Description
http.trusted_networks already removed in 0.89 release. We need plan how/when we remove the trusted networks as an access control feature, but keep it as an authentication provider.
e.g. All access to API have to provide an access token if that API required authentication. But if you request is coming from trusted network, you can easily get an access token through login flow (via browser). If you are accessing HA API through other program, you need create a long-lived token.
My initial plan is
- .91 and .92 print out deprecated warning when user use trusted_network to authenticate (not from auth provider, but in http.auth process)
- at same time finish Trusted Networks Auth Provider enhancement #169 in .91
- .93 and .94 user must opt-in legacy feature, they have to something to continue use this feature
- .95 remove feature
EDIT: adjust schedule
Metadata
Assignees
Labels
No labels