{"id":16098419,"url":"https://github.com/bigboot/hass-jwt_cookie","last_synced_at":"2025-03-17T17:31:18.982Z","repository":{"id":64983516,"uuid":"575047877","full_name":"BigBoot/hass-jwt_cookie","owner":"BigBoot","description":"Create JWT Cookies every time you log in to your HomeAssistant instance","archived":false,"fork":false,"pushed_at":"2024-09-18T10:06:55.000Z","size":50,"stargazers_count":9,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-28T02:23:05.149Z","etag":null,"topics":["hass","home-assistant","homeassistant"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BigBoot.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-12-06T16:31:10.000Z","updated_at":"2024-09-18T10:07:04.000Z","dependencies_parsed_at":"2024-09-18T13:25:13.806Z","dependency_job_id":"5f2fc45f-6de8-4fb4-9dfe-fdf517cd9555","html_url":"https://github.com/BigBoot/hass-jwt_cookie","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BigBoot%2Fhass-jwt_cookie","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BigBoot%2Fhass-jwt_cookie/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BigBoot%2Fhass-jwt_cookie/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BigBoot%2Fhass-jwt_cookie/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BigBoot","download_url":"https://codeload.github.com/BigBoot/hass-jwt_cookie/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243872432,"owners_count":20361479,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hass","home-assistant","homeassistant"],"created_at":"2024-10-09T18:05:43.146Z","updated_at":"2025-03-17T17:31:18.693Z","avatar_url":"https://github.com/BigBoot.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# hass-jwt_cookie\n\n[![GitHub Release][releases-shield]][releases]\n[![License][license-shield]](LICENSE)\n[![hacs][hacsbadge]][hacs]\n![Project Maintenance][maintenance-shield]\n\nCreate JWT Cookies every time you log in to your HomeAssistant instance.\n\n![jwt][jwtimg]\n\n## Why?\n\nI wanted to reverse proxy a few of my internally reachable services and make them available through my publicly accessible HomeAssistant installation.\nAfter looking at the available solutions I was not satisfied with any of them, here's some of the solutions I evaluated and why I disliked them.\n\n- BasicAuth using user:password in the url  \n   ❌ Doesn't work in the Android/iOS App  \n   ❌ Makes the login details available in cleartext in the url\n\n- Authelia  \n   ❌ User Management Separate from HomeAssistant  \n   ❌ No SSO  \n   ❌ Doesn't work in the Android/iOS App?\n\n- LDAP+Authelia+HomeAssistant LDAP+Some LDAP GUI  \n   ❌ Very Complex  \n   ❌ No True SSO (You'll have to log in to Home Assistant **AND** Authelia separately)  \n   ❌ Doesn't work in the Android/iOS App?\n\n- Various other similar combination of solutions like Authentik/Keycloak/... all suffer from the same fundamental problems as Authelia\n\nSo I decided to create this intergration and combine it with a reverse proxy supporting jwt auth. This ticks all of my requirements:\n- ✅ Works everywhere (including the iOS/Android apps)\n- ✅ True SSO\n- ✅ Users are managed in HomeAssistant\n- ✅ No cleartext login/passwords\n- ✅ Is easily extensible to new services\n- ✅ Reasonably safe\n\n**NOTE:** By itself this integration only provides the creation of a json cookie, the actual authentication will still need to be configured in the reverse proxy, see [integrations](#integrations) for more details.\n\n## Installation\n\n### HACS (Recommended)\n\nInstallation is via the [Home Assistant Community Store\n(HACS)](https://hacs.xyz/), which is the best place to get third-party\nintegrations for Home Assistant. Once you have HACS set up, simply click the button below or\nfollow the [instructions for adding a custom\nrepository](https://hacs.xyz/docs/faq/custom_repositories) and then\nthe integration will be available to install like any other.\n\n[![Open your Home Assistant instance and open a repository inside the Home Assistant Community Store.](https://my.home-assistant.io/badges/hacs_repository.svg)](https://my.home-assistant.io/redirect/hacs_repository/?owner=bigboot\u0026repository=hass-jwt_cookie\u0026category=integration)\n\n### Manual\n\n1. Using the tool of choice open the directory (folder) for your HA configuration (where you find `configuration.yaml`).\n2. If you do not have a `custom_components` directory (folder) there, you need to create it.\n3. In the `custom_components` directory (folder) create a new folder called `jwt_cookie`.\n4. Download _all_ the files from the `custom_components/jwt_cookie/` directory (folder) in this repository.\n5. Place the files you downloaded in the new directory (folder) you created.\n6. Restart Home Assistant\n\nUsing your HA configuration directory (folder) as a starting point you should now also have this:\n\n```text\ncustom_components/jwt_cookie/__init__.py\ncustom_components/jwt_cookie/manifest.json\n```\n\n## Configuration\n\nTo use this component in your installation, add the following to your configuration.yaml file:\n\n### Example configuration.yaml entry (uncomment and change if needed)\n\n```yaml\njwt_cookie:\n    # cookie_name: \u003ccookie name\u003e # defaults to jwt_access_token\n    # audience: \u003cjwt aud claim\u003e # defaults to homeassistant\n    # issuer: \u003cjwt issuer\u003e # defaults to homeassistant\n    # http_only: \u003ctrue/false\u003e # defaults to true\n    # secure: \u003ctrue/false\u003e # defaults to false\n    # domain: \u003ccookie domain\u003e # defaults to the current domain, to include subdomains\n                              # set this to the domain name with a leading `.`\n                              # i.e. .my.hass.domain\n    # public_key_file: \u003clocation to public key\u003e # defaults to /config/jwt_cookie.pem\n    # private_key_file: \u003clocation to private key\u003e # defaults to null\n                                                  # if not set no private key will be stored\n                                                  # this means a new private/public key pair\n                                                  # will be generated every time ha restarts\n```\n\n## Integrations\n\n- [Caddy](/integrations/caddy.md)\n- Traefik (Open for contributions, probably requires commercial edition)\n- Nginx (Open for contributions, probably requires commercial edition)\n- HAProxy (Open for contributions)\n\n## Contributions are welcome!\n\nIf you want to contribute to this please read the [Contribution guidelines](CONTRIBUTING.md)\n\n***\n\n[hacs]: https://github.com/custom-components/hacs\n[hacsbadge]: https://img.shields.io/badge/HACS-Custom-orange.svg?style=for-the-badge\n[jwtimg]: jwt.png\n[license-shield]: https://img.shields.io/github/license/bigboot/hass-jwt_cookie.svg?style=for-the-badge\n[maintenance-shield]: https://img.shields.io/badge/maintainer-%40BigBoot-blue.svg?style=for-the-badge\n[releases-shield]: https://img.shields.io/github/release/bigboot/hass-jwt_cookie.svg?style=for-the-badge\n[releases]: https://github.com/bigboot/hass-jwt_cookie/releases\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbigboot%2Fhass-jwt_cookie","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbigboot%2Fhass-jwt_cookie","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbigboot%2Fhass-jwt_cookie/lists"}