homeassistant.auth
¶
Provide an authentication layer for Home Assistant.
-
class
homeassistant.auth.
AuthManager
(hass: homeassistant.core.HomeAssistant, store: homeassistant.auth.auth_store.AuthStore, providers: Dict[Tuple[str, Optional[str]], homeassistant.auth.providers.AuthProvider], mfa_modules: Dict[str, homeassistant.auth.mfa_modules.MultiFactorAuthModule])[source]¶ Manage the authentication for Home Assistant.
-
async_create_access_token
(refresh_token: homeassistant.auth.models.RefreshToken, remote_ip: Optional[str] = None) → str[source]¶ Create a new access token.
-
async
async_create_refresh_token
(user: homeassistant.auth.models.User, client_id: Optional[str] = None, client_name: Optional[str] = None, client_icon: Optional[str] = None, token_type: Optional[str] = None, access_token_expiration: datetime.timedelta = datetime.timedelta(seconds=1800)) → homeassistant.auth.models.RefreshToken[source]¶ Create a new refresh token for a user.
-
async
async_create_system_user
(name: str, group_ids: Optional[List[str]] = None) → homeassistant.auth.models.User[source]¶ Create a system user.
-
async
async_create_user
(name: str, group_ids: Optional[List[str]] = None) → homeassistant.auth.models.User[source]¶ Create a user.
-
async
async_deactivate_user
(user: homeassistant.auth.models.User) → None[source]¶ Deactivate a user.
-
async
async_disable_user_mfa
(user: homeassistant.auth.models.User, mfa_module_id: str) → None[source]¶ Disable a multi-factor auth module for user.
-
async
async_enable_user_mfa
(user: homeassistant.auth.models.User, mfa_module_id: str, data: Any) → None[source]¶ Enable a multi-factor auth module for user.
-
async
async_get_enabled_mfa
(user: homeassistant.auth.models.User) → Dict[str, str][source]¶ List enabled mfa modules for user.
-
async
async_get_group
(group_id: str) → Optional[homeassistant.auth.models.Group][source]¶ Retrieve all groups.
-
async
async_get_or_create_user
(credentials: homeassistant.auth.models.Credentials) → homeassistant.auth.models.User[source]¶ Get or create a user.
-
async
async_get_refresh_token
(token_id: str) → Optional[homeassistant.auth.models.RefreshToken][source]¶ Get refresh token by id.
-
async
async_get_refresh_token_by_token
(token: str) → Optional[homeassistant.auth.models.RefreshToken][source]¶ Get refresh token by token.
-
async
async_get_user
(user_id: str) → Optional[homeassistant.auth.models.User][source]¶ Retrieve a user.
-
async
async_get_user_by_credentials
(credentials: homeassistant.auth.models.Credentials) → Optional[homeassistant.auth.models.User][source]¶ Get a user by credential, return None if not found.
-
async
async_link_user
(user: homeassistant.auth.models.User, credentials: homeassistant.auth.models.Credentials) → None[source]¶ Link credentials to an existing user.
-
async
async_remove_credentials
(credentials: homeassistant.auth.models.Credentials) → None[source]¶ Remove credentials.
-
async
async_remove_refresh_token
(refresh_token: homeassistant.auth.models.RefreshToken) → None[source]¶ Delete a refresh token.
-
async
async_update_user
(user: homeassistant.auth.models.User, name: Optional[str] = None, is_active: Optional[bool] = None, group_ids: Optional[List[str]] = None) → None[source]¶ Update a user.
-
async
async_validate_access_token
(token: str) → Optional[homeassistant.auth.models.RefreshToken][source]¶ Return refresh token if an access token is valid.
-
property
auth_mfa_modules
¶ Return a list of available auth modules.
-
property
auth_providers
¶ Return a list of available auth providers.
-
get_auth_mfa_module
(module_id: str) → Optional[homeassistant.auth.mfa_modules.MultiFactorAuthModule][source]¶ Return a multi-factor auth module, None if not found.
-
-
class
homeassistant.auth.
AuthManagerFlowManager
(hass: homeassistant.core.HomeAssistant, auth_manager: homeassistant.auth.AuthManager)[source]¶ Manage authentication flows.
-
async
homeassistant.auth.
auth_manager_from_config
(hass: homeassistant.core.HomeAssistant, provider_configs: List[Dict[str, Any]], module_configs: List[Dict[str, Any]]) → homeassistant.auth.AuthManager[source]¶ Initialize an auth manager from config.
CORE_CONFIG_SCHEMA will make sure do duplicated auth providers or mfa modules exist in configs.
homeassistant.auth.auth_store¶
Storage for auth models.
-
class
homeassistant.auth.auth_store.
AuthStore
(hass: homeassistant.core.HomeAssistant)[source]¶ Bases:
object
Stores authentication info.
Any mutation to an object should happen inside the auth store.
The auth store is lazy. It won’t load the data from disk until a method is called that needs it.
-
async
async_create_refresh_token
(user: homeassistant.auth.models.User, client_id: Optional[str] = None, client_name: Optional[str] = None, client_icon: Optional[str] = None, token_type: str = 'normal', access_token_expiration: datetime.timedelta = datetime.timedelta(seconds=1800)) → homeassistant.auth.models.RefreshToken[source]¶ Create a new token for a user.
-
async
async_create_user
(name: Optional[str], is_owner: Optional[bool] = None, is_active: Optional[bool] = None, system_generated: Optional[bool] = None, credentials: Optional[homeassistant.auth.models.Credentials] = None, group_ids: Optional[List[str]] = None) → homeassistant.auth.models.User[source]¶ Create a new user.
-
async
async_get_group
(group_id: str) → Optional[homeassistant.auth.models.Group][source]¶ Retrieve all users.
-
async
async_get_refresh_token
(token_id: str) → Optional[homeassistant.auth.models.RefreshToken][source]¶ Get refresh token by id.
-
async
async_get_refresh_token_by_token
(token: str) → Optional[homeassistant.auth.models.RefreshToken][source]¶ Get refresh token by token.
-
async
async_get_user
(user_id: str) → Optional[homeassistant.auth.models.User][source]¶ Retrieve a user by id.
-
async
async_link_user
(user: homeassistant.auth.models.User, credentials: homeassistant.auth.models.Credentials) → None[source]¶ Add credentials to an existing user.
-
async_log_refresh_token_usage
(refresh_token: homeassistant.auth.models.RefreshToken, remote_ip: Optional[str] = None) → None[source]¶ Update refresh token last used information.
-
async
async_remove_credentials
(credentials: homeassistant.auth.models.Credentials) → None[source]¶ Remove credentials.
-
async
homeassistant.auth.const¶
Constants for the auth module.
homeassistant.auth.models¶
Auth models.
-
class
homeassistant.auth.models.
Credentials
(auth_provider_type: str, auth_provider_id: Optional[str], data: dict, id: str = NOTHING, is_new: bool = True)[source]¶ Bases:
object
Credentials for a user on an auth provider.
-
auth_provider_id
¶
-
auth_provider_type
¶
-
data
¶
-
id
¶
-
is_new
¶
-
-
class
homeassistant.auth.models.
Group
(name: Optional[str], policy: Mapping[str, Union[Mapping[str, Union[Mapping[str, Union[Mapping[str, bool], bool, None]], bool, None]], Mapping[str, Union[Mapping[str, bool], bool, None]], bool, None]], id: str = NOTHING, system_generated: bool = False)[source]¶ Bases:
object
A group.
-
id
¶
-
name
¶
-
policy
¶
-
system_generated
¶
-
-
class
homeassistant.auth.models.
RefreshToken
(user: homeassistant.auth.models.User, client_id: Optional[str], access_token_expiration: datetime.timedelta, client_name: Optional[str] = None, client_icon: Optional[str] = None, token_type: str = 'normal', id: str = NOTHING, created_at: datetime.datetime = NOTHING, token: str = NOTHING, jwt_key: str = NOTHING, last_used_at: Optional[datetime.datetime] = None, last_used_ip: Optional[str] = None)[source]¶ Bases:
object
RefreshToken for a user to grant new access tokens.
-
access_token_expiration
¶
-
client_icon
¶
-
client_id
¶
-
client_name
¶
-
created_at
¶
-
id
¶
-
jwt_key
¶
-
last_used_at
¶
-
last_used_ip
¶
-
token
¶
-
token_type
¶
-
user
¶
-
-
class
homeassistant.auth.models.
User
(name: Optional[str], perm_lookup: homeassistant.auth.permissions.models.PermissionLookup, id: str = NOTHING, is_owner: bool = False, is_active: bool = False, system_generated: bool = False, groups: List[homeassistant.auth.models.Group] = NOTHING, credentials: List[Credentials] = NOTHING, refresh_tokens: Dict[str, RefreshToken] = NOTHING)[source]¶ Bases:
object
A user.
-
credentials
¶
-
groups
¶
-
id
¶
-
is_active
¶
-
property
is_admin
¶ Return if user is part of the admin group.
-
is_owner
¶
-
name
¶
-
perm_lookup
¶
-
property
permissions
¶ Return permissions object for user.
-
refresh_tokens
¶
-
system_generated
¶
-