this post was submitted on 17 Mar 2026
118 points (97.6% liked)

Selfhosted

57684 readers
2828 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

  7. No low-effort posts. This is subjective and will largely be determined by the community member reports.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
HybridSarcasm@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
118
Single Sign in for Home Assistant now possible with OpenID (github.com)
submitted 2 days ago by Lem453@lemmy.ca to c/selfhosted@lemmy.world
19 comments fedilink hide all child comments
 

This is a hugely requested feature for many years and a huge hole in my entire self hosted ecosystem. Every self-hosted app I have connects to my Authentik system for user management... Except home assistant. Arguably one of the apps I need it for the most for the whole family to use with their accounts.

Devs have been resistant for some reason.

There is now a community integratation that allows user management for HA to be via any openID backend (authentik, keycloak etc).

I've been running it for a few days and it works perfectly. Very easy to setup if you already have a working authentik setup and know how to use it with other apps like immich.

you are viewing a single comment's thread
view the rest of the comments
[–] femtek@lemmy.blahaj.zone 1 points 1 day ago (1 children)

You can self host the authentication outside of the Internet.

[–] irotsoma@piefed.blahaj.zone 1 points 20 hours ago

Problem is that the user has to be presented that webpage anf the results have to make their way back to teach component. If you have a bunch of microservices that aren't user facing (whether internet or private network) then how do those services get the user data to do their things. Monolithic server applications are bad practice outside of extremely simple web apps if you want something scalable. So you still need a database of local users that the services can share privately. That means a built-in user database that is just linked to the SSO user by the service that is user facing. Otherwise, all micro-services have to authenticate separately with the user once every time the token expires. Which means lots of browser sessions somehow getting from a micro-service with no web front end to the user.

Anyway, just an example, but when a local user database is required anyway, then SSO is always addition development work and exerts possibly significant limitations on the application architecture. This is why it's not commonly implemented at first. There needs to be better protocols that are open source and well tested. OIDC is my current favorite in many cases, but it has limitations like logging out or switching between users on the same browser is a pain. Most proprietary apps use proprietary solutions because of the limitations and they feel (often incorrectly) like it's obfuscated enough to not be susceptible to attacks despite the simplicity. Doing SSO right is hard, so having to implement something from scratch isn't feasible and when done is usually vulnerable.