images/ha_xiaomi_home
2
0
Fork 0
mirror of https://github.com/XiaoMi/ha_xiaomi_home.git synced 2025-11-21 11:38:58 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Created OAuth 2.0 login when Home Assistant URL is not http://homeassistant.local:8123 (markdown)

Li Shuzhen
2025-11-20 15:46:42 +08:00
parent 04139bb8d1
commit 857b30272f
1 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
OAuth-2.0-login-when-Home-Assistant-URL-is-not-http:--homeassistant.local:8123.md Normal file

@@ -0,0 +1,42 @@
## Problem Description
The default URL for Home Assistant is `http://homeassistant.local:8123`, but users may use a custom URL such as `http://192.168.31.100:10123` or `https://homeassistant.example.com`. In such cases, OAuth 2.0 login will fail due to an incorrect redirect URL.
<div align="center">
<img src="https://github.com/user-attachments/assets/37777f15-9e65-4bc6-8944-6f115aadd788" alt="Login error">
<br>
<em>Figure 1: OAuth 2.0 login error due to incorrect redirect URL</em>
</div>
## Reason
The redirect URL in the OAuth 2.0 login process is set to `http://homeassistant.local:8123` on the authorization server. If the Home Assistant URL is not `http://homeassistant.local:8123`, the redirect URL will be incorrect, causing the login to fail.
## Solution
<div align="center">
<img src="https://github.com/user-attachments/assets/cc82e4f5-0aa5-4689-864b-3e3e6540f01f" alt="Login steps 1 to 3">
<br>
<em>Figure 2: Login steps 1 to 3</em>
</div>
Follow the instructions to log in. After clicking **"Click here to login"** in step 3, the browser will display an OAuth login page. Once authorization is confirmed, the page will redirect to `http://homeassistant.local:8123`.
<div align="center">
<img src="https://github.com/user-attachments/assets/44008173-5274-4b51-a05a-73904de76199" alt="Login step 4">
<br>
<em>Figure 3: Authorization confirmed and redirect to the default URL</em>
</div>
Change the default URL in the browser address bar to your custom URL and press Enter. The browser will then redirect back to the Home Assistant page, and the OAuth 2.0 login will succeed.
<div align="center">
<img src="https://github.com/user-attachments/assets/45420fde-e899-4631-b187-90bd231ca17e" alt="Login steps 5 to 6">
<br>
<em>Figure 4: Replace the default URL with the custom URL in the browser</em>
</div>
## Why is it not possible to add a function allowing users to modify the OAuth 2.0 redirect URL?
According to the OAuth 2.0 standard, the redirect URL — used to return the authorization code to the client — must be pre-configured on the authorization server. If users were allowed to modify this URL via an interface, an attacker could craft a malicious client and change the redirect URL to a server under their control. When a user logs in through this forged client, the authorization code would be sent to the attackers server, compromising the users credentials.
For security reasons, xiaomi_home will not implement this feature.