[GH-ISSUE #1141] Secure Key Login failed on HomeAssistant #1778

Closed
opened 2026-04-16 08:35:42 -05:00 by GiteaMirror · 13 comments
Owner

Originally created by @isibizi on GitHub (Jul 27, 2025).
Original GitHub issue: https://github.com/fosrl/pangolin/issues/1141

Hi, I have the newest version of Pangolin with secure key login. SSO sign-in with secure key is not possible and I see this message.

Image
Originally created by @isibizi on GitHub (Jul 27, 2025). Original GitHub issue: https://github.com/fosrl/pangolin/issues/1141 Hi, I have the newest version of Pangolin with secure key login. SSO sign-in with secure key is not possible and I see this message. <img width="1290" height="2796" alt="Image" src="https://github.com/user-attachments/assets/2ad03eb8-e5d4-4a1f-9391-94e188f7355a" />
GiteaMirror added the stale label 2026-04-16 08:35:42 -05:00
Author
Owner

@adrianeastles commented on GitHub (Jul 28, 2025):

Are you able to login to other resources or the main pangolin url using the security key?

<!-- gh-comment-id:3129869371 --> @adrianeastles commented on GitHub (Jul 28, 2025): Are you able to login to other resources or the main pangolin url using the security key?
Author
Owner

@isibizi commented on GitHub (Jul 28, 2025):

Yes, only with secure key in home Assistant it is not possible to login.

<!-- gh-comment-id:3129889688 --> @isibizi commented on GitHub (Jul 28, 2025): Yes, only with secure key in home Assistant it is not possible to login.
Author
Owner

@Crashman1983 commented on GitHub (Jul 29, 2025):

This is within the mobile companion app, right? Same for me using Authentik. It seems, like HA Companion App does not have access to credentials like passkeys.

<!-- gh-comment-id:3131249274 --> @Crashman1983 commented on GitHub (Jul 29, 2025): This is within the mobile companion app, right? Same for me using Authentik. It seems, like HA Companion App does not have access to credentials like passkeys.
Author
Owner

@isibizi commented on GitHub (Jul 29, 2025):

Yes, right. This issue is in the companion app.

<!-- gh-comment-id:3131258716 --> @isibizi commented on GitHub (Jul 29, 2025): Yes, right. This issue is in the companion app.
Author
Owner

@adrianeastles commented on GitHub (Jul 29, 2025):

To configure bypass rules for the Companion App, please refer to the following documentation: https://docs.fossorial.io/Pangolin/bypass-rules#:~:text=Home%20Automation-,Home%20Assistant.

While an integration with Home Assistant and OIDC (OpenID Connect) was being explored to address this. You can find the related project here: https://github.com/christiaangoossens/hass-oidc-auth.

Please be aware: The OIDC integration is an alpha release and comes with no guarantees regarding code quality, error handling, or security. Use it at your own risk.

<!-- gh-comment-id:3131286276 --> @adrianeastles commented on GitHub (Jul 29, 2025): To configure bypass rules for the **Companion App**, please refer to the following documentation: [https://docs.fossorial.io/Pangolin/bypass-rules#:~:text=Home%20Automation-,Home%20Assistant](https://docs.fossorial.io/Pangolin/bypass-rules#:~:text=Home%20Automation-,Home%20Assistant). While an integration with Home Assistant and OIDC (OpenID Connect) was being explored to address this. You can find the related project here: [https://github.com/christiaangoossens/hass-oidc-auth](https://github.com/christiaangoossens/hass-oidc-auth). **Please be aware:** The OIDC integration is an **alpha release** and comes with no guarantees regarding code quality, error handling, or security. Use it at your own risk.
Author
Owner

@isibizi commented on GitHub (Jul 29, 2025):

The rules are already configured.

<!-- gh-comment-id:3131354932 --> @isibizi commented on GitHub (Jul 29, 2025): The rules are already configured.
Author
Owner

@isibizi commented on GitHub (Jul 30, 2025):

It‘s not supported by the app

https://github.com/home-assistant/iOS/issues/3753

<!-- gh-comment-id:3135201169 --> @isibizi commented on GitHub (Jul 30, 2025): It‘s not supported by the app https://github.com/home-assistant/iOS/issues/3753
Author
Owner

@Crashman1983 commented on GitHub (Jul 30, 2025):

I get the impression that they are more concerned with secure (and paid) access via Nabu Casa than with the wishes of users. Many other tickets with similar requests, such as support for OIDC, have also been closed.
But perhaps there is also a lack of manpower.

<!-- gh-comment-id:3135566285 --> @Crashman1983 commented on GitHub (Jul 30, 2025): I get the impression that they are more concerned with secure (and paid) access via Nabu Casa than with the wishes of users. Many other tickets with similar requests, such as support for OIDC, have also been closed. But perhaps there is also a lack of manpower.
Author
Owner

@bgoncal commented on GitHub (Jul 30, 2025):

Don't be unfair spreading false information.

For whoever wants to read the reasoning behind it, here is my answer given to @Crashman1983
https://github.com/home-assistant/iOS/issues/3753#issuecomment-3135565927

Also here the officially supported remote connection options by the App:
https://github.com/home-assistant/iOS/issues/3575

Also here more context around it:
https://github.com/home-assistant/iOS/discussions/1719#discussioncomment-11890841

<!-- gh-comment-id:3135593695 --> @bgoncal commented on GitHub (Jul 30, 2025): Don't be unfair spreading false information. For whoever wants to read the reasoning behind it, here is my answer given to @Crashman1983 https://github.com/home-assistant/iOS/issues/3753#issuecomment-3135565927 Also here the officially supported remote connection options by the App: https://github.com/home-assistant/iOS/issues/3575 Also here more context around it: https://github.com/home-assistant/iOS/discussions/1719#discussioncomment-11890841
Author
Owner

@bgoncal commented on GitHub (Jul 30, 2025):

Thanks for the edited comment, but it's still a wrong impression.

<!-- gh-comment-id:3136122263 --> @bgoncal commented on GitHub (Jul 30, 2025): Thanks for the edited comment, but it's still a wrong impression.
Author
Owner

@LaurenceJJones commented on GitHub (Jul 31, 2025):

Should be now semi mitigated by 1.8.0 with the ability to log in with user/password if security keys are configured 053acef728 but the application does not have support for triggering or interacting via FIDO

which I agree with @bgoncal its not as simple as "enable it", it takes time to make sure the application can interact and use these securely

<!-- gh-comment-id:3139346508 --> @LaurenceJJones commented on GitHub (Jul 31, 2025): Should be now semi mitigated by 1.8.0 with the ability to log in with user/password if security keys are configured https://github.com/fosrl/pangolin/pull/1172/commits/053acef7283da3b6bed00d9334340dfe3e01d959 but the application does not have support for triggering or interacting via FIDO which I agree with @bgoncal its not as simple as "enable it", it takes time to make sure the application can interact and use these securely
Author
Owner

@github-actions[bot] commented on GitHub (Aug 15, 2025):

This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.

<!-- gh-comment-id:3190276579 --> @github-actions[bot] commented on GitHub (Aug 15, 2025): This issue has been automatically marked as stale due to 14 days of inactivity. It will be closed in 14 days if no further activity occurs.
Author
Owner

@github-actions[bot] commented on GitHub (Aug 30, 2025):

This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.

<!-- gh-comment-id:3238756309 --> @github-actions[bot] commented on GitHub (Aug 30, 2025): This issue has been automatically closed due to inactivity. If you believe this is still relevant, please open a new issue with up-to-date information.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/pangolin#1778