Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Deprecate http.api_password #21884
For example, if you have following configuration in previous release
# prior 0.90 homeassistant: auth_providers: - type: homeassistant - type: legacy_api_password http: api_password: 12345678
You will get invalid configuration error in 0.90, because
# after 0.90 homeassistant: auth_providers: - type: homeassistant - type: legacy_api_password api_password: 12345678 http:
However, if you don't have
# prior 0.90 homeassistant: http: api_password: 12345678
We will give your more time to migrate your configuration, your HA system can still start up, we will load a legacy_api_password auth provider with api_password for you. However, you will receive a warning message to remind you change to the new configuration.
Please note, api_password authentication will eventually be removed, we advise user change to use one of other authentication methods.
This PR is one more step towards our goal to remove api_password entirely. Now, api_password no long lives in http component, all logic moved to legacy_api_password auth provider.
This PR does not change the way we do authentication, use api_password in query or header is still valid method, but we will print out INFO level log to remind user move away from those method. I am planning increase them to WARN level maybe in 0.91 release.
Related issue (if applicable): fixes #
Example entry for