This repository has been archived by the owner on Jun 16, 2024. It is now read-only.
Cryptographic token generation for removing many getting started steps #65
Comments
|
The core contributor Home Assistant team is working on this currently and has been for a few months. That's the main reason why I made it possible to pass in the config object :). |
|
Can you elaborate more @robbiet480? I've seen no mention of this on the HA side, and am curious how such an implementation would look. |
|
The core contributors would operate a cloud service that allows secure linking of your Home Assistant instance(s). That cloud service would provide Alexa as a service, along with some other cloud functionality which you can imagine (cough DynDNS)... |
|
I do certainly hope this is coming soon, because it would greatly improve the user experience for things like alexa, especially with the new video skill. |
Closed
|
cough home-assistant/core#9208 |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
One of the things I really want is to give more users access to the cool features of haaska in a way that would be substantially easier for them to set up. Which by far the hardest part of setting up haaska is the getting the amazon login, alexa skill, and lambda stuff set up correctly.
All these steps could be avoided if we did the following:
Submit the HAASKA Smart Home Skill to amazon for publishing.
Generate the token by encrypting the user credentials. (hostname, port, ha password)
Queries to haaska will be forwarded to the appropriate ha install based on decryption of the token.
This seems to avoid us hosting our own database that links tokens to a specific user, meaning that there will be no database for the user to compromise. Also, alexa itself already encrypts the entire payload so our token would essentially be double encrypted in transport.
The only downside I see to this is someone would be required to host the haaska lambda instance and incur and associated costs, but I suspect this would be either zero (for less than 1 million requests) or very small.
Clearly this would mean that the person hosting the haaska instance could potentially capture user data, but that is a risk for using any cloud service. So building user trust by not logging tokens and continually providing the entire codebase for review would be our biggest ally.
@trisk @auchter what do you think?
The text was updated successfully, but these errors were encountered: