It's major release time! 🎉 ✨
It's time to declare this integration stable, as it has been tested in many setups over the last two years and has reached a feature state I am happy with.
Starting with v1.0.0, you will no longer have to manually visit /auth/oidc/welcome or /auth/oidc/redirect, as the UI now automatically takes care of the OIDC integration. You can replace any manual links to the welcome page with direct links to your Home Assistant base URL.
New users can also configure the integration fully from the UI, if you are running Authelia, Authentik or Pocket ID. The guides have been updated with all new instructions to reflect this change.
Power users, and those who wish to do so or need the feature flags, can use YAML. YAML will remain supported for this integration besides the UI config indefinitely, but you can only use one or the other, not both at the same time.
Warning
Please note that you might need to change your config and/or setup to update to v1.
Take special care if:
- you were running pre-releases (v0.7-rc*). If so, you might need to update your YAML configuration as the
features.disable_frontend_injectionflag was removed. - you have some sort of non-standard code or proxy setup on top of this integration. You might need to remove it to use the new automatic redirect.
Most users should not experience any issues. If you have a standard YAML config with no features enabled, you do not need to change anything.
If you are experiencing issues, please check the new Frequently Asked Questions first!
What's Changed
- Integration can now be configured either using YAML (all options/full config) or the Home Assistant interface (limited config) thanks to @dbaines
- Automatic redirect from the HA login screen to OIDC (#19)
- If you have disabled Home Assistant default login, it will automatically redirect to the SSO provider
- You can still use the /auth/oidc/welcome and /auth/oidc/redirect paths, but it is no longer necessary to do so.
- Added automatic security testing (pysentry-rs), thanks to @nyudenkov
- Added docs for Zitadel, thanks to @vslee
- Many automated integration and unit tests have been added, almost entirely covering the code.
- Added a new feature flag for
default_redirect: you can now skip the welcome screen and automatically redirect all the way to your SSO provider. This feature is also automatically enabled if you disable the default Home Assistant username/password login.
New Contributors
- Special thanks to those that contributed to the UI injection attempts (in #19): @jtdroste @jthoward64 @jasoncodes (as well as @Lachee and @emanuelbesliu for updating it when HA broke it through updates)
- @dbaines made their first contribution in #123
- @nyudenkov made their first contribution in #208
- @vslee made their first contribution in #221
- All testers of the pre-releases, with a special mention to @tomfrenzel and @adriansalamon for testing the iOS app thoroughly.
If you would also like to contribute to this project, see https://github.com/christiaangoossens/hass-oidc-auth/blob/main/CONTRIBUTING.md for more info. You can also donate through https://github.com/sponsors/christiaangoossens.
Full Changelog: v0.6.5-alpha...v1.0.1