- HA = Home-Assistant
- 翻译自HA官方开发者文档,中英文对照,老少咸宜。
- 本页原文更新于几个月前,所以译者认为文中有些意思表达可能会有些过时,请留意。
- 8月26日更新,修改了一些不确切的表述
身份认证(Authentication)
认证就是确认用户的身份,HA的身份认证系统,是0.69及更高版本中,引入的实验性和未完成的API(应用程序接口)。默认情况下系统不会启用此功能,它不会保留在磁盘中,也不适合在产品中使用。
This is an experimental and unfinished API introduced in Home Assistant 0.69 and later. This is not enabled by default, it's not persisted to disk and should not be used in production.
HA拥有内置的认证系统,允许不同的用户与HA进行交互。该系统由多个部分组成。
Home Assistant has a built-in authentication system allowing different users to interact with Home Assistant. The authentication system consist of various parts.
下图表述未改
认证模型(Authentication providers)
译者注:
Authentication providers直译为认证提供者,或者提供认证方式的程序,但是楼主觉得这么翻译太不接地气,故按自己的理解翻译为认证模型。相比于认证的框架来讲,认证模型是具体的定义认证方式的逻辑。
认证模型用来实现用户身份的认证。由认证模型来选择认证的方式和使用的后台。默认情况下,我们启用HA内置的认证模型,该模型将用户信息安全地存储在配置目录中。
An authentication provider is used for users to authenticate themselves. It's up to the authentication provider to choose the method of authentication and the backend to use. By default we enable the built-in Home Assistant authentication provider which stores the users securely inside your configuration directory.
所有准备投入使用的认证模型,都要以特定方式写在configuration.yaml
文件中。相同的认证模型可以激活多个实例。在这种情况下,每个实例都将由唯一的标识符所标识。而同类型(Type)的多个认证模型不会共享凭证信息。
The authentication providers that Home Assistant will use are specified inside configuration.yaml
. It is possible to have multiple instances of the same authentication provider active. In that case, each will be identified by a unique identifier. Authentication providers of the same type will not share credentials.
凭证信息(Credentials)
凭证信息用来保存用户从特定的认证模型那里取得的认证。该信息是在用户成功通过认证时生成的。随后,系统会查找该用户,若该用户不存在,则系统将创建一个新的该用户。但是,这个用户不会被激活,而是需要HA所有者(Owner)的批准才会被激活。
Credentials store the authentication of a user with a specific authentication provider. It is produced when a user successfully authenticates. It will allow the system to find the user in our system. If the user does not exist, a new user will be created. This user will not be activated but will require approval by the owner.
每个用户可以关联多个凭证信息。但是,每个特定的认证模型只能有一个凭证信息。
It is possible for a user to have multiple credentials linked to it. However, it can only have a single credential per specific authentication provider.
用户(Users)
谁都可以是系统中的用户。但是,若要以特定的用户身份登录,必须使用任意的关联到该用户的认证模型来进行认证。用户登录后,将获得刷新令牌(Refresh Token)和访问令牌(Access Token),从而可以向HA发出请求。
Each person is a user in the system. To log in as a specific user, authenticate with any of the authentication providers that are linked to this user. When a user logs in, it will get a refresh and an access token to make requests to Home Assistant.
所有者(Owner)
所有者是一个特殊的用户,登录HA的第一个用户将被标记为所有者。该用户可以管理所有的用户。
The first user to log in to Home Assistant will be marked as the owner. This user is able to manage users.
客户端(Clients)
客户端是用户用来访问HA API的应用程序。每个客户端都有1个客户端标识符(client id),1个重定向URI(redirect uri)和1个可选的客户端密钥(client secret)。重定向URI用于在授权成功后重定向用户。
Clients are applications that users use to access the Home Assistant API. Each client has a client identifier, a redirect uri and an optional client secret. The redirect uri is used to redirect the user after it has successfully authorized.
访问和刷新令牌(Access and refresh tokens)
当用户通过HA授权成功,客户端会获得一个授权码(Authorization Code)。此授权码可用于取得访问令牌(Access Token)和刷新令牌(Refresh Token)。访问令牌是有有效期的,当访问令牌失效时,可以通过刷新令牌来保持访问令牌的有效性,直到用户删除它为止。
The client will be provided with an authorization code when a user successfully authorizes with Home Assistant. This code can be used to retrieve an access and a refresh token. The access token will have a limited lifetime while refresh tokens will remain valid until a user deletes it.
访问令牌用于访问HA API。刷新令牌用于取得新的有效访问令牌。
The access token is used to access the Home Assistant APIs. The refresh token is used to retrieve a new valid access token.