@patrick When might we be able to expect access control to HE Dashboard cloud link? I'm reluctant to put Dashboard into use, as anyone with the cloud link would have control of the home automation devices I add, in the absence of any user access control.
What type of access control are you wanting? Every app that uses oauth2 exposes a token and can be accessed remotely as well as internally.
OAUTH2 is access control. The token is a "password". We can add the ability to generate and expire tokens for dashboard.
What we discussed internally is adding the option to have a switch to enable/disable the cloud connection to an app.
We don't have a way at the moment to determine if an incoming request is remote or local. However, another option would be to add a challenge / response (pin, password, etc.) to a dashboard and check it on load. This would be for each dashboard but not able to do only cloud links.
Both are viable and could probably be done.
This sounds like a reasonable trade-off, for the ability to control the access. As long as the challenge response is salted.