Allow adding integration with master token alone #339
Comments
|
Should we rethink how we (and if we should) store the And by storing, I mean not saving the |
|
@DurgNomis-drol, I would love to and I think it's very important, but tbh, i don't know what security considerations can we do within our integration scope. Currently we store username, password, master_token and android_id in the integration instance. But so does all other HA integrations, leaving the rest of security vulnerabilities/encryption(?)/storage etc for HA to manage. Apart from that "pre-defined" flow I am not sure what we can do 🤷♂️ |
|
@leikoilja You are probably right, i was just thinking out loud after the back and forth in the other issue. 😃 |
|
Totally agree with you. We can still support master token as an auth method, thou i dont think it's a common use case and it's not going to make it easier to authenticate or use the integration. |
|
I think encrypting any data is meaningless because it should be decrypted by HA, and the decryption key must be stored somewhere where HA can access it. If someone has access to these files you're pwned in any case, it doesn't matter if they're encrypted or not. Not storing master token doesn't make any sense either if we still store username and password. Obtaining it every time should work but the only thing it'll do is making the initialization of the integration slower because of the extra request. Allowing using master token in the config flow is ok if we can provide instructions on how to obtain it. Although I don't think this makes anything safer, probably it's only a bit easier to revoke such token. |
Honestly, I think securely storing this information is a problem, that the home-assistant core has to solve. Many integrations including official ones do store sensitive secrets in there and there is no good way to encrypt them as an integration, that is not easily circumvented. Of course this is not an easy problem for the core to solve as well, but systems like home-assistant OS could at least offer disk-encryption? Anyway, in my opinion this is way out of our reach. Was there any research onto getting other authentification flows to work? Obviously we would like to have a normal web-based authentification flow with a limited set of scopes. gmusicapi had a similar problem and stuck with the master_token approach, although simon-weber found a way to a web-based auth flow. The problem is just, that the token is stored in a cookie and not easy to extract. I am not sure, if that approach even allows to limit scopes, but if we find any more secure solution, we should maybe write a tutorial and additionally offer people to sign in with a token instead. That way they can generate and extract a more secure one, instead of relying on our more convenient login procedure. |
This is as far as I understand, also the reasoning behind why HA does not encrypt in the first place, which makes totally sense BTW. And @Drakulix reply answered what i was gonna say 😆 But the cookie thing sounds interesting.
👍 from me. |
And what about just storing It's clear that this issue is not just ours, there are other integrations with the same security concerns. I believe HA secrets is the way they recommend to store secrets, but it's not a good method by any means, as far as I see it.
This would be quite easy if we do the "re-auth" workflow. Since |
|
Closed in #723 |
I think it would be a useful option to allow the user to specify a
master_tokeninstead of the account username and app password as is suggested as best security practice in theglocaltokensreadme. Having to store my Google account credentials on the home assistant server is the main thing keeping me from using this extension so any way around that is appreciated, this was just what I came up with to maybe achieve that.Originally posted by @coleya in #124 (comment)
Related leikoilja/glocaltokens#168
The text was updated successfully, but these errors were encountered: