homeassistant.auth

Provide an authentication layer for Home Assistant.

class homeassistant.auth.AuthManager(hass: homeassistant.core.HomeAssistant, store: homeassistant.auth.auth_store.AuthStore, providers: Dict[Tuple[str, Optional[str]], homeassistant.auth.providers.AuthProvider], mfa_modules: Dict[str, homeassistant.auth.mfa_modules.MultiFactorAuthModule])[source]

Manage the authentication for Home Assistant.

async async_activate_user(user: homeassistant.auth.models.User) → None[source]

Activate a user.

async_create_access_token(refresh_token: homeassistant.auth.models.RefreshToken, remote_ip: Optional[str] = None) → str[source]

Create a new access token.

async async_create_refresh_token(user: homeassistant.auth.models.User, client_id: Optional[str] = None, client_name: Optional[str] = None, client_icon: Optional[str] = None, token_type: Optional[str] = None, access_token_expiration: datetime.timedelta = datetime.timedelta(seconds=1800)) → homeassistant.auth.models.RefreshToken[source]

Create a new refresh token for a user.

async async_create_system_user(name: str, group_ids: Optional[List[str]] = None) → homeassistant.auth.models.User[source]

Create a system user.

async async_create_user(name: str, group_ids: Optional[List[str]] = None) → homeassistant.auth.models.User[source]

Create a user.

async async_deactivate_user(user: homeassistant.auth.models.User) → None[source]

Deactivate a user.

async async_disable_user_mfa(user: homeassistant.auth.models.User, mfa_module_id: str) → None[source]

Disable a multi-factor auth module for user.

async async_enable_user_mfa(user: homeassistant.auth.models.User, mfa_module_id: str, data: Any) → None[source]

Enable a multi-factor auth module for user.

async async_get_enabled_mfa(user: homeassistant.auth.models.User) → Dict[str, str][source]

List enabled mfa modules for user.

async async_get_group(group_id: str) → Optional[homeassistant.auth.models.Group][source]

Retrieve all groups.

async async_get_or_create_user(credentials: homeassistant.auth.models.Credentials) → homeassistant.auth.models.User[source]

Get or create a user.

async async_get_owner() → Optional[homeassistant.auth.models.User][source]

Retrieve the owner.

async async_get_refresh_token(token_id: str) → Optional[homeassistant.auth.models.RefreshToken][source]

Get refresh token by id.

async async_get_refresh_token_by_token(token: str) → Optional[homeassistant.auth.models.RefreshToken][source]

Get refresh token by token.

async async_get_user(user_id: str) → Optional[homeassistant.auth.models.User][source]

Retrieve a user.

async async_get_user_by_credentials(credentials: homeassistant.auth.models.Credentials) → Optional[homeassistant.auth.models.User][source]

Get a user by credential, return None if not found.

async async_get_users() → List[homeassistant.auth.models.User][source]

Retrieve all users.

Link credentials to an existing user.

async async_remove_credentials(credentials: homeassistant.auth.models.Credentials) → None[source]

Remove credentials.

async async_remove_refresh_token(refresh_token: homeassistant.auth.models.RefreshToken) → None[source]

Delete a refresh token.

async async_remove_user(user: homeassistant.auth.models.User) → None[source]

Remove a user.

async async_update_user(user: homeassistant.auth.models.User, name: Optional[str] = None, group_ids: Optional[List[str]] = None) → None[source]

Update a user.

async async_validate_access_token(token: str) → Optional[homeassistant.auth.models.RefreshToken][source]

Return refresh token if an access token is valid.

property auth_mfa_modules

Return a list of available auth modules.

property auth_providers

Return a list of available auth providers.

get_auth_mfa_module(module_id: str) → Optional[homeassistant.auth.mfa_modules.MultiFactorAuthModule][source]

Return a multi-factor auth module, None if not found.

get_auth_provider(provider_type: str, provider_id: str) → Optional[homeassistant.auth.providers.AuthProvider][source]

Return an auth provider, None if not found.

get_auth_providers(provider_type: str) → List[homeassistant.auth.providers.AuthProvider][source]

Return a List of auth provider of one type, Empty if not found.

class homeassistant.auth.AuthManagerFlowManager(hass: homeassistant.core.HomeAssistant, auth_manager: homeassistant.auth.AuthManager)[source]

Manage authentication flows.

async async_create_flow(handler_key: Any, *, context: Optional[Dict[str, Any]] = None, data: Optional[Dict[str, Any]] = None) → homeassistant.data_entry_flow.FlowHandler[source]

Create a login flow.

async async_finish_flow(flow: homeassistant.data_entry_flow.FlowHandler, result: Dict[str, Any]) → Dict[str, Any][source]

Return a user as result of login flow.

async homeassistant.auth.auth_manager_from_config(hass: homeassistant.core.HomeAssistant, provider_configs: List[Dict[str, Any]], module_configs: List[Dict[str, Any]]) → homeassistant.auth.AuthManager[source]

Initialize an auth manager from config.

CORE_CONFIG_SCHEMA will make sure do duplicated auth providers or mfa modules exist in configs.

homeassistant.auth.auth_store

Storage for auth models.

class homeassistant.auth.auth_store.AuthStore(hass: homeassistant.core.HomeAssistant)[source]

Bases: object

Stores authentication info.

Any mutation to an object should happen inside the auth store.

The auth store is lazy. It won’t load the data from disk until a method is called that needs it.

async async_activate_user(user: homeassistant.auth.models.User) → None[source]

Activate a user.

async async_create_refresh_token(user: homeassistant.auth.models.User, client_id: Optional[str] = None, client_name: Optional[str] = None, client_icon: Optional[str] = None, token_type: str = 'normal', access_token_expiration: datetime.timedelta = datetime.timedelta(seconds=1800)) → homeassistant.auth.models.RefreshToken[source]

Create a new token for a user.

async async_create_user(name: Optional[str], is_owner: Optional[bool] = None, is_active: Optional[bool] = None, system_generated: Optional[bool] = None, credentials: Optional[homeassistant.auth.models.Credentials] = None, group_ids: Optional[List[str]] = None) → homeassistant.auth.models.User[source]

Create a new user.

async async_deactivate_user(user: homeassistant.auth.models.User) → None[source]

Activate a user.

async async_get_group(group_id: str) → Optional[homeassistant.auth.models.Group][source]

Retrieve all users.

async async_get_groups() → List[homeassistant.auth.models.Group][source]

Retrieve all users.

async async_get_refresh_token(token_id: str) → Optional[homeassistant.auth.models.RefreshToken][source]

Get refresh token by id.

async async_get_refresh_token_by_token(token: str) → Optional[homeassistant.auth.models.RefreshToken][source]

Get refresh token by token.

async async_get_user(user_id: str) → Optional[homeassistant.auth.models.User][source]

Retrieve a user by id.

async async_get_users() → List[homeassistant.auth.models.User][source]

Retrieve all users.

Add credentials to an existing user.

async_log_refresh_token_usage(refresh_token: homeassistant.auth.models.RefreshToken, remote_ip: Optional[str] = None) → None[source]

Update refresh token last used information.

async async_remove_credentials(credentials: homeassistant.auth.models.Credentials) → None[source]

Remove credentials.

async async_remove_refresh_token(refresh_token: homeassistant.auth.models.RefreshToken) → None[source]

Remove a refresh token.

async async_remove_user(user: homeassistant.auth.models.User) → None[source]

Remove a user.

async async_update_user(user: homeassistant.auth.models.User, name: Optional[str] = None, is_active: Optional[bool] = None, group_ids: Optional[List[str]] = None) → None[source]

Update a user.

homeassistant.auth.const

Constants for the auth module.

homeassistant.auth.models

Auth models.

class homeassistant.auth.models.Credentials(auth_provider_type: str, auth_provider_id: Optional[str], data: dict, id: str = NOTHING, is_new: bool = True)[source]

Bases: object

Credentials for a user on an auth provider.

auth_provider_id
auth_provider_type
data
id
is_new
class homeassistant.auth.models.Group(name: Optional[str], policy: Mapping[str, Union[Mapping[str, Union[Mapping[str, Union[Mapping[str, bool], bool, None]], bool, None]], Mapping[str, Union[Mapping[str, bool], bool, None]], bool, None]], id: str = NOTHING, system_generated: bool = False)[source]

Bases: object

A group.

id
name
policy
system_generated
class homeassistant.auth.models.RefreshToken(user: homeassistant.auth.models.User, client_id: Optional[str], access_token_expiration: datetime.timedelta, client_name: Optional[str] = None, client_icon: Optional[str] = None, token_type: str = 'normal', id: str = NOTHING, created_at: datetime.datetime = NOTHING, token: str = NOTHING, jwt_key: str = NOTHING, last_used_at: Optional[datetime.datetime] = None, last_used_ip: Optional[str] = None)[source]

Bases: object

RefreshToken for a user to grant new access tokens.

access_token_expiration
client_icon
client_id
client_name
created_at
id
jwt_key
last_used_at
last_used_ip
token
token_type
user
class homeassistant.auth.models.User(name: Optional[str], perm_lookup: homeassistant.auth.permissions.models.PermissionLookup, id: str = NOTHING, is_owner: bool = False, is_active: bool = False, system_generated: bool = False, groups: List[homeassistant.auth.models.Group] = NOTHING, credentials: List[Credentials] = NOTHING, refresh_tokens: Dict[str, RefreshToken] = NOTHING)[source]

Bases: object

A user.

credentials
groups
id
invalidate_permission_cache() → None[source]

Invalidate permission cache.

is_active
property is_admin

Return if user is part of the admin group.

is_owner
name
perm_lookup
property permissions

Return permissions object for user.

refresh_tokens
system_generated
class homeassistant.auth.models.UserMeta[source]

Bases: tuple

User metadata.

property is_active

Alias for field number 1

property name

Alias for field number 0