints so the same authentication methods that work externally will work internally?

What type of installation are you running?

Home Assistant OS

Which operating system are you running on?

Home Assistant Operating System

Steps to reproduce the issue

...

Anything in the Supervisor logs that might be useful for us?

See above

System information

See above

Supervisor diagnostics

No response

Additional information

No response

slords avatar Nov 14 '25 01:11 slords