OpenID Connect (OIDC) implementation for Home Assistant through a custom component/integration,
with a strong focus on security, stability and accessibility.
YAML Configuration Guide
·
Contribution Guide
·
Frequently Asked Questions (FAQ)
Announcements & Polls
·
Issues
·
Questions
·
Feature Requests
Provides a stable and secure OpenID Connect (OIDC) implementation for Home Assistant through a custom component/integration. With this integration, you can create a single-sign-on (SSO) environment in your self-hosted application stack / homelab.
The core values for this integration are:
- Security: strict adherence to the OpenID Connect specification, RFC 6749 (OAuth2), RFC 7519 (JWT), RFC 7636 (PKCE) and RFC 9700 (OAuth2 Security Best Practices) as well as a focus on security tests in the automated test suite.
- Stability: minimal patching of the core Home Assistant code such that updates of HA are less likely to break the integration and leave you without a way to login.
- Accessibility: the integration should work for everyone as much as possible with default settings, regardless of your preferred authentication method.
TLDR: Login to Home Assistant with this integration should 'just work', every time, for everyone in your household (even your dad), securely.
If you are deciding if this integration is the right fit for your setup, please see the Frequently Asked Questions (FAQ) for more information.
The easiest way to install the integration is through the Home Assistant Community Store (HACS). You can find usage instructions for HACS here: https://hacs.xyz/docs/use/.
After installing HACS, search for "OpenID Connect" in the HACS search box or click the button below:
Next, set up your OIDC provider. You can find setup guides for common providers here:
 |
 |
 |
|---|---|---|
| authentik | Authelia | Pocket ID |
You can also find additional provider guides in the the Provider Configurations folder. If your provider isn't specified, you can use either a public client (recommended) or confidential client with the callback URL set to <your HA URL>/auth/oidc/callback.
Finally, choose your preferred configuration style (UI or YAML). After configuration, you should automatically be sent to the OIDC login page(s) if you open Home Assistant (web or app).
The recommended setup method for beginners is through the "Integrations" panel within the Home Assistant UI.
Many configuration options are available through this method, but some advanced features are only available in YAML to simplify the setup process in the UI.
- Open Home Assistant and go to Settings -> Devices & Services.
- Click Add Integration and select OpenID Connect/SSO Authentication.
- Follow the prompts on screen carefully.
Alternatively, you can configure the integration using YAML. You can find a full configuration guide for YAML here: YAML Configuration Guide.
Contributions are very welcome! If you program in Python or have worked with Home Assistant integrations before, please try to contribute. You can find more information in the Contribution Guide.
Please see SECURITY.md for more information on how to submit your security issue securely. You can find previously found vulnerabilities and their corresponding security advisories at the Security Advisories page.
If you would like to read the background/open letter that led to this component, you can find it at https://github.com/orgs/home-assistant/discussions/48. It is currently one of the most upvoted feature requests for Home Assistant.
Distributed under the MIT license with no warranty. You are fully liable for configuring this integration correctly to keep your Home Assistant installation secure. Use at your own risk. The full license can be found in LICENSE.md