Allow DataEntryFlowStepExternal on the login screen #14471
Conversation
|
Hi christiaangoossens It seems you haven't yet signed a CLA. Please do so here. Once you do that we will be able to review and accept this pull request. Thanks! |
home-assistant
bot
added
cla-needed
cla-recheck
cla-signed
and removed
cla-recheck
cla-needed
labels
| return html` ${this._computeStepDescription(step) | ||
| ? html` | ||
| <ha-markdown | ||
| .content=${this._computeStepDescription(step)} | ||
| ></ha-markdown> | ||
| ` | ||
| : html``}`; |
There was a problem hiding this comment.
| return html` ${this._computeStepDescription(step) | |
| ? html` | |
| <ha-markdown | |
| .content=${this._computeStepDescription(step)} | |
| ></ha-markdown> | |
| ` | |
| : html``}`; | |
| const description = this._computeStepDescription(step) | |
| return description ? html` | |
| <ha-markdown | |
| .content=${description} | |
| ></ha-markdown> | |
| : ""}; |
| this._state = "error"; | ||
| this._errorMessage = "Login window was blocked, please allow popups."; |
There was a problem hiding this comment.
Give the user the option to open it manually, browsers often do allow opening a window with user interaction
|
|
||
| const newStep = await response.json(); | ||
|
|
||
| if (response.status === 403) { |
|
Thanks for the review! I will refactor it a bit and add a button to trigger the new tab if it does not open. One question for me remains open: what's your opinion on if window.open is the right call here? It's the legacy way to do OpenID Connect (with popups) so it works (at least on PC), but I don't see it working well on mobile. |
|
Check the examples at https://developer.mozilla.org/en-US/docs/Web/API/Window/open#examples |
|
Because of https://developer.mozilla.org/en-US/docs/Web/API/Window/open#avoid_resorting_to_window.open, I would like to avoid window.open, is registering a callback route an option here? Would that work in general with the flow steps? I will look into it in the weekend. |
|
Callback requires backend support, but yeah I think that is the best way. |
|
There hasn't been any activity on this pull request recently. This pull request has been automatically marked as stale because of that and will be closed if no further activity occurs within 7 days. |
|
Still interested in this, but it is stale, I would welcome other contributors. This is blocking OpenID Connect extension options. |
Proposed change
Many authentication methods use external steps, such as OpenID Connect, which requests a redirect to the Identity Provider, which is then returned with a callback to the app. While there seems to be no current intention to add these types of providers to home-assistant/core, it is also not possible to create external plugins implementing these features, because the DataEntryFlowStepExternal step is not supported on the login screen (
/auth/authorize) in the frontend.This PR proposes adding this feature, such that custom components/integrations/plugins implementing these types of authentication providers can be created. Request for this from the community seems big enough to create such a plugin.
Type of change
Example configuration
You can use the current version of https://github.com/christiaangoossens/hass-oidc-auth, which is a minimal plugin (installed by adding it to the
custom_componentsdirectory and addingauth_oidc:to the configuration yaml), that only implements a callback and a screen calling this DataEntryFlowStepExternal. If you receive a console output of "value" after completing the entire flow, the integration is successful.Additional information
PR is heavily inspired by #5258, but this time aims to make the functionality usable in external plugins, instead of the core backend.
Currently, a very basic initial implementation was submitted to demonstrate the idea, however, I would like to find a way to make this work on Android and iOS, preferably by using the native browser, and to not use popups/new tabs on the desktop but instead redirect and redirect back. Advice on how to proceed is welcome, both from the frontend and mobile teams.
Checklist
If user exposed functionality or configuration variables are added/changed:
Further steps that need to be done: