Help with auth when using docker

[AllergicToGrass]

Hello, I've been having stability issues with MA running on my rpi4 running HAOS. I don't have much time to track down the issue but I assume it's possibly due to low RAM; not sure. All I know is that HAOS intermittently locks up and has to reload which can take anywhere from 60 seconds to minutes when I have MA installed and playing music to my sonos.

Anyway, I decided to run MA in a docker container on a separate server. I added MA to the HA dashboard as a "webpage". Everything is working great except now each device I have logged into HA needs to also login to MA before being able to control MA. When running MA as an app inside HAOS, I'm pretty sure I only had to login once and then everyone in the household could use it. Is there a way to have HA handle auth or maybe just put the user and password in the url when adding it to the dashboard?

If not, no worries, I realize the docker container isn't the recommended way to run MA.

EDIT: When I click on MA in the HA app on an iOS device, I see a button that says "Sign in with Home Assistant" but it just takes me to a blank page; nothing loads. I'm hoping I just have something misconfigured or maybe I missed a setting somewhere

Thanks

[yudin-s]

Standalone Docker MA is a separate web app with its own session cookie, so Home Assistant will not automatically log the browser into it just because the UI is embedded in a HA dashboard iframe.

The add-on case feels different because the browser reaches Music Assistant through Home Assistant's add-on/ingress integration. Once MA runs as a separate Docker service, the dashboard "webpage" card is just loading another origin. Each phone/tablet/browser then needs a valid MA session for that origin.

I would avoid username/password-in-the-URL workarounds. They are commonly blocked by modern login flows, leak into browser history/logs, and still do not reliably create the cookie that the standalone UI expects.

The realistic choices are:

• use the HA add-on when you want HA-managed ingress-style access;
• keep the standalone Docker setup and let each device log in to MA once;
• put the standalone MA URL behind a reverse proxy or SSO layer if you already run one and want central auth outside Home Assistant.

Moving MA off the HAOS box can still be the right stability test for the RPi4; it just changes the auth boundary from "inside Home Assistant" to "separate service".

If that explains the iframe behavior, marking this as answered would help other Docker users avoid chasing URL-login fixes.

[AllergicToGrass]

Damn, looks like I might have to try and upgrade my HA server 😞. Thanks for the response

[AllergicToGrass]

If anyone else comes across this, use at your own risk:

http://<MA IP>:<port>/?code=<MA long lived token>

My setup:

• I access my HA instance via a domain that points to a reverse proxy on my network that utilizes ssl
• http iframes don't currently work in HA if HA is accessed via https
• I configured my HA apps to connect to HA using the internal network IP and port when on my home network, and the domain when I'm not
• I created a basic MA user and long lived access token for the url above

Effectively, this means when I'm not on my network, I can still access HA but when I tap on MA, I get an error. When I connect back to my network, that error goes away and I can connect to MA without having to login on every device. I figure if someone I haven't authorized is able to use that token to control MA, I have bigger problems 🤷‍♂️

link to instructions