Skip to main content
Selora Homes Selora Homes

Selora AI MCP Server: OAuth 2.0 Authentication

Bring OAuth 2.0 authentication to the Selora AI MCP server for secure Home Assistant connections, replacing manual long-lived tokens.

Roadmap Ai Mcp Oauth Security Home Assistant

Summary

Add OAuth 2.0 authentication to the Selora AI MCP server so that external MCP clients (e.g. Claude Desktop, Cursor) can connect securely to a user’s Home Assistant instance. This replaces the current manual long-lived token workflow with a standard OAuth 2.0 authorization code flow using short-lived, automatically refreshed tokens.

Value

  • Improved UX: Users no longer need to navigate Home Assistant settings to manually generate and copy long-lived tokens. For Selora Hub users, connecting is a one-click experience — the OAuth flow is pre-configured out of the box.
  • Enhanced Security: Short-lived tokens with automatic refresh reduce the risk associated with token theft or accidental sharing.
  • Standardized Auth: Aligns with industry best practices (RFC 6749, PKCE) for third-party integrations.
  • Revocability: Users can revoke Selora AI access directly from Home Assistant without hunting for stale tokens.

Scope

  • OAuth 2.0 Implementation: Support for authorization code flow with PKCE (RFC 7636).
  • Token Management: Secure storage and automatic refreshing of access tokens.
  • MCP Server Integration: Update the Selora AI MCP server to handle OAuth-based authentication with Home Assistant.
  • User Interface: Simple “Connect to Home Assistant” button in the MCP client.

Target customers

  • Homeowners (ease of setup and security)
  • Developers (standardized integration pattern)

Dependencies

Type to search across cities, counties, and installers

↑↓ navigate open
⌘K search