EDIT: I’m afraid I jumped to some early conclusions and should have had some more flesh on my bones before writing the below post. I, for example, understand that third party UIs/administration dashboards etc. perhaps can’t be easily integrated in some standard openHAB authentication flow. But when discussing authentication and separate authentication methods I was mainly thinking of separating the access and authentications methods for the API and the OpenHAB2 dashboard.
Hi there!
I’ve had plans on rolling my own home automation system for a while now, but I’ve come to the conclusion that my time is way too limited. Therefore I’m looking into a hybrid approach, where I’ll perhaps will be designing some custom hardware (will be quite a lot cheaper than for example commercial z-wave equipment even if I’ll be making very small batches) communicating mainly over BLE and Wifi as well as I will be using some off the shelf Z-Wave products. My goal is to then put everything together with the help of OpenHAB.
I’m working as a software developer (mostly full stack web development at the time) but I’ve mainly been studying embedded systems so I feel quite at home within the field in general. Though I’m very new to openHAB.
I just installed OpenHAB 2 on a small server and for my needs I think the REST API looks pretty great. I haven’t had much time to really get into the openHAB platform yet though, but I have got a few questions for you regarding security and authorization/authentication. Based on what I’ve read in the documentation it seems like you’re mainly recommending to let a reverse proxy take care of the authentication parts. Is there a good reason of why to do this (other than needing to put less work on integrating various authentication methods in the openHAB platform)?
EDIT: I
I for example would probably prefer to go with some kind of token auth (jwt) when communicating with the openHAB REST api. In order to use it simply and secure from all kinds of different client devices. Though there might be reasons of why I (or some one else) would like to access other parts (different admin UIs etc.) through other authentication methods. In such use cases it just feels like depending on a third party reverse proxy can be a bit cumbersome. And I can also see how it can feel a bit daunting and cumbersome for someone a bit less experienced who just wants to have external access to for example HABpanel.
To me, personally, it feels like it would make sense to try to incorporate as many parts as possible in the “standard” openHAB ecosystem to lower the dependency of other software and also make it easier for beginner users.
What are your thoughts about this? Perhaps there is already a roadmap or similar somewhere which includes this? Or is there somewhere I can read about the future goals of the openHAB 2 development? Or maybe I’ve missed some important information about openHAB in general which makes me ask extremely stupid questions (then please tell me!). As I said, I haven’t been looking into openHAB that much yet, so there’s a lot I don’t know. Though I’m pretty sure that I will be using openHAB for my future automation plans, as it does indeed seem to be one of the most extensive and customizable (open source) platforms existing today.