Selora AI: OAuth 2.0 Authentication
Bring OAuth 2.0 authentication to the Selora AI MCP server to improve security and user experience.
Roadmap
Ai
Oauth
Security
Home Assistant
Roadmap
Roadmap, Ai, Oauth, Security, Home AssistantBring OAuth 2.0 authentication to the Selora AI MCP server to improve security and user experience.Search results
Summary
Bring OAuth 2.0 authentication to the Selora AI MCP server to improve security and user experience. This replaces the current manual Home Assistant long-lived token workflow with a standard OAuth 2.0 flow using short-lived, refreshed tokens.
Value
- Improved UX: Users no longer need to navigate Home Assistant settings to manually generate and copy long-lived tokens.
- Enhanced Security: Short-lived tokens with automatic refresh reduce the risk associated with token theft or accidental sharing.
- Standardized Auth: Aligns with industry best practices (RFC 6749, PKCE) for third-party integrations.
- Revocability: Users can revoke Selora AI access directly from Home Assistant without hunting for stale tokens.
Scope
- OAuth 2.0 Implementation: Support for authorization code flow with PKCE (RFC 7636).
- Token Management: Secure storage and automatic refreshing of access tokens.
- MCP Server Integration: Update the Selora AI MCP server to handle OAuth-based authentication with Home Assistant.
- User Interface: Simple “Connect to Home Assistant” button in the MCP client.
Target customers
- Homeowners (ease of setup and security)
- Developers (standardized integration pattern)
Dependencies
- Selora Smart Agent (Epic #5): GitLab epic #5
- Infrastructure (Epic #7): GitLab epic #7
Last modified April 7, 2026: Selora AI: OAuth 2.0 Authentication (837ad4a)