homeassistant.auth

Provide an authentication layer for Home Assistant.

class homeassistant.auth.AuthManager(hass: homeassistant.core.HomeAssistant, store: homeassistant.auth.auth_store.AuthStore, providers: Dict[Tuple[str, Optional[str]], homeassistant.auth.providers.AuthProvider], mfa_modules: Dict[str, homeassistant.auth.mfa_modules.MultiFactorAuthModule])

Manage the authentication for Home Assistant.

async async_activate_user(user: homeassistant.auth.models.User) → None

Activate a user.

async_create_access_token(refresh_token: homeassistant.auth.models.RefreshToken, remote_ip: Optional[str] = None) → str

Create a new access token.

async async_create_refresh_token(user: homeassistant.auth.models.User, client_id: Optional[str] = None, client_name: Optional[str] = None, client_icon: Optional[str] = None, token_type: Optional[str] = None, access_token_expiration: datetime.timedelta = datetime.timedelta(seconds=1800)) → homeassistant.auth.models.RefreshToken

Create a new refresh token for a user.

async async_create_system_user(name: str, group_ids: Optional[List[str]] = None) → homeassistant.auth.models.User

Create a system user.

async async_create_user(name: str, group_ids: Optional[List[str]] = None) → homeassistant.auth.models.User

Create a user.

async async_deactivate_user(user: homeassistant.auth.models.User) → None

Deactivate a user.

async async_disable_user_mfa(user: homeassistant.auth.models.User, mfa_module_id: str) → None

Disable a multi-factor auth module for user.

async async_enable_user_mfa(user: homeassistant.auth.models.User, mfa_module_id: str, data: Any) → None

Enable a multi-factor auth module for user.

async async_get_enabled_mfa(user: homeassistant.auth.models.User) → Dict[str, str]

List enabled mfa modules for user.

async async_get_group(group_id: str) → Optional[homeassistant.auth.models.Group]

Retrieve all groups.

async async_get_or_create_user(credentials: homeassistant.auth.models.Credentials) → homeassistant.auth.models.User

Get or create a user.

async async_get_owner() → Optional[homeassistant.auth.models.User]

Retrieve the owner.

async async_get_refresh_token(token_id: str) → Optional[homeassistant.auth.models.RefreshToken]

Get refresh token by id.

async async_get_refresh_token_by_token(token: str) → Optional[homeassistant.auth.models.RefreshToken]

Get refresh token by token.

async async_get_user(user_id: str) → Optional[homeassistant.auth.models.User]

Retrieve a user.

async async_get_user_by_credentials(credentials: homeassistant.auth.models.Credentials) → Optional[homeassistant.auth.models.User]

Get a user by credential, return None if not found.

async async_get_users() → List[homeassistant.auth.models.User]

Retrieve all users.

async async_link_user(user: homeassistant.auth.models.User, credentials: homeassistant.auth.models.Credentials) → None

Link credentials to an existing user.

async async_remove_credentials(credentials: homeassistant.auth.models.Credentials) → None

Remove credentials.

async async_remove_refresh_token(refresh_token: homeassistant.auth.models.RefreshToken) → None

Delete a refresh token.

async async_remove_user(user: homeassistant.auth.models.User) → None

Remove a user.

async async_update_user(user: homeassistant.auth.models.User, name: Optional[str] = None, group_ids: Optional[List[str]] = None) → None

Update a user.

async async_validate_access_token(token: str) → Optional[homeassistant.auth.models.RefreshToken]

Return refresh token if an access token is valid.

property auth_mfa_modules

Return a list of available auth modules.

property auth_providers

Return a list of available auth providers.

get_auth_mfa_module(module_id: str) → Optional[homeassistant.auth.mfa_modules.MultiFactorAuthModule]

Return a multi-factor auth module, None if not found.

get_auth_provider(provider_type: str, provider_id: str) → Optional[homeassistant.auth.providers.AuthProvider]

Return an auth provider, None if not found.

get_auth_providers(provider_type: str) → List[homeassistant.auth.providers.AuthProvider]

Return a List of auth provider of one type, Empty if not found.

class homeassistant.auth.AuthManagerFlowManager(hass: homeassistant.core.HomeAssistant, auth_manager: homeassistant.auth.AuthManager)

Manage authentication flows.

async async_create_flow(handler_key: Any, *, context: Optional[Dict[str, Any]] = None, data: Optional[Dict[str, Any]] = None) → homeassistant.data_entry_flow.FlowHandler

Create a login flow.

async async_finish_flow(flow: homeassistant.data_entry_flow.FlowHandler, result: Dict[str, Any]) → Dict[str, Any]

Return a user as result of login flow.

async homeassistant.auth.auth_manager_from_config(hass: homeassistant.core.HomeAssistant, provider_configs: List[Dict[str, Any]], module_configs: List[Dict[str, Any]]) → homeassistant.auth.AuthManager

Initialize an auth manager from config.

CORE_CONFIG_SCHEMA will make sure do duplicated auth providers or mfa modules exist in configs.

homeassistant.auth.auth_store

Storage for auth models.

class homeassistant.auth.auth_store.AuthStore(hass: homeassistant.core.HomeAssistant)

Bases: object

Stores authentication info.

Any mutation to an object should happen inside the auth store.

The auth store is lazy. It won’t load the data from disk until a method is called that needs it.

async async_activate_user(user: homeassistant.auth.models.User) → None

Activate a user.

async async_create_refresh_token(user: homeassistant.auth.models.User, client_id: Optional[str] = None, client_name: Optional[str] = None, client_icon: Optional[str] = None, token_type: str = 'normal', access_token_expiration: datetime.timedelta = datetime.timedelta(seconds=1800)) → homeassistant.auth.models.RefreshToken

Create a new token for a user.

async async_create_user(name: Optional[str], is_owner: Optional[bool] = None, is_active: Optional[bool] = None, system_generated: Optional[bool] = None, credentials: Optional[homeassistant.auth.models.Credentials] = None, group_ids: Optional[List[str]] = None) → homeassistant.auth.models.User

Create a new user.

async async_deactivate_user(user: homeassistant.auth.models.User) → None

Activate a user.

async async_get_group(group_id: str) → Optional[homeassistant.auth.models.Group]

Retrieve all users.

async async_get_groups() → List[homeassistant.auth.models.Group]

Retrieve all users.

async async_get_refresh_token(token_id: str) → Optional[homeassistant.auth.models.RefreshToken]

Get refresh token by id.

async async_get_refresh_token_by_token(token: str) → Optional[homeassistant.auth.models.RefreshToken]

Get refresh token by token.

async async_get_user(user_id: str) → Optional[homeassistant.auth.models.User]

Retrieve a user by id.

async async_get_users() → List[homeassistant.auth.models.User]

Retrieve all users.

async async_link_user(user: homeassistant.auth.models.User, credentials: homeassistant.auth.models.Credentials) → None

Add credentials to an existing user.

async_log_refresh_token_usage(refresh_token: homeassistant.auth.models.RefreshToken, remote_ip: Optional[str] = None) → None

Update refresh token last used information.

async async_remove_credentials(credentials: homeassistant.auth.models.Credentials) → None

Remove credentials.

async async_remove_refresh_token(refresh_token: homeassistant.auth.models.RefreshToken) → None

Remove a refresh token.

async async_remove_user(user: homeassistant.auth.models.User) → None

Remove a user.

async async_update_user(user: homeassistant.auth.models.User, name: Optional[str] = None, is_active: Optional[bool] = None, group_ids: Optional[List[str]] = None) → None

Update a user.

homeassistant.auth.const

Constants for the auth module.

homeassistant.auth.models

Auth models.

class homeassistant.auth.models.Credentials(auth_provider_type: str, auth_provider_id: Optional[str], data: dict, id: str = NOTHING, is_new: bool = True)

Bases: object

Credentials for a user on an auth provider.

auth_provider_id

auth_provider_type

data

id

is_new

class homeassistant.auth.models.Group(name: Optional[str], policy: Mapping[str, Union[Mapping[str, Union[Mapping[str, Union[Mapping[str, bool], bool, None]], bool, None]], Mapping[str, Union[Mapping[str, bool], bool, None]], bool, None]], id: str = NOTHING, system_generated: bool = False)

Bases: object

A group.

id

name

policy

system_generated

class homeassistant.auth.models.RefreshToken(user: homeassistant.auth.models.User, client_id: Optional[str], access_token_expiration: datetime.timedelta, client_name: Optional[str] = None, client_icon: Optional[str] = None, token_type: str = 'normal', id: str = NOTHING, created_at: datetime.datetime = NOTHING, token: str = NOTHING, jwt_key: str = NOTHING, last_used_at: Optional[datetime.datetime] = None, last_used_ip: Optional[str] = None)

Bases: object

RefreshToken for a user to grant new access tokens.

access_token_expiration

client_icon

client_id

client_name

created_at

id

jwt_key

last_used_at

last_used_ip

token

token_type

user

class homeassistant.auth.models.User(name: Optional[str], perm_lookup: homeassistant.auth.permissions.models.PermissionLookup, id: str = NOTHING, is_owner: bool = False, is_active: bool = False, system_generated: bool = False, groups: List[homeassistant.auth.models.Group] = NOTHING, credentials: List[Credentials] = NOTHING, refresh_tokens: Dict[str, RefreshToken] = NOTHING)

Bases: object

A user.

credentials

groups

id

invalidate_permission_cache() → None

Invalidate permission cache.

is_active

property is_admin

Return if user is part of the admin group.

is_owner

name

perm_lookup

property permissions

Return permissions object for user.

refresh_tokens

system_generated

class homeassistant.auth.models.UserMeta

Bases: tuple

User metadata.

property is_active

Alias for field number 1

property name

Alias for field number 0