Bumped version to 0.77.0b2

Add new translations
Update translations
2018-08-26 22:53:20 +02:00 · 2018-08-26 22:53:08 +02:00 · 2018-08-26 22:53:08 +02:00 · 2018-08-26 22:51:19 +02:00 · 2018-08-26 22:51:18 +02:00 · 2018-08-26 22:51:18 +02:00
1712 changed files with 32677 additions and 13422 deletions
--- a/.coveragerc
+++ b/.coveragerc
@@ -64,6 +64,8 @@ omit =
    homeassistant/components/cast/*
    homeassistant/components/*/cast.py

+    homeassistant/components/cloudflare.py
+
    homeassistant/components/comfoconnect.py
    homeassistant/components/*/comfoconnect.py

@@ -102,6 +104,9 @@ omit =
    homeassistant/components/fritzbox.py
    homeassistant/components/switch/fritzbox.py

+    homeassistant/components/ecovacs.py
+    homeassistant/components/*/ecovacs.py
+
    homeassistant/components/eufy.py
    homeassistant/components/*/eufy.py

@@ -111,6 +116,12 @@ omit =
    homeassistant/components/google.py
    homeassistant/components/*/google.py

+    homeassistant/components/hangouts/__init__.py
+    homeassistant/components/hangouts/const.py
+    homeassistant/components/hangouts/hangouts_bot.py
+    homeassistant/components/hangouts/hangups_utils.py
+    homeassistant/components/*/hangouts.py    
+
    homeassistant/components/hdmi_cec.py
    homeassistant/components/*/hdmi_cec.py

@@ -131,12 +142,13 @@ omit =

    homeassistant/components/ihc/*
    homeassistant/components/*/ihc.py
+    
+    homeassistant/components/insteon/*
+    homeassistant/components/*/insteon.py

    homeassistant/components/insteon_local.py
-    homeassistant/components/*/insteon_local.py
-
-    homeassistant/components/insteon_plm/*
-    homeassistant/components/*/insteon_plm.py
+    
+    homeassistant/components/insteon_plm.py

    homeassistant/components/ios.py
    homeassistant/components/*/ios.py
@@ -192,7 +204,7 @@ omit =
    homeassistant/components/mychevy.py
    homeassistant/components/*/mychevy.py

-    homeassistant/components/mysensors.py
+    homeassistant/components/mysensors/*
    homeassistant/components/*/mysensors.py

    homeassistant/components/neato.py
@@ -213,6 +225,9 @@ omit =
    homeassistant/components/opencv.py
    homeassistant/components/*/opencv.py

+    homeassistant/components/openuv.py
+    homeassistant/components/*/openuv.py
+
    homeassistant/components/pilight.py
    homeassistant/components/*/pilight.py

@@ -249,6 +264,9 @@ omit =
    homeassistant/components/scsgate.py
    homeassistant/components/*/scsgate.py

+    homeassistant/components/sisyphus.py
+    homeassistant/components/*/sisyphus.py
+
    homeassistant/components/skybell.py
    homeassistant/components/*/skybell.py

@@ -341,6 +359,12 @@ omit =
    homeassistant/components/zoneminder.py
    homeassistant/components/*/zoneminder.py

+    homeassistant/components/tuya.py
+    homeassistant/components/*/tuya.py
+
+    homeassistant/components/spider.py
+    homeassistant/components/*/spider.py
+
    homeassistant/components/alarm_control_panel/alarmdotcom.py
    homeassistant/components/alarm_control_panel/canary.py
    homeassistant/components/alarm_control_panel/concord232.py
@@ -393,6 +417,8 @@ omit =
    homeassistant/components/climate/touchline.py
    homeassistant/components/climate/venstar.py
    homeassistant/components/climate/zhong_hong.py
+    homeassistant/components/cover/aladdin_connect.py
+    homeassistant/components/cover/brunt.py
    homeassistant/components/cover/garadget.py
    homeassistant/components/cover/gogogate2.py
    homeassistant/components/cover/homematic.py
@@ -427,6 +453,7 @@ omit =
    homeassistant/components/device_tracker/netgear.py
    homeassistant/components/device_tracker/nmap_tracker.py
    homeassistant/components/device_tracker/ping.py
+    homeassistant/components/device_tracker/ritassist.py
    homeassistant/components/device_tracker/sky_hub.py
    homeassistant/components/device_tracker/snmp.py
    homeassistant/components/device_tracker/swisscom.py
@@ -456,6 +483,7 @@ omit =
    homeassistant/components/light/decora_wifi.py
    homeassistant/components/light/decora.py
    homeassistant/components/light/flux_led.py
+    homeassistant/components/light/futurenow.py
    homeassistant/components/light/greenwave.py
    homeassistant/components/light/hue.py
    homeassistant/components/light/hyperion.py
@@ -495,6 +523,7 @@ omit =
    homeassistant/components/media_player/denon.py
    homeassistant/components/media_player/denonavr.py
    homeassistant/components/media_player/directv.py
+    homeassistant/components/media_player/dlna_dmr.py
    homeassistant/components/media_player/dunehd.py
    homeassistant/components/media_player/emby.py
    homeassistant/components/media_player/epson.py
@@ -518,6 +547,7 @@ omit =
    homeassistant/components/media_player/pandora.py
    homeassistant/components/media_player/philips_js.py
    homeassistant/components/media_player/pioneer.py
+    homeassistant/components/media_player/pjlink.py
    homeassistant/components/media_player/plex.py
    homeassistant/components/media_player/roku.py
    homeassistant/components/media_player/russound_rio.py
@@ -612,11 +642,13 @@ omit =
    homeassistant/components/sensor/domain_expiry.py
    homeassistant/components/sensor/dte_energy_bridge.py
    homeassistant/components/sensor/dublin_bus_transport.py
+    homeassistant/components/sensor/duke_energy.py
    homeassistant/components/sensor/dwd_weather_warnings.py
    homeassistant/components/sensor/ebox.py
    homeassistant/components/sensor/eddystone_temperature.py
    homeassistant/components/sensor/eliqonline.py
    homeassistant/components/sensor/emoncms.py
+    homeassistant/components/sensor/enphase_envoy.py
    homeassistant/components/sensor/envirophat.py
    homeassistant/components/sensor/etherscan.py
    homeassistant/components/sensor/fastdotcom.py
@@ -651,6 +683,7 @@ omit =
    homeassistant/components/sensor/loopenergy.py
    homeassistant/components/sensor/luftdaten.py
    homeassistant/components/sensor/lyft.py
+    homeassistant/components/sensor/magicseaweed.py
    homeassistant/components/sensor/metoffice.py
    homeassistant/components/sensor/miflora.py
    homeassistant/components/sensor/mitemp_bt.py
@@ -660,7 +693,9 @@ omit =
    homeassistant/components/sensor/mvglive.py
    homeassistant/components/sensor/nederlandse_spoorwegen.py
    homeassistant/components/sensor/netdata.py
+    homeassistant/components/sensor/netdata_public.py
    homeassistant/components/sensor/neurio_energy.py
+    homeassistant/components/sensor/noaa_tides.py
    homeassistant/components/sensor/nsw_fuel_station.py
    homeassistant/components/sensor/nut.py
    homeassistant/components/sensor/nzbget.py
--- a/.gitignore
+++ b/.gitignore
@@ -107,3 +107,6 @@ desktop.ini

 # Secrets
 .lokalise_token
+
+# monkeytype
+monkeytype.sqlite3
--- a/.isort.cfg
+++ b/.isort.cfg
@@ -0,0 +1,2 @@
+[settings]
+multi_line_output=4
--- a/.travis.yml
+++ b/.travis.yml
@@ -13,14 +13,21 @@ matrix:
    - python: "3.5.3"
      env: TOXENV=typing
    - python: "3.5.3"
-      env: TOXENV=py35
+      env: TOXENV=cov
+      after_success: coveralls
    - python: "3.6"
      env: TOXENV=py36
-    # - python: "3.6-dev"
-    #   env: TOXENV=py36
-  # allow_failures:
-  #   - python: "3.5"
-  #     env: TOXENV=typing
+    - python: "3.7"
+      env: TOXENV=py37
+      dist: xenial
+    - python: "3.8-dev"
+      env: TOXENV=py38
+      dist: xenial
+      if: branch = dev AND type = push
+  allow_failures:
+    - python: "3.8-dev"
+      env: TOXENV=py38
+      dist: xenial

 cache:
  directories:
@@ -39,4 +46,3 @@ deploy:
  on:
    branch: dev
    condition: $TOXENV = lint
-after_success: coveralls
--- a/4
+++ b/4
@@ -87,6 +87,8 @@ homeassistant/components/*/axis.py @kane610
 homeassistant/components/*/bmw_connected_drive.py @ChristianKuehnel
 homeassistant/components/*/broadlink.py @danielhiversen
 homeassistant/components/*/deconz.py @kane610
+homeassistant/components/ecovacs.py @OverloadUT
+homeassistant/components/*/ecovacs.py @OverloadUT
 homeassistant/components/eight_sleep.py @mezz64
 homeassistant/components/*/eight_sleep.py @mezz64
 homeassistant/components/hive.py @Rendili @KJonline
@@ -98,6 +100,8 @@ homeassistant/components/konnected.py @heythisisnate
 homeassistant/components/*/konnected.py @heythisisnate
 homeassistant/components/matrix.py @tinloaf
 homeassistant/components/*/matrix.py @tinloaf
+homeassistant/components/openuv.py @bachya
+homeassistant/components/*/openuv.py @bachya
 homeassistant/components/qwikswitch.py @kellerza
 homeassistant/components/*/qwikswitch.py @kellerza
 homeassistant/components/rainmachine/* @bachya
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,6 +1,6 @@
 # Contributing to Home Assistant

-Everybody is invited and welcome to contribute to Home Assistant. There is a lot to do...if you are not a developer perhaps you would like to help with the documentation on [home-assistant.io](https://home-assistant.io/)? If you are a developer and have devices in your home which aren't working with Home Assistant yet, why not spent a couple of hours and help to integrate them?
+Everybody is invited and welcome to contribute to Home Assistant. There is a lot to do...if you are not a developer perhaps you would like to help with the documentation on [home-assistant.io](https://home-assistant.io/)? If you are a developer and have devices in your home which aren't working with Home Assistant yet, why not spend a couple of hours and help to integrate them?

 The process is straight-forward.

--- a/1
+++ b/1
@@ -10,7 +10,6 @@ LABEL maintainer="Paulus Schoutsen <Paulus@PaulusSchoutsen.nl>"
 #ENV INSTALL_OPENALPR no
 #ENV INSTALL_FFMPEG no
 #ENV INSTALL_LIBCEC no
-#ENV INSTALL_PHANTOMJS no
 #ENV INSTALL_SSOCR no
 #ENV INSTALL_IPERF3 no

--- a/README.rst
+++ b/README.rst
@@ -1,5 +1,5 @@
-Home Assistant |Build Status| |Coverage Status| |Chat Status|
-=============================================================
+Home Assistant |Build Status| |Coverage Status| |Chat Status| |Reviewed by Hound|
+=================================================================================

 Home Assistant is a home automation platform running on Python 3. It is able to track and control all devices at home and offer a platform for automating control.

@@ -33,6 +33,8 @@ of a component, check the `Home Assistant help section <https://home-assistant.i
   :target: https://coveralls.io/r/home-assistant/home-assistant?branch=master
 .. |Chat Status| image:: https://img.shields.io/discord/330944238910963714.svg
   :target: https://discord.gg/c5DvZ4e
+.. |Reviewed by Hound| image:: https://img.shields.io/badge/Reviewed_by-Hound-8E64B0.svg
+   :target: https://houndci.com
 .. |screenshot-states| image:: https://raw.github.com/home-assistant/home-assistant/master/docs/screenshots.png
   :target: https://home-assistant.io/demo/
 .. |screenshot-components| image:: https://raw.github.com/home-assistant/home-assistant/dev/docs/screenshot-components.png
--- a/docs/source/api/homeassistant.rst
+++ b/docs/source/api/homeassistant.rst
@@ -60,14 +60,6 @@ loader module
    :undoc-members:
    :show-inheritance:

-remote module
---------------------------
-
-.. automodule:: homeassistant.remote
-    :members:
-    :undoc-members:
-    :show-inheritance:
-

 Module contents
 ---------------
--- a/homeassistant/main.py
+++ b/homeassistant/main.py
@@ -8,7 +8,7 @@ import subprocess
 import sys
 import threading

-from typing import Optional, List, Dict, Any  # noqa #pylint: disable=unused-import
+from typing import List, Dict, Any  # noqa pylint: disable=unused-import


 from homeassistant import monkey_patch
@@ -20,7 +20,7 @@ from homeassistant.const import (
 )


-def attempt_use_uvloop():
+def attempt_use_uvloop() -> None:
    """Attempt to use uvloop."""
    import asyncio

@@ -241,7 +241,7 @@ def cmdline() -> List[str]:


 def setup_and_run_hass(config_dir: str,
-                       args: argparse.Namespace) -> Optional[int]:
+                       args: argparse.Namespace) -> int:
    """Set up HASS and run."""
    from homeassistant import bootstrap

@@ -274,17 +274,17 @@ def setup_and_run_hass(config_dir: str,
            log_no_color=args.log_no_color)

    if hass is None:
-        return None
+        return -1

    if args.open_ui:
        # Imported here to avoid importing asyncio before monkey patch
        from homeassistant.util.async_ import run_callback_threadsafe

-        def open_browser(event):
-            """Open the webinterface in a browser."""
-            if hass.config.api is not None:
+        def open_browser(_: Any) -> None:
+            """Open the web interface in a browser."""
+            if hass.config.api is not None:  # type: ignore
                import webbrowser
-                webbrowser.open(hass.config.api.base_url)
+                webbrowser.open(hass.config.api.base_url)  # type: ignore

        run_callback_threadsafe(
            hass.loop,
--- a/homeassistant/auth.py
+++ b/homeassistant/auth.py
@@ -1,503 +0,0 @@
-"""Provide an authentication layer for Home Assistant."""
-import asyncio
-import binascii
-from collections import OrderedDict
-from datetime import datetime, timedelta
-import os
-import importlib
-import logging
-import uuid
-
-import attr
-import voluptuous as vol
-from voluptuous.humanize import humanize_error
-
-from homeassistant import data_entry_flow, requirements
-from homeassistant.core import callback
-from homeassistant.const import CONF_TYPE, CONF_NAME, CONF_ID
-from homeassistant.util.decorator import Registry
-from homeassistant.util import dt as dt_util
-
-
-_LOGGER = logging.getLogger(__name__)
-
-
-AUTH_PROVIDERS = Registry()
-
-AUTH_PROVIDER_SCHEMA = vol.Schema({
-    vol.Required(CONF_TYPE): str,
-    vol.Optional(CONF_NAME): str,
-    # Specify ID if you have two auth providers for same type.
-    vol.Optional(CONF_ID): str,
-}, extra=vol.ALLOW_EXTRA)
-
-ACCESS_TOKEN_EXPIRATION = timedelta(minutes=30)
-DATA_REQS = 'auth_reqs_processed'
-
-
-def generate_secret(entropy: int = 32) -> str:
-    """Generate a secret.
-
-    Backport of secrets.token_hex from Python 3.6
-
-    Event loop friendly.
-    """
-    return binascii.hexlify(os.urandom(entropy)).decode('ascii')
-
-
-class AuthProvider:
-    """Provider of user authentication."""
-
-    DEFAULT_TITLE = 'Unnamed auth provider'
-
-    initialized = False
-
-    def __init__(self, hass, store, config):
-        """Initialize an auth provider."""
-        self.hass = hass
-        self.store = store
-        self.config = config
-
-    @property
-    def id(self):  # pylint: disable=invalid-name
-        """Return id of the auth provider.
-
-        Optional, can be None.
-        """
-        return self.config.get(CONF_ID)
-
-    @property
-    def type(self):
-        """Return type of the provider."""
-        return self.config[CONF_TYPE]
-
-    @property
-    def name(self):
-        """Return the name of the auth provider."""
-        return self.config.get(CONF_NAME, self.DEFAULT_TITLE)
-
-    async def async_credentials(self):
-        """Return all credentials of this provider."""
-        return await self.store.credentials_for_provider(self.type, self.id)
-
-    @callback
-    def async_create_credentials(self, data):
-        """Create credentials."""
-        return Credentials(
-            auth_provider_type=self.type,
-            auth_provider_id=self.id,
-            data=data,
-        )
-
-    # Implement by extending class
-
-    async def async_initialize(self):
-        """Initialize the auth provider.
-
-        Optional.
-        """
-
-    async def async_credential_flow(self):
-        """Return the data flow for logging in with auth provider."""
-        raise NotImplementedError
-
-    async def async_get_or_create_credentials(self, flow_result):
-        """Get credentials based on the flow result."""
-        raise NotImplementedError
-
-    async def async_user_meta_for_credentials(self, credentials):
-        """Return extra user metadata for credentials.
-
-        Will be used to populate info when creating a new user.
-        """
-        return {}
-
-
-@attr.s(slots=True)
-class User:
-    """A user."""
-
-    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
-    is_owner = attr.ib(type=bool, default=False)
-    is_active = attr.ib(type=bool, default=False)
-    name = attr.ib(type=str, default=None)
-    # For persisting and see if saved?
-    # store = attr.ib(type=AuthStore, default=None)
-
-    # List of credentials of a user.
-    credentials = attr.ib(type=list, default=attr.Factory(list))
-
-    # Tokens associated with a user.
-    refresh_tokens = attr.ib(type=dict, default=attr.Factory(dict))
-
-    def as_dict(self):
-        """Convert user object to a dictionary."""
-        return {
-            'id': self.id,
-            'is_owner': self.is_owner,
-            'is_active': self.is_active,
-            'name': self.name,
-        }
-
-
-@attr.s(slots=True)
-class RefreshToken:
-    """RefreshToken for a user to grant new access tokens."""
-
-    user = attr.ib(type=User)
-    client_id = attr.ib(type=str)
-    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
-    created_at = attr.ib(type=datetime, default=attr.Factory(dt_util.utcnow))
-    access_token_expiration = attr.ib(type=timedelta,
-                                      default=ACCESS_TOKEN_EXPIRATION)
-    token = attr.ib(type=str,
-                    default=attr.Factory(lambda: generate_secret(64)))
-    access_tokens = attr.ib(type=list, default=attr.Factory(list))
-
-
-@attr.s(slots=True)
-class AccessToken:
-    """Access token to access the API.
-
-    These will only ever be stored in memory and not be persisted.
-    """
-
-    refresh_token = attr.ib(type=RefreshToken)
-    created_at = attr.ib(type=datetime, default=attr.Factory(dt_util.utcnow))
-    token = attr.ib(type=str,
-                    default=attr.Factory(generate_secret))
-
-    @property
-    def expires(self):
-        """Return datetime when this token expires."""
-        return self.created_at + self.refresh_token.access_token_expiration
-
-
-@attr.s(slots=True)
-class Credentials:
-    """Credentials for a user on an auth provider."""
-
-    auth_provider_type = attr.ib(type=str)
-    auth_provider_id = attr.ib(type=str)
-
-    # Allow the auth provider to store data to represent their auth.
-    data = attr.ib(type=dict)
-
-    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
-    is_new = attr.ib(type=bool, default=True)
-
-
-@attr.s(slots=True)
-class Client:
-    """Client that interacts with Home Assistant on behalf of a user."""
-
-    name = attr.ib(type=str)
-    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
-    secret = attr.ib(type=str, default=attr.Factory(generate_secret))
-    redirect_uris = attr.ib(type=list, default=attr.Factory(list))
-
-
-async def load_auth_provider_module(hass, provider):
-    """Load an auth provider."""
-    try:
-        module = importlib.import_module(
-            'homeassistant.auth_providers.{}'.format(provider))
-    except ImportError:
-        _LOGGER.warning('Unable to find auth provider %s', provider)
-        return None
-
-    if hass.config.skip_pip or not hasattr(module, 'REQUIREMENTS'):
-        return module
-
-    processed = hass.data.get(DATA_REQS)
-
-    if processed is None:
-        processed = hass.data[DATA_REQS] = set()
-    elif provider in processed:
-        return module
-
-    req_success = await requirements.async_process_requirements(
-        hass, 'auth provider {}'.format(provider), module.REQUIREMENTS)
-
-    if not req_success:
-        return None
-
-    return module
-
-
-async def auth_manager_from_config(hass, provider_configs):
-    """Initialize an auth manager from config."""
-    store = AuthStore(hass)
-    if provider_configs:
-        providers = await asyncio.gather(
-            *[_auth_provider_from_config(hass, store, config)
-              for config in provider_configs])
-    else:
-        providers = []
-    # So returned auth providers are in same order as config
-    provider_hash = OrderedDict()
-    for provider in providers:
-        if provider is None:
-            continue
-
-        key = (provider.type, provider.id)
-
-        if key in provider_hash:
-            _LOGGER.error(
-                'Found duplicate provider: %s. Please add unique IDs if you '
-                'want to have the same provider twice.', key)
-            continue
-
-        provider_hash[key] = provider
-    manager = AuthManager(hass, store, provider_hash)
-    return manager
-
-
-async def _auth_provider_from_config(hass, store, config):
-    """Initialize an auth provider from a config."""
-    provider_name = config[CONF_TYPE]
-    module = await load_auth_provider_module(hass, provider_name)
-
-    if module is None:
-        return None
-
-    try:
-        config = module.CONFIG_SCHEMA(config)
-    except vol.Invalid as err:
-        _LOGGER.error('Invalid configuration for auth provider %s: %s',
-                      provider_name, humanize_error(config, err))
-        return None
-
-    return AUTH_PROVIDERS[provider_name](hass, store, config)
-
-
-class AuthManager:
-    """Manage the authentication for Home Assistant."""
-
-    def __init__(self, hass, store, providers):
-        """Initialize the auth manager."""
-        self._store = store
-        self._providers = providers
-        self.login_flow = data_entry_flow.FlowManager(
-            hass, self._async_create_login_flow,
-            self._async_finish_login_flow)
-        self.access_tokens = {}
-
-    @property
-    def async_auth_providers(self):
-        """Return a list of available auth providers."""
-        return self._providers.values()
-
-    async def async_get_user(self, user_id):
-        """Retrieve a user."""
-        return await self._store.async_get_user(user_id)
-
-    async def async_get_or_create_user(self, credentials):
-        """Get or create a user."""
-        return await self._store.async_get_or_create_user(
-            credentials, self._async_get_auth_provider(credentials))
-
-    async def async_link_user(self, user, credentials):
-        """Link credentials to an existing user."""
-        await self._store.async_link_user(user, credentials)
-
-    async def async_remove_user(self, user):
-        """Remove a user."""
-        await self._store.async_remove_user(user)
-
-    async def async_create_refresh_token(self, user, client_id):
-        """Create a new refresh token for a user."""
-        return await self._store.async_create_refresh_token(user, client_id)
-
-    async def async_get_refresh_token(self, token):
-        """Get refresh token by token."""
-        return await self._store.async_get_refresh_token(token)
-
-    @callback
-    def async_create_access_token(self, refresh_token):
-        """Create a new access token."""
-        access_token = AccessToken(refresh_token)
-        self.access_tokens[access_token.token] = access_token
-        return access_token
-
-    @callback
-    def async_get_access_token(self, token):
-        """Get an access token."""
-        return self.access_tokens.get(token)
-
-    async def async_create_client(self, name, *, redirect_uris=None,
-                                  no_secret=False):
-        """Create a new client."""
-        return await self._store.async_create_client(
-            name, redirect_uris, no_secret)
-
-    async def async_get_client(self, client_id):
-        """Get a client."""
-        return await self._store.async_get_client(client_id)
-
-    async def _async_create_login_flow(self, handler, *, source, data):
-        """Create a login flow."""
-        auth_provider = self._providers[handler]
-
-        if not auth_provider.initialized:
-            auth_provider.initialized = True
-            await auth_provider.async_initialize()
-
-        return await auth_provider.async_credential_flow()
-
-    async def _async_finish_login_flow(self, result):
-        """Result of a credential login flow."""
-        if result['type'] != data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
-            return None
-
-        auth_provider = self._providers[result['handler']]
-        return await auth_provider.async_get_or_create_credentials(
-            result['data'])
-
-    @callback
-    def _async_get_auth_provider(self, credentials):
-        """Helper to get auth provider from a set of credentials."""
-        auth_provider_key = (credentials.auth_provider_type,
-                             credentials.auth_provider_id)
-        return self._providers[auth_provider_key]
-
-
-class AuthStore:
-    """Stores authentication info.
-
-    Any mutation to an object should happen inside the auth store.
-
-    The auth store is lazy. It won't load the data from disk until a method is
-    called that needs it.
-    """
-
-    def __init__(self, hass):
-        """Initialize the auth store."""
-        self.hass = hass
-        self.users = None
-        self.clients = None
-        self._load_lock = asyncio.Lock(loop=hass.loop)
-
-    async def credentials_for_provider(self, provider_type, provider_id):
-        """Return credentials for specific auth provider type and id."""
-        if self.users is None:
-            await self.async_load()
-
-        return [
-            credentials
-            for user in self.users.values()
-            for credentials in user.credentials
-            if (credentials.auth_provider_type == provider_type and
-                credentials.auth_provider_id == provider_id)
-        ]
-
-    async def async_get_user(self, user_id):
-        """Retrieve a user."""
-        if self.users is None:
-            await self.async_load()
-
-        return self.users.get(user_id)
-
-    async def async_get_or_create_user(self, credentials, auth_provider):
-        """Get or create a new user for given credentials.
-
-        If link_user is passed in, the credentials will be linked to the passed
-        in user if the credentials are new.
-        """
-        if self.users is None:
-            await self.async_load()
-
-        # New credentials, store in user
-        if credentials.is_new:
-            info = await auth_provider.async_user_meta_for_credentials(
-                credentials)
-            # Make owner and activate user if it's the first user.
-            if self.users:
-                is_owner = False
-                is_active = False
-            else:
-                is_owner = True
-                is_active = True
-
-            new_user = User(
-                is_owner=is_owner,
-                is_active=is_active,
-                name=info.get('name'),
-            )
-            self.users[new_user.id] = new_user
-            await self.async_link_user(new_user, credentials)
-            return new_user
-
-        for user in self.users.values():
-            for creds in user.credentials:
-                if (creds.auth_provider_type == credentials.auth_provider_type
-                        and creds.auth_provider_id ==
-                        credentials.auth_provider_id):
-                    return user
-
-        raise ValueError('We got credentials with ID but found no user')
-
-    async def async_link_user(self, user, credentials):
-        """Add credentials to an existing user."""
-        user.credentials.append(credentials)
-        await self.async_save()
-        credentials.is_new = False
-
-    async def async_remove_user(self, user):
-        """Remove a user."""
-        self.users.pop(user.id)
-        await self.async_save()
-
-    async def async_create_refresh_token(self, user, client_id):
-        """Create a new token for a user."""
-        refresh_token = RefreshToken(user, client_id)
-        user.refresh_tokens[refresh_token.token] = refresh_token
-        await self.async_save()
-        return refresh_token
-
-    async def async_get_refresh_token(self, token):
-        """Get refresh token by token."""
-        if self.users is None:
-            await self.async_load()
-
-        for user in self.users.values():
-            refresh_token = user.refresh_tokens.get(token)
-            if refresh_token is not None:
-                return refresh_token
-
-        return None
-
-    async def async_create_client(self, name, redirect_uris, no_secret):
-        """Create a new client."""
-        if self.clients is None:
-            await self.async_load()
-
-        kwargs = {
-            'name': name,
-            'redirect_uris': redirect_uris
-        }
-
-        if no_secret:
-            kwargs['secret'] = None
-
-        client = Client(**kwargs)
-        self.clients[client.id] = client
-        await self.async_save()
-        return client
-
-    async def async_get_client(self, client_id):
-        """Get a client."""
-        if self.clients is None:
-            await self.async_load()
-
-        return self.clients.get(client_id)
-
-    async def async_load(self):
-        """Load the users."""
-        async with self._load_lock:
-            self.users = {}
-            self.clients = {}
-
-    async def async_save(self):
-        """Save users."""
-        pass
--- a/homeassistant/auth/init.py
+++ b/homeassistant/auth/init.py
@@ -0,0 +1,399 @@
+"""Provide an authentication layer for Home Assistant."""
+import asyncio
+import logging
+from collections import OrderedDict
+from typing import Any, Dict, List, Optional, Tuple, cast
+
+import jwt
+
+from homeassistant import data_entry_flow
+from homeassistant.core import callback, HomeAssistant
+from homeassistant.util import dt as dt_util
+
+from . import auth_store, models
+from .mfa_modules import auth_mfa_module_from_config, MultiFactorAuthModule
+from .providers import auth_provider_from_config, AuthProvider, LoginFlow
+
+_LOGGER = logging.getLogger(__name__)
+_MfaModuleDict = Dict[str, MultiFactorAuthModule]
+_ProviderKey = Tuple[str, Optional[str]]
+_ProviderDict = Dict[_ProviderKey, AuthProvider]
+
+
+async def auth_manager_from_config(
+        hass: HomeAssistant,
+        provider_configs: List[Dict[str, Any]],
+        module_configs: List[Dict[str, Any]]) -> 'AuthManager':
+    """Initialize an auth manager from config."""
+    store = auth_store.AuthStore(hass)
+    if provider_configs:
+        providers = await asyncio.gather(
+            *[auth_provider_from_config(hass, store, config)
+              for config in provider_configs])
+    else:
+        providers = ()
+    # So returned auth providers are in same order as config
+    provider_hash = OrderedDict()  # type: _ProviderDict
+    for provider in providers:
+        if provider is None:
+            continue
+
+        key = (provider.type, provider.id)
+
+        if key in provider_hash:
+            _LOGGER.error(
+                'Found duplicate provider: %s. Please add unique IDs if you '
+                'want to have the same provider twice.', key)
+            continue
+
+        provider_hash[key] = provider
+
+    if module_configs:
+        modules = await asyncio.gather(
+            *[auth_mfa_module_from_config(hass, config)
+              for config in module_configs])
+    else:
+        modules = ()
+    # So returned auth modules are in same order as config
+    module_hash = OrderedDict()  # type: _MfaModuleDict
+    for module in modules:
+        if module is None:
+            continue
+
+        if module.id in module_hash:
+            _LOGGER.error(
+                'Found duplicate multi-factor module: %s. Please add unique '
+                'IDs if you want to have the same module twice.', module.id)
+            continue
+
+        module_hash[module.id] = module
+
+    manager = AuthManager(hass, store, provider_hash, module_hash)
+    return manager
+
+
+class AuthManager:
+    """Manage the authentication for Home Assistant."""
+
+    def __init__(self, hass: HomeAssistant, store: auth_store.AuthStore,
+                 providers: _ProviderDict, mfa_modules: _MfaModuleDict) \
+            -> None:
+        """Initialize the auth manager."""
+        self.hass = hass
+        self._store = store
+        self._providers = providers
+        self._mfa_modules = mfa_modules
+        self.login_flow = data_entry_flow.FlowManager(
+            hass, self._async_create_login_flow,
+            self._async_finish_login_flow)
+
+    @property
+    def active(self) -> bool:
+        """Return if any auth providers are registered."""
+        return bool(self._providers)
+
+    @property
+    def support_legacy(self) -> bool:
+        """
+        Return if legacy_api_password auth providers are registered.
+
+        Should be removed when we removed legacy_api_password auth providers.
+        """
+        for provider_type, _ in self._providers:
+            if provider_type == 'legacy_api_password':
+                return True
+        return False
+
+    @property
+    def auth_providers(self) -> List[AuthProvider]:
+        """Return a list of available auth providers."""
+        return list(self._providers.values())
+
+    @property
+    def auth_mfa_modules(self) -> List[MultiFactorAuthModule]:
+        """Return a list of available auth modules."""
+        return list(self._mfa_modules.values())
+
+    def get_auth_mfa_module(self, module_id: str) \
+            -> Optional[MultiFactorAuthModule]:
+        """Return an multi-factor auth module, None if not found."""
+        return self._mfa_modules.get(module_id)
+
+    async def async_get_users(self) -> List[models.User]:
+        """Retrieve all users."""
+        return await self._store.async_get_users()
+
+    async def async_get_user(self, user_id: str) -> Optional[models.User]:
+        """Retrieve a user."""
+        return await self._store.async_get_user(user_id)
+
+    async def async_get_user_by_credentials(
+            self, credentials: models.Credentials) -> Optional[models.User]:
+        """Get a user by credential, return None if not found."""
+        for user in await self.async_get_users():
+            for creds in user.credentials:
+                if creds.id == credentials.id:
+                    return user
+
+        return None
+
+    async def async_create_system_user(self, name: str) -> models.User:
+        """Create a system user."""
+        return await self._store.async_create_user(
+            name=name,
+            system_generated=True,
+            is_active=True,
+        )
+
+    async def async_create_user(self, name: str) -> models.User:
+        """Create a user."""
+        kwargs = {
+            'name': name,
+            'is_active': True,
+        }  # type: Dict[str, Any]
+
+        if await self._user_should_be_owner():
+            kwargs['is_owner'] = True
+
+        return await self._store.async_create_user(**kwargs)
+
+    async def async_get_or_create_user(self, credentials: models.Credentials) \
+            -> models.User:
+        """Get or create a user."""
+        if not credentials.is_new:
+            user = await self.async_get_user_by_credentials(credentials)
+            if user is None:
+                raise ValueError('Unable to find the user.')
+            else:
+                return user
+
+        auth_provider = self._async_get_auth_provider(credentials)
+
+        if auth_provider is None:
+            raise RuntimeError('Credential with unknown provider encountered')
+
+        info = await auth_provider.async_user_meta_for_credentials(
+            credentials)
+
+        return await self._store.async_create_user(
+            credentials=credentials,
+            name=info.name,
+            is_active=info.is_active,
+        )
+
+    async def async_link_user(self, user: models.User,
+                              credentials: models.Credentials) -> None:
+        """Link credentials to an existing user."""
+        await self._store.async_link_user(user, credentials)
+
+    async def async_remove_user(self, user: models.User) -> None:
+        """Remove a user."""
+        tasks = [
+            self.async_remove_credentials(credentials)
+            for credentials in user.credentials
+        ]
+
+        if tasks:
+            await asyncio.wait(tasks)
+
+        await self._store.async_remove_user(user)
+
+    async def async_activate_user(self, user: models.User) -> None:
+        """Activate a user."""
+        await self._store.async_activate_user(user)
+
+    async def async_deactivate_user(self, user: models.User) -> None:
+        """Deactivate a user."""
+        if user.is_owner:
+            raise ValueError('Unable to deactive the owner')
+        await self._store.async_deactivate_user(user)
+
+    async def async_remove_credentials(
+            self, credentials: models.Credentials) -> None:
+        """Remove credentials."""
+        provider = self._async_get_auth_provider(credentials)
+
+        if (provider is not None and
+                hasattr(provider, 'async_will_remove_credentials')):
+            # https://github.com/python/mypy/issues/1424
+            await provider.async_will_remove_credentials(  # type: ignore
+                credentials)
+
+        await self._store.async_remove_credentials(credentials)
+
+    async def async_enable_user_mfa(self, user: models.User,
+                                    mfa_module_id: str, data: Any) -> None:
+        """Enable a multi-factor auth module for user."""
+        if user.system_generated:
+            raise ValueError('System generated users cannot enable '
+                             'multi-factor auth module.')
+
+        module = self.get_auth_mfa_module(mfa_module_id)
+        if module is None:
+            raise ValueError('Unable find multi-factor auth module: {}'
+                             .format(mfa_module_id))
+
+        await module.async_setup_user(user.id, data)
+
+    async def async_disable_user_mfa(self, user: models.User,
+                                     mfa_module_id: str) -> None:
+        """Disable a multi-factor auth module for user."""
+        if user.system_generated:
+            raise ValueError('System generated users cannot disable '
+                             'multi-factor auth module.')
+
+        module = self.get_auth_mfa_module(mfa_module_id)
+        if module is None:
+            raise ValueError('Unable find multi-factor auth module: {}'
+                             .format(mfa_module_id))
+
+        await module.async_depose_user(user.id)
+
+    async def async_get_enabled_mfa(self, user: models.User) -> Dict[str, str]:
+        """List enabled mfa modules for user."""
+        modules = OrderedDict()  # type: Dict[str, str]
+        for module_id, module in self._mfa_modules.items():
+            if await module.async_is_user_setup(user.id):
+                modules[module_id] = module.name
+        return modules
+
+    async def async_create_refresh_token(self, user: models.User,
+                                         client_id: Optional[str] = None) \
+            -> models.RefreshToken:
+        """Create a new refresh token for a user."""
+        if not user.is_active:
+            raise ValueError('User is not active')
+
+        if user.system_generated and client_id is not None:
+            raise ValueError(
+                'System generated users cannot have refresh tokens connected '
+                'to a client.')
+
+        if not user.system_generated and client_id is None:
+            raise ValueError('Client is required to generate a refresh token.')
+
+        return await self._store.async_create_refresh_token(user, client_id)
+
+    async def async_get_refresh_token(
+            self, token_id: str) -> Optional[models.RefreshToken]:
+        """Get refresh token by id."""
+        return await self._store.async_get_refresh_token(token_id)
+
+    async def async_get_refresh_token_by_token(
+            self, token: str) -> Optional[models.RefreshToken]:
+        """Get refresh token by token."""
+        return await self._store.async_get_refresh_token_by_token(token)
+
+    async def async_remove_refresh_token(self,
+                                         refresh_token: models.RefreshToken) \
+            -> None:
+        """Delete a refresh token."""
+        await self._store.async_remove_refresh_token(refresh_token)
+
+    @callback
+    def async_create_access_token(self,
+                                  refresh_token: models.RefreshToken) -> str:
+        """Create a new access token."""
+        # pylint: disable=no-self-use
+        return jwt.encode({
+            'iss': refresh_token.id,
+            'iat': dt_util.utcnow(),
+            'exp': dt_util.utcnow() + refresh_token.access_token_expiration,
+        }, refresh_token.jwt_key, algorithm='HS256').decode()
+
+    async def async_validate_access_token(
+            self, token: str) -> Optional[models.RefreshToken]:
+        """Return refresh token if an access token is valid."""
+        try:
+            unverif_claims = jwt.decode(token, verify=False)
+        except jwt.InvalidTokenError:
+            return None
+
+        refresh_token = await self.async_get_refresh_token(
+            cast(str, unverif_claims.get('iss')))
+
+        if refresh_token is None:
+            jwt_key = ''
+            issuer = ''
+        else:
+            jwt_key = refresh_token.jwt_key
+            issuer = refresh_token.id
+
+        try:
+            jwt.decode(
+                token,
+                jwt_key,
+                leeway=10,
+                issuer=issuer,
+                algorithms=['HS256']
+            )
+        except jwt.InvalidTokenError:
+            return None
+
+        if refresh_token is None or not refresh_token.user.is_active:
+            return None
+
+        return refresh_token
+
+    async def _async_create_login_flow(
+            self, handler: _ProviderKey, *, context: Optional[Dict],
+            data: Optional[Any]) -> data_entry_flow.FlowHandler:
+        """Create a login flow."""
+        auth_provider = self._providers[handler]
+
+        return await auth_provider.async_login_flow(context)
+
+    async def _async_finish_login_flow(
+            self, flow: LoginFlow, result: Dict[str, Any]) \
+            -> Dict[str, Any]:
+        """Return a user as result of login flow."""
+        if result['type'] != data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
+            return result
+
+        # we got final result
+        if isinstance(result['data'], models.User):
+            result['result'] = result['data']
+            return result
+
+        auth_provider = self._providers[result['handler']]
+        credentials = await auth_provider.async_get_or_create_credentials(
+            result['data'])
+
+        if flow.context is not None and flow.context.get('credential_only'):
+            result['result'] = credentials
+            return result
+
+        # multi-factor module cannot enabled for new credential
+        # which has not linked to a user yet
+        if auth_provider.support_mfa and not credentials.is_new:
+            user = await self.async_get_user_by_credentials(credentials)
+            if user is not None:
+                modules = await self.async_get_enabled_mfa(user)
+
+                if modules:
+                    flow.user = user
+                    flow.available_mfa_modules = modules
+                    return await flow.async_step_select_mfa_module()
+
+        result['result'] = await self.async_get_or_create_user(credentials)
+        return result
+
+    @callback
+    def _async_get_auth_provider(
+            self, credentials: models.Credentials) -> Optional[AuthProvider]:
+        """Get auth provider from a set of credentials."""
+        auth_provider_key = (credentials.auth_provider_type,
+                             credentials.auth_provider_id)
+        return self._providers.get(auth_provider_key)
+
+    async def _user_should_be_owner(self) -> bool:
+        """Determine if user should be owner.
+
+        A user should be an owner if it is the first non-system user that is
+        being created.
+        """
+        for user in await self._store.async_get_users():
+            if not user.system_generated:
+                return False
+
+        return True
--- a/homeassistant/auth/auth_store.py
+++ b/homeassistant/auth/auth_store.py
@@ -0,0 +1,288 @@
+"""Storage for auth models."""
+from collections import OrderedDict
+from datetime import timedelta
+from logging import getLogger
+from typing import Any, Dict, List, Optional  # noqa: F401
+import hmac
+
+from homeassistant.core import HomeAssistant, callback
+from homeassistant.util import dt as dt_util
+
+from . import models
+
+STORAGE_VERSION = 1
+STORAGE_KEY = 'auth'
+
+
+class AuthStore:
+    """Stores authentication info.
+
+    Any mutation to an object should happen inside the auth store.
+
+    The auth store is lazy. It won't load the data from disk until a method is
+    called that needs it.
+    """
+
+    def __init__(self, hass: HomeAssistant) -> None:
+        """Initialize the auth store."""
+        self.hass = hass
+        self._users = None  # type: Optional[Dict[str, models.User]]
+        self._store = hass.helpers.storage.Store(STORAGE_VERSION, STORAGE_KEY)
+
+    async def async_get_users(self) -> List[models.User]:
+        """Retrieve all users."""
+        if self._users is None:
+            await self._async_load()
+            assert self._users is not None
+
+        return list(self._users.values())
+
+    async def async_get_user(self, user_id: str) -> Optional[models.User]:
+        """Retrieve a user by id."""
+        if self._users is None:
+            await self._async_load()
+            assert self._users is not None
+
+        return self._users.get(user_id)
+
+    async def async_create_user(
+            self, name: Optional[str], is_owner: Optional[bool] = None,
+            is_active: Optional[bool] = None,
+            system_generated: Optional[bool] = None,
+            credentials: Optional[models.Credentials] = None) -> models.User:
+        """Create a new user."""
+        if self._users is None:
+            await self._async_load()
+            assert self._users is not None
+
+        kwargs = {
+            'name': name
+        }  # type: Dict[str, Any]
+
+        if is_owner is not None:
+            kwargs['is_owner'] = is_owner
+
+        if is_active is not None:
+            kwargs['is_active'] = is_active
+
+        if system_generated is not None:
+            kwargs['system_generated'] = system_generated
+
+        new_user = models.User(**kwargs)
+
+        self._users[new_user.id] = new_user
+
+        if credentials is None:
+            self._async_schedule_save()
+            return new_user
+
+        # Saving is done inside the link.
+        await self.async_link_user(new_user, credentials)
+        return new_user
+
+    async def async_link_user(self, user: models.User,
+                              credentials: models.Credentials) -> None:
+        """Add credentials to an existing user."""
+        user.credentials.append(credentials)
+        self._async_schedule_save()
+        credentials.is_new = False
+
+    async def async_remove_user(self, user: models.User) -> None:
+        """Remove a user."""
+        if self._users is None:
+            await self._async_load()
+            assert self._users is not None
+
+        self._users.pop(user.id)
+        self._async_schedule_save()
+
+    async def async_activate_user(self, user: models.User) -> None:
+        """Activate a user."""
+        user.is_active = True
+        self._async_schedule_save()
+
+    async def async_deactivate_user(self, user: models.User) -> None:
+        """Activate a user."""
+        user.is_active = False
+        self._async_schedule_save()
+
+    async def async_remove_credentials(
+            self, credentials: models.Credentials) -> None:
+        """Remove credentials."""
+        if self._users is None:
+            await self._async_load()
+            assert self._users is not None
+
+        for user in self._users.values():
+            found = None
+
+            for index, cred in enumerate(user.credentials):
+                if cred is credentials:
+                    found = index
+                    break
+
+            if found is not None:
+                user.credentials.pop(found)
+                break
+
+        self._async_schedule_save()
+
+    async def async_create_refresh_token(
+            self, user: models.User, client_id: Optional[str] = None) \
+            -> models.RefreshToken:
+        """Create a new token for a user."""
+        refresh_token = models.RefreshToken(user=user, client_id=client_id)
+        user.refresh_tokens[refresh_token.id] = refresh_token
+        self._async_schedule_save()
+        return refresh_token
+
+    async def async_remove_refresh_token(
+            self, refresh_token: models.RefreshToken) -> None:
+        """Remove a refresh token."""
+        if self._users is None:
+            await self._async_load()
+            assert self._users is not None
+
+        for user in self._users.values():
+            if user.refresh_tokens.pop(refresh_token.id, None):
+                self._async_schedule_save()
+                break
+
+    async def async_get_refresh_token(
+            self, token_id: str) -> Optional[models.RefreshToken]:
+        """Get refresh token by id."""
+        if self._users is None:
+            await self._async_load()
+            assert self._users is not None
+
+        for user in self._users.values():
+            refresh_token = user.refresh_tokens.get(token_id)
+            if refresh_token is not None:
+                return refresh_token
+
+        return None
+
+    async def async_get_refresh_token_by_token(
+            self, token: str) -> Optional[models.RefreshToken]:
+        """Get refresh token by token."""
+        if self._users is None:
+            await self._async_load()
+            assert self._users is not None
+
+        found = None
+
+        for user in self._users.values():
+            for refresh_token in user.refresh_tokens.values():
+                if hmac.compare_digest(refresh_token.token, token):
+                    found = refresh_token
+
+        return found
+
+    async def _async_load(self) -> None:
+        """Load the users."""
+        data = await self._store.async_load()
+
+        # Make sure that we're not overriding data if 2 loads happened at the
+        # same time
+        if self._users is not None:
+            return
+
+        users = OrderedDict()  # type: Dict[str, models.User]
+
+        if data is None:
+            self._users = users
+            return
+
+        for user_dict in data['users']:
+            users[user_dict['id']] = models.User(**user_dict)
+
+        for cred_dict in data['credentials']:
+            users[cred_dict['user_id']].credentials.append(models.Credentials(
+                id=cred_dict['id'],
+                is_new=False,
+                auth_provider_type=cred_dict['auth_provider_type'],
+                auth_provider_id=cred_dict['auth_provider_id'],
+                data=cred_dict['data'],
+            ))
+
+        for rt_dict in data['refresh_tokens']:
+            # Filter out the old keys that don't have jwt_key (pre-0.76)
+            if 'jwt_key' not in rt_dict:
+                continue
+
+            created_at = dt_util.parse_datetime(rt_dict['created_at'])
+            if created_at is None:
+                getLogger(__name__).error(
+                    'Ignoring refresh token %(id)s with invalid created_at '
+                    '%(created_at)s for user_id %(user_id)s', rt_dict)
+                continue
+            token = models.RefreshToken(
+                id=rt_dict['id'],
+                user=users[rt_dict['user_id']],
+                client_id=rt_dict['client_id'],
+                created_at=created_at,
+                access_token_expiration=timedelta(
+                    seconds=rt_dict['access_token_expiration']),
+                token=rt_dict['token'],
+                jwt_key=rt_dict['jwt_key']
+            )
+            users[rt_dict['user_id']].refresh_tokens[token.id] = token
+
+        self._users = users
+
+    @callback
+    def _async_schedule_save(self) -> None:
+        """Save users."""
+        if self._users is None:
+            return
+
+        self._store.async_delay_save(self._data_to_save, 1)
+
+    @callback
+    def _data_to_save(self) -> Dict:
+        """Return the data to store."""
+        assert self._users is not None
+
+        users = [
+            {
+                'id': user.id,
+                'is_owner': user.is_owner,
+                'is_active': user.is_active,
+                'name': user.name,
+                'system_generated': user.system_generated,
+            }
+            for user in self._users.values()
+        ]
+
+        credentials = [
+            {
+                'id': credential.id,
+                'user_id': user.id,
+                'auth_provider_type': credential.auth_provider_type,
+                'auth_provider_id': credential.auth_provider_id,
+                'data': credential.data,
+            }
+            for user in self._users.values()
+            for credential in user.credentials
+        ]
+
+        refresh_tokens = [
+            {
+                'id': refresh_token.id,
+                'user_id': user.id,
+                'client_id': refresh_token.client_id,
+                'created_at': refresh_token.created_at.isoformat(),
+                'access_token_expiration':
+                    refresh_token.access_token_expiration.total_seconds(),
+                'token': refresh_token.token,
+                'jwt_key': refresh_token.jwt_key,
+            }
+            for user in self._users.values()
+            for refresh_token in user.refresh_tokens.values()
+        ]
+
+        return {
+            'users': users,
+            'credentials': credentials,
+            'refresh_tokens': refresh_tokens,
+        }
--- a/homeassistant/auth/const.py
+++ b/homeassistant/auth/const.py
@@ -0,0 +1,4 @@
+"""Constants for the auth module."""
+from datetime import timedelta
+
+ACCESS_TOKEN_EXPIRATION = timedelta(minutes=30)
--- a/homeassistant/auth/mfa_modules/init.py
+++ b/homeassistant/auth/mfa_modules/init.py
@@ -0,0 +1,176 @@
+"""Plugable auth modules for Home Assistant."""
+from datetime import timedelta
+import importlib
+import logging
+import types
+from typing import Any, Dict, Optional
+
+import voluptuous as vol
+from voluptuous.humanize import humanize_error
+
+from homeassistant import requirements, data_entry_flow
+from homeassistant.const import CONF_ID, CONF_NAME, CONF_TYPE
+from homeassistant.core import HomeAssistant
+from homeassistant.util.decorator import Registry
+
+MULTI_FACTOR_AUTH_MODULES = Registry()
+
+MULTI_FACTOR_AUTH_MODULE_SCHEMA = vol.Schema({
+    vol.Required(CONF_TYPE): str,
+    vol.Optional(CONF_NAME): str,
+    # Specify ID if you have two mfa auth module for same type.
+    vol.Optional(CONF_ID): str,
+}, extra=vol.ALLOW_EXTRA)
+
+SESSION_EXPIRATION = timedelta(minutes=5)
+
+DATA_REQS = 'mfa_auth_module_reqs_processed'
+
+_LOGGER = logging.getLogger(__name__)
+
+
+class MultiFactorAuthModule:
+    """Multi-factor Auth Module of validation function."""
+
+    DEFAULT_TITLE = 'Unnamed auth module'
+
+    def __init__(self, hass: HomeAssistant, config: Dict[str, Any]) -> None:
+        """Initialize an auth module."""
+        self.hass = hass
+        self.config = config
+
+    @property
+    def id(self) -> str:  # pylint: disable=invalid-name
+        """Return id of the auth module.
+
+        Default is same as type
+        """
+        return self.config.get(CONF_ID, self.type)
+
+    @property
+    def type(self) -> str:
+        """Return type of the module."""
+        return self.config[CONF_TYPE]  # type: ignore
+
+    @property
+    def name(self) -> str:
+        """Return the name of the auth module."""
+        return self.config.get(CONF_NAME, self.DEFAULT_TITLE)
+
+    # Implement by extending class
+
+    @property
+    def input_schema(self) -> vol.Schema:
+        """Return a voluptuous schema to define mfa auth module's input."""
+        raise NotImplementedError
+
+    async def async_setup_flow(self, user_id: str) -> 'SetupFlow':
+        """Return a data entry flow handler for setup module.
+
+        Mfa module should extend SetupFlow
+        """
+        raise NotImplementedError
+
+    async def async_setup_user(self, user_id: str, setup_data: Any) -> Any:
+        """Set up user for mfa auth module."""
+        raise NotImplementedError
+
+    async def async_depose_user(self, user_id: str) -> None:
+        """Remove user from mfa module."""
+        raise NotImplementedError
+
+    async def async_is_user_setup(self, user_id: str) -> bool:
+        """Return whether user is setup."""
+        raise NotImplementedError
+
+    async def async_validation(
+            self, user_id: str, user_input: Dict[str, Any]) -> bool:
+        """Return True if validation passed."""
+        raise NotImplementedError
+
+
+class SetupFlow(data_entry_flow.FlowHandler):
+    """Handler for the setup flow."""
+
+    def __init__(self, auth_module: MultiFactorAuthModule,
+                 setup_schema: vol.Schema,
+                 user_id: str) -> None:
+        """Initialize the setup flow."""
+        self._auth_module = auth_module
+        self._setup_schema = setup_schema
+        self._user_id = user_id
+
+    async def async_step_init(
+            self, user_input: Optional[Dict[str, str]] = None) \
+            -> Dict[str, Any]:
+        """Handle the first step of setup flow.
+
+        Return self.async_show_form(step_id='init') if user_input == None.
+        Return self.async_create_entry(data={'result': result}) if finish.
+        """
+        errors = {}  # type: Dict[str, str]
+
+        if user_input:
+            result = await self._auth_module.async_setup_user(
+                self._user_id, user_input)
+            return self.async_create_entry(
+                title=self._auth_module.name,
+                data={'result': result}
+            )
+
+        return self.async_show_form(
+            step_id='init',
+            data_schema=self._setup_schema,
+            errors=errors
+        )
+
+
+async def auth_mfa_module_from_config(
+        hass: HomeAssistant, config: Dict[str, Any]) \
+        -> Optional[MultiFactorAuthModule]:
+    """Initialize an auth module from a config."""
+    module_name = config[CONF_TYPE]
+    module = await _load_mfa_module(hass, module_name)
+
+    if module is None:
+        return None
+
+    try:
+        config = module.CONFIG_SCHEMA(config)  # type: ignore
+    except vol.Invalid as err:
+        _LOGGER.error('Invalid configuration for multi-factor module %s: %s',
+                      module_name, humanize_error(config, err))
+        return None
+
+    return MULTI_FACTOR_AUTH_MODULES[module_name](hass, config)  # type: ignore
+
+
+async def _load_mfa_module(hass: HomeAssistant, module_name: str) \
+        -> Optional[types.ModuleType]:
+    """Load an mfa auth module."""
+    module_path = 'homeassistant.auth.mfa_modules.{}'.format(module_name)
+
+    try:
+        module = importlib.import_module(module_path)
+    except ImportError:
+        _LOGGER.warning('Unable to find %s', module_path)
+        return None
+
+    if hass.config.skip_pip or not hasattr(module, 'REQUIREMENTS'):
+        return module
+
+    processed = hass.data.get(DATA_REQS)
+    if processed and module_name in processed:
+        return module
+
+    processed = hass.data[DATA_REQS] = set()
+
+    # https://github.com/python/mypy/issues/1424
+    req_success = await requirements.async_process_requirements(
+        hass, module_path, module.REQUIREMENTS)    # type: ignore
+
+    if not req_success:
+        return None
+
+    processed.add(module_name)
+    return module
--- a/homeassistant/auth/mfa_modules/insecure_example.py
+++ b/homeassistant/auth/mfa_modules/insecure_example.py
@@ -0,0 +1,89 @@
+"""Example auth module."""
+import logging
+from typing import Any, Dict
+
+import voluptuous as vol
+
+from homeassistant.core import HomeAssistant
+
+from . import MultiFactorAuthModule, MULTI_FACTOR_AUTH_MODULES, \
+    MULTI_FACTOR_AUTH_MODULE_SCHEMA, SetupFlow
+
+CONFIG_SCHEMA = MULTI_FACTOR_AUTH_MODULE_SCHEMA.extend({
+    vol.Required('data'): [vol.Schema({
+        vol.Required('user_id'): str,
+        vol.Required('pin'): str,
+    })]
+}, extra=vol.PREVENT_EXTRA)
+
+_LOGGER = logging.getLogger(__name__)
+
+
+@MULTI_FACTOR_AUTH_MODULES.register('insecure_example')
+class InsecureExampleModule(MultiFactorAuthModule):
+    """Example auth module validate pin."""
+
+    DEFAULT_TITLE = 'Insecure Personal Identify Number'
+
+    def __init__(self, hass: HomeAssistant, config: Dict[str, Any]) -> None:
+        """Initialize the user data store."""
+        super().__init__(hass, config)
+        self._data = config['data']
+
+    @property
+    def input_schema(self) -> vol.Schema:
+        """Validate login flow input data."""
+        return vol.Schema({'pin': str})
+
+    @property
+    def setup_schema(self) -> vol.Schema:
+        """Validate async_setup_user input data."""
+        return vol.Schema({'pin': str})
+
+    async def async_setup_flow(self, user_id: str) -> SetupFlow:
+        """Return a data entry flow handler for setup module.
+
+        Mfa module should extend SetupFlow
+        """
+        return SetupFlow(self, self.setup_schema, user_id)
+
+    async def async_setup_user(self, user_id: str, setup_data: Any) -> Any:
+        """Set up user to use mfa module."""
+        # data shall has been validate in caller
+        pin = setup_data['pin']
+
+        for data in self._data:
+            if data['user_id'] == user_id:
+                # already setup, override
+                data['pin'] = pin
+                return
+
+        self._data.append({'user_id': user_id, 'pin': pin})
+
+    async def async_depose_user(self, user_id: str) -> None:
+        """Remove user from mfa module."""
+        found = None
+        for data in self._data:
+            if data['user_id'] == user_id:
+                found = data
+                break
+        if found:
+            self._data.remove(found)
+
+    async def async_is_user_setup(self, user_id: str) -> bool:
+        """Return whether user is setup."""
+        for data in self._data:
+            if data['user_id'] == user_id:
+                return True
+        return False
+
+    async def async_validation(
+            self, user_id: str, user_input: Dict[str, Any]) -> bool:
+        """Return True if validation passed."""
+        for data in self._data:
+            if data['user_id'] == user_id:
+                # user_input has been validate in caller
+                if data['pin'] == user_input['pin']:
+                    return True
+
+        return False
--- a/homeassistant/auth/mfa_modules/totp.py
+++ b/homeassistant/auth/mfa_modules/totp.py
@@ -0,0 +1,212 @@
+"""Time-based One Time Password auth module."""
+import logging
+from io import BytesIO
+from typing import Any, Dict, Optional, Tuple  # noqa: F401
+
+import voluptuous as vol
+
+from homeassistant.auth.models import User
+from homeassistant.core import HomeAssistant
+
+from . import MultiFactorAuthModule, MULTI_FACTOR_AUTH_MODULES, \
+    MULTI_FACTOR_AUTH_MODULE_SCHEMA, SetupFlow
+
+REQUIREMENTS = ['pyotp==2.2.6', 'PyQRCode==1.2.1']
+
+CONFIG_SCHEMA = MULTI_FACTOR_AUTH_MODULE_SCHEMA.extend({
+}, extra=vol.PREVENT_EXTRA)
+
+STORAGE_VERSION = 1
+STORAGE_KEY = 'auth_module.totp'
+STORAGE_USERS = 'users'
+STORAGE_USER_ID = 'user_id'
+STORAGE_OTA_SECRET = 'ota_secret'
+
+INPUT_FIELD_CODE = 'code'
+
+DUMMY_SECRET = 'FPPTH34D4E3MI2HG'
+
+_LOGGER = logging.getLogger(__name__)
+
+
+def _generate_qr_code(data: str) -> str:
+    """Generate a base64 PNG string represent QR Code image of data."""
+    import pyqrcode
+
+    qr_code = pyqrcode.create(data)
+
+    with BytesIO() as buffer:
+        qr_code.svg(file=buffer, scale=4)
+        return '{}'.format(
+            buffer.getvalue().decode("ascii").replace('\n', '')
+            .replace('<?xml version="1.0" encoding="UTF-8"?>'
+                     '<svg xmlns="http://www.w3.org/2000/svg"', '<svg')
+        )
+
+
+def _generate_secret_and_qr_code(username: str) -> Tuple[str, str, str]:
+    """Generate a secret, url, and QR code."""
+    import pyotp
+
+    ota_secret = pyotp.random_base32()
+    url = pyotp.totp.TOTP(ota_secret).provisioning_uri(
+        username, issuer_name="Home Assistant")
+    image = _generate_qr_code(url)
+    return ota_secret, url, image
+
+
+@MULTI_FACTOR_AUTH_MODULES.register('totp')
+class TotpAuthModule(MultiFactorAuthModule):
+    """Auth module validate time-based one time password."""
+
+    DEFAULT_TITLE = 'Time-based One Time Password'
+
+    def __init__(self, hass: HomeAssistant, config: Dict[str, Any]) -> None:
+        """Initialize the user data store."""
+        super().__init__(hass, config)
+        self._users = None  # type: Optional[Dict[str, str]]
+        self._user_store = hass.helpers.storage.Store(
+            STORAGE_VERSION, STORAGE_KEY)
+
+    @property
+    def input_schema(self) -> vol.Schema:
+        """Validate login flow input data."""
+        return vol.Schema({INPUT_FIELD_CODE: str})
+
+    async def _async_load(self) -> None:
+        """Load stored data."""
+        data = await self._user_store.async_load()
+
+        if data is None:
+            data = {STORAGE_USERS: {}}
+
+        self._users = data.get(STORAGE_USERS, {})
+
+    async def _async_save(self) -> None:
+        """Save data."""
+        await self._user_store.async_save({STORAGE_USERS: self._users})
+
+    def _add_ota_secret(self, user_id: str,
+                        secret: Optional[str] = None) -> str:
+        """Create a ota_secret for user."""
+        import pyotp
+
+        ota_secret = secret or pyotp.random_base32()  # type: str
+
+        self._users[user_id] = ota_secret   # type: ignore
+        return ota_secret
+
+    async def async_setup_flow(self, user_id: str) -> SetupFlow:
+        """Return a data entry flow handler for setup module.
+
+        Mfa module should extend SetupFlow
+        """
+        user = await self.hass.auth.async_get_user(user_id)   # type: ignore
+        return TotpSetupFlow(self, self.input_schema, user)
+
+    async def async_setup_user(self, user_id: str, setup_data: Any) -> str:
+        """Set up auth module for user."""
+        if self._users is None:
+            await self._async_load()
+
+        result = await self.hass.async_add_executor_job(
+            self._add_ota_secret, user_id, setup_data.get('secret'))
+
+        await self._async_save()
+        return result
+
+    async def async_depose_user(self, user_id: str) -> None:
+        """Depose auth module for user."""
+        if self._users is None:
+            await self._async_load()
+
+        if self._users.pop(user_id, None):   # type: ignore
+            await self._async_save()
+
+    async def async_is_user_setup(self, user_id: str) -> bool:
+        """Return whether user is setup."""
+        if self._users is None:
+            await self._async_load()
+
+        return user_id in self._users   # type: ignore
+
+    async def async_validation(
+            self, user_id: str, user_input: Dict[str, Any]) -> bool:
+        """Return True if validation passed."""
+        if self._users is None:
+            await self._async_load()
+
+        # user_input has been validate in caller
+        return await self.hass.async_add_executor_job(
+            self._validate_2fa, user_id, user_input[INPUT_FIELD_CODE])
+
+    def _validate_2fa(self, user_id: str, code: str) -> bool:
+        """Validate two factor authentication code."""
+        import pyotp
+
+        ota_secret = self._users.get(user_id)  # type: ignore
+        if ota_secret is None:
+            # even we cannot find user, we still do verify
+            # to make timing the same as if user was found.
+            pyotp.TOTP(DUMMY_SECRET).verify(code)
+            return False
+
+        return bool(pyotp.TOTP(ota_secret).verify(code))
+
+
+class TotpSetupFlow(SetupFlow):
+    """Handler for the setup flow."""
+
+    def __init__(self, auth_module: TotpAuthModule,
+                 setup_schema: vol.Schema,
+                 user: User) -> None:
+        """Initialize the setup flow."""
+        super().__init__(auth_module, setup_schema, user.id)
+        # to fix typing complaint
+        self._auth_module = auth_module  # type: TotpAuthModule
+        self._user = user
+        self._ota_secret = None  # type: Optional[str]
+        self._url = None  # type Optional[str]
+        self._image = None  # type Optional[str]
+
+    async def async_step_init(
+            self, user_input: Optional[Dict[str, str]] = None) \
+            -> Dict[str, Any]:
+        """Handle the first step of setup flow.
+
+        Return self.async_show_form(step_id='init') if user_input == None.
+        Return self.async_create_entry(data={'result': result}) if finish.
+        """
+        import pyotp
+
+        errors = {}  # type: Dict[str, str]
+
+        if user_input:
+            verified = await self.hass.async_add_executor_job(  # type: ignore
+                pyotp.TOTP(self._ota_secret).verify, user_input['code'])
+            if verified:
+                result = await self._auth_module.async_setup_user(
+                    self._user_id, {'secret': self._ota_secret})
+                return self.async_create_entry(
+                    title=self._auth_module.name,
+                    data={'result': result}
+                )
+
+            errors['base'] = 'invalid_code'
+
+        else:
+            hass = self._auth_module.hass
+            self._ota_secret, self._url, self._image = \
+                await hass.async_add_executor_job(  # type: ignore
+                    _generate_secret_and_qr_code, str(self._user.name))
+
+        return self.async_show_form(
+            step_id='init',
+            data_schema=self._setup_schema,
+            description_placeholders={
+                'code': self._ota_secret,
+                'url': self._url,
+                'qr_code': self._image
+            },
+            errors=errors
+        )
--- a/homeassistant/auth/models.py
+++ b/homeassistant/auth/models.py
@@ -0,0 +1,66 @@
+"""Auth models."""
+from datetime import datetime, timedelta
+from typing import Dict, List, NamedTuple, Optional  # noqa: F401
+import uuid
+
+import attr
+
+from homeassistant.util import dt as dt_util
+
+from .const import ACCESS_TOKEN_EXPIRATION
+from .util import generate_secret
+
+
+@attr.s(slots=True)
+class User:
+    """A user."""
+
+    name = attr.ib(type=str)  # type: Optional[str]
+    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
+    is_owner = attr.ib(type=bool, default=False)
+    is_active = attr.ib(type=bool, default=False)
+    system_generated = attr.ib(type=bool, default=False)
+
+    # List of credentials of a user.
+    credentials = attr.ib(
+        type=list, default=attr.Factory(list), cmp=False
+    )  # type: List[Credentials]
+
+    # Tokens associated with a user.
+    refresh_tokens = attr.ib(
+        type=dict, default=attr.Factory(dict), cmp=False
+    )  # type: Dict[str, RefreshToken]
+
+
+@attr.s(slots=True)
+class RefreshToken:
+    """RefreshToken for a user to grant new access tokens."""
+
+    user = attr.ib(type=User)
+    client_id = attr.ib(type=str)  # type: Optional[str]
+    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
+    created_at = attr.ib(type=datetime, default=attr.Factory(dt_util.utcnow))
+    access_token_expiration = attr.ib(type=timedelta,
+                                      default=ACCESS_TOKEN_EXPIRATION)
+    token = attr.ib(type=str,
+                    default=attr.Factory(lambda: generate_secret(64)))
+    jwt_key = attr.ib(type=str,
+                      default=attr.Factory(lambda: generate_secret(64)))
+
+
+@attr.s(slots=True)
+class Credentials:
+    """Credentials for a user on an auth provider."""
+
+    auth_provider_type = attr.ib(type=str)
+    auth_provider_id = attr.ib(type=str)  # type: Optional[str]
+
+    # Allow the auth provider to store data to represent their auth.
+    data = attr.ib(type=dict)
+
+    id = attr.ib(type=str, default=attr.Factory(lambda: uuid.uuid4().hex))
+    is_new = attr.ib(type=bool, default=True)
+
+
+UserMeta = NamedTuple("UserMeta",
+                      [('name', Optional[str]), ('is_active', bool)])
--- a/homeassistant/auth/providers/init.py
+++ b/homeassistant/auth/providers/init.py
@@ -0,0 +1,247 @@
+"""Auth providers for Home Assistant."""
+import importlib
+import logging
+import types
+from typing import Any, Dict, List, Optional
+
+import voluptuous as vol
+from voluptuous.humanize import humanize_error
+
+from homeassistant import data_entry_flow, requirements
+from homeassistant.core import callback, HomeAssistant
+from homeassistant.const import CONF_ID, CONF_NAME, CONF_TYPE
+from homeassistant.util import dt as dt_util
+from homeassistant.util.decorator import Registry
+
+from ..auth_store import AuthStore
+from ..models import Credentials, User, UserMeta  # noqa: F401
+from ..mfa_modules import SESSION_EXPIRATION
+
+_LOGGER = logging.getLogger(__name__)
+DATA_REQS = 'auth_prov_reqs_processed'
+
+AUTH_PROVIDERS = Registry()
+
+AUTH_PROVIDER_SCHEMA = vol.Schema({
+    vol.Required(CONF_TYPE): str,
+    vol.Optional(CONF_NAME): str,
+    # Specify ID if you have two auth providers for same type.
+    vol.Optional(CONF_ID): str,
+}, extra=vol.ALLOW_EXTRA)
+
+
+class AuthProvider:
+    """Provider of user authentication."""
+
+    DEFAULT_TITLE = 'Unnamed auth provider'
+
+    def __init__(self, hass: HomeAssistant, store: AuthStore,
+                 config: Dict[str, Any]) -> None:
+        """Initialize an auth provider."""
+        self.hass = hass
+        self.store = store
+        self.config = config
+
+    @property
+    def id(self) -> Optional[str]:  # pylint: disable=invalid-name
+        """Return id of the auth provider.
+
+        Optional, can be None.
+        """
+        return self.config.get(CONF_ID)
+
+    @property
+    def type(self) -> str:
+        """Return type of the provider."""
+        return self.config[CONF_TYPE]  # type: ignore
+
+    @property
+    def name(self) -> str:
+        """Return the name of the auth provider."""
+        return self.config.get(CONF_NAME, self.DEFAULT_TITLE)
+
+    @property
+    def support_mfa(self) -> bool:
+        """Return whether multi-factor auth supported by the auth provider."""
+        return True
+
+    async def async_credentials(self) -> List[Credentials]:
+        """Return all credentials of this provider."""
+        users = await self.store.async_get_users()
+        return [
+            credentials
+            for user in users
+            for credentials in user.credentials
+            if (credentials.auth_provider_type == self.type and
+                credentials.auth_provider_id == self.id)
+        ]
+
+    @callback
+    def async_create_credentials(self, data: Dict[str, str]) -> Credentials:
+        """Create credentials."""
+        return Credentials(
+            auth_provider_type=self.type,
+            auth_provider_id=self.id,
+            data=data,
+        )
+
+    # Implement by extending class
+
+    async def async_login_flow(self, context: Optional[Dict]) -> 'LoginFlow':
+        """Return the data flow for logging in with auth provider.
+
+        Auth provider should extend LoginFlow and return an instance.
+        """
+        raise NotImplementedError
+
+    async def async_get_or_create_credentials(
+            self, flow_result: Dict[str, str]) -> Credentials:
+        """Get credentials based on the flow result."""
+        raise NotImplementedError
+
+    async def async_user_meta_for_credentials(
+            self, credentials: Credentials) -> UserMeta:
+        """Return extra user metadata for credentials.
+
+        Will be used to populate info when creating a new user.
+        """
+        raise NotImplementedError
+
+
+async def auth_provider_from_config(
+        hass: HomeAssistant, store: AuthStore,
+        config: Dict[str, Any]) -> Optional[AuthProvider]:
+    """Initialize an auth provider from a config."""
+    provider_name = config[CONF_TYPE]
+    module = await load_auth_provider_module(hass, provider_name)
+
+    if module is None:
+        return None
+
+    try:
+        config = module.CONFIG_SCHEMA(config)  # type: ignore
+    except vol.Invalid as err:
+        _LOGGER.error('Invalid configuration for auth provider %s: %s',
+                      provider_name, humanize_error(config, err))
+        return None
+
+    return AUTH_PROVIDERS[provider_name](hass, store, config)  # type: ignore
+
+
+async def load_auth_provider_module(
+        hass: HomeAssistant, provider: str) -> Optional[types.ModuleType]:
+    """Load an auth provider."""
+    try:
+        module = importlib.import_module(
+            'homeassistant.auth.providers.{}'.format(provider))
+    except ImportError:
+        _LOGGER.warning('Unable to find auth provider %s', provider)
+        return None
+
+    if hass.config.skip_pip or not hasattr(module, 'REQUIREMENTS'):
+        return module
+
+    processed = hass.data.get(DATA_REQS)
+
+    if processed is None:
+        processed = hass.data[DATA_REQS] = set()
+    elif provider in processed:
+        return module
+
+    # https://github.com/python/mypy/issues/1424
+    reqs = module.REQUIREMENTS  # type: ignore
+    req_success = await requirements.async_process_requirements(
+        hass, 'auth provider {}'.format(provider), reqs)
+
+    if not req_success:
+        return None
+
+    processed.add(provider)
+    return module
+
+
+class LoginFlow(data_entry_flow.FlowHandler):
+    """Handler for the login flow."""
+
+    def __init__(self, auth_provider: AuthProvider) -> None:
+        """Initialize the login flow."""
+        self._auth_provider = auth_provider
+        self._auth_module_id = None  # type: Optional[str]
+        self._auth_manager = auth_provider.hass.auth  # type: ignore
+        self.available_mfa_modules = {}  # type: Dict[str, str]
+        self.created_at = dt_util.utcnow()
+        self.user = None  # type: Optional[User]
+
+    async def async_step_init(
+            self, user_input: Optional[Dict[str, str]] = None) \
+            -> Dict[str, Any]:
+        """Handle the first step of login flow.
+
+        Return self.async_show_form(step_id='init') if user_input == None.
+        Return await self.async_finish(flow_result) if login init step pass.
+        """
+        raise NotImplementedError
+
+    async def async_step_select_mfa_module(
+            self, user_input: Optional[Dict[str, str]] = None) \
+            -> Dict[str, Any]:
+        """Handle the step of select mfa module."""
+        errors = {}
+
+        if user_input is not None:
+            auth_module = user_input.get('multi_factor_auth_module')
+            if auth_module in self.available_mfa_modules:
+                self._auth_module_id = auth_module
+                return await self.async_step_mfa()
+            errors['base'] = 'invalid_auth_module'
+
+        if len(self.available_mfa_modules) == 1:
+            self._auth_module_id = list(self.available_mfa_modules.keys())[0]
+            return await self.async_step_mfa()
+
+        return self.async_show_form(
+            step_id='select_mfa_module',
+            data_schema=vol.Schema({
+                'multi_factor_auth_module': vol.In(self.available_mfa_modules)
+            }),
+            errors=errors,
+        )
+
+    async def async_step_mfa(
+            self, user_input: Optional[Dict[str, str]] = None) \
+            -> Dict[str, Any]:
+        """Handle the step of mfa validation."""
+        errors = {}
+
+        auth_module = self._auth_manager.get_auth_mfa_module(
+            self._auth_module_id)
+        if auth_module is None:
+            # Given an invalid input to async_step_select_mfa_module
+            # will show invalid_auth_module error
+            return await self.async_step_select_mfa_module(user_input={})
+
+        if user_input is not None:
+            expires = self.created_at + SESSION_EXPIRATION
+            if dt_util.utcnow() > expires:
+                errors['base'] = 'login_expired'
+            else:
+                result = await auth_module.async_validation(
+                    self.user.id, user_input)  # type: ignore
+                if not result:
+                    errors['base'] = 'invalid_auth'
+
+            if not errors:
+                return await self.async_finish(self.user)
+
+        return self.async_show_form(
+            step_id='mfa',
+            data_schema=auth_module.input_schema,
+            errors=errors,
+        )
+
+    async def async_finish(self, flow_result: Any) -> Dict:
+        """Handle the pass of login flow."""
+        return self.async_create_entry(
+            title=self._auth_provider.name,
+            data=flow_result
+        )
--- a/homeassistant/auth/providers/homeassistant.py
+++ b/homeassistant/auth/providers/homeassistant.py
@@ -0,0 +1,273 @@
+"""Home Assistant auth provider."""
+import base64
+from collections import OrderedDict
+import hashlib
+import hmac
+from typing import Any, Dict, List, Optional, cast
+
+import bcrypt
+import voluptuous as vol
+
+from homeassistant.const import CONF_ID
+from homeassistant.core import callback, HomeAssistant
+from homeassistant.exceptions import HomeAssistantError
+from homeassistant.util.async_ import run_coroutine_threadsafe
+
+from . import AuthProvider, AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS, LoginFlow
+
+from ..models import Credentials, UserMeta
+from ..util import generate_secret
+
+
+STORAGE_VERSION = 1
+STORAGE_KEY = 'auth_provider.homeassistant'
+
+
+def _disallow_id(conf: Dict[str, Any]) -> Dict[str, Any]:
+    """Disallow ID in config."""
+    if CONF_ID in conf:
+        raise vol.Invalid(
+            'ID is not allowed for the homeassistant auth provider.')
+
+    return conf
+
+
+CONFIG_SCHEMA = vol.All(AUTH_PROVIDER_SCHEMA, _disallow_id)
+
+
+class InvalidAuth(HomeAssistantError):
+    """Raised when we encounter invalid authentication."""
+
+
+class InvalidUser(HomeAssistantError):
+    """Raised when invalid user is specified.
+
+    Will not be raised when validating authentication.
+    """
+
+
+class Data:
+    """Hold the user data."""
+
+    def __init__(self, hass: HomeAssistant) -> None:
+        """Initialize the user data store."""
+        self.hass = hass
+        self._store = hass.helpers.storage.Store(STORAGE_VERSION, STORAGE_KEY)
+        self._data = None  # type: Optional[Dict[str, Any]]
+
+    async def async_load(self) -> None:
+        """Load stored data."""
+        data = await self._store.async_load()
+
+        if data is None:
+            data = {
+                'salt': generate_secret(),
+                'users': []
+            }
+
+        self._data = data
+
+    @property
+    def users(self) -> List[Dict[str, str]]:
+        """Return users."""
+        return self._data['users']  # type: ignore
+
+    def validate_login(self, username: str, password: str) -> None:
+        """Validate a username and password.
+
+        Raises InvalidAuth if auth invalid.
+        """
+        dummy = b'$2b$12$CiuFGszHx9eNHxPuQcwBWez4CwDTOcLTX5CbOpV6gef2nYuXkY7BO'
+        found = None
+
+        # Compare all users to avoid timing attacks.
+        for user in self.users:
+            if username == user['username']:
+                found = user
+
+        if found is None:
+            # check a hash to make timing the same as if user was found
+            bcrypt.checkpw(b'foo',
+                           dummy)
+            raise InvalidAuth
+
+        user_hash = base64.b64decode(found['password'])
+
+        # if the hash is not a bcrypt hash...
+        # provide a transparant upgrade for old pbkdf2 hash format
+        if not (user_hash.startswith(b'$2a$')
+                or user_hash.startswith(b'$2b$')
+                or user_hash.startswith(b'$2x$')
+                or user_hash.startswith(b'$2y$')):
+            # IMPORTANT! validate the login, bail if invalid
+            hashed = self.legacy_hash_password(password)
+            if not hmac.compare_digest(hashed, user_hash):
+                raise InvalidAuth
+            # then re-hash the valid password with bcrypt
+            self.change_password(found['username'], password)
+            run_coroutine_threadsafe(
+                self.async_save(), self.hass.loop
+            ).result()
+            user_hash = base64.b64decode(found['password'])
+
+        # bcrypt.checkpw is timing-safe
+        if not bcrypt.checkpw(password.encode(),
+                              user_hash):
+            raise InvalidAuth
+
+    def legacy_hash_password(self, password: str,
+                             for_storage: bool = False) -> bytes:
+        """LEGACY password encoding."""
+        # We're no longer storing salts in data, but if one exists we
+        # should be able to retrieve it.
+        salt = self._data['salt'].encode()  # type: ignore
+        hashed = hashlib.pbkdf2_hmac('sha512', password.encode(), salt, 100000)
+        if for_storage:
+            hashed = base64.b64encode(hashed)
+        return hashed
+
+    # pylint: disable=no-self-use
+    def hash_password(self, password: str, for_storage: bool = False) -> bytes:
+        """Encode a password."""
+        hashed = bcrypt.hashpw(password.encode(), bcrypt.gensalt(rounds=12)) \
+            # type: bytes
+        if for_storage:
+            hashed = base64.b64encode(hashed)
+        return hashed
+
+    def add_auth(self, username: str, password: str) -> None:
+        """Add a new authenticated user/pass."""
+        if any(user['username'] == username for user in self.users):
+            raise InvalidUser
+
+        self.users.append({
+            'username': username,
+            'password': self.hash_password(password, True).decode(),
+        })
+
+    @callback
+    def async_remove_auth(self, username: str) -> None:
+        """Remove authentication."""
+        index = None
+        for i, user in enumerate(self.users):
+            if user['username'] == username:
+                index = i
+                break
+
+        if index is None:
+            raise InvalidUser
+
+        self.users.pop(index)
+
+    def change_password(self, username: str, new_password: str) -> None:
+        """Update the password.
+
+        Raises InvalidUser if user cannot be found.
+        """
+        for user in self.users:
+            if user['username'] == username:
+                user['password'] = self.hash_password(
+                    new_password, True).decode()
+                break
+        else:
+            raise InvalidUser
+
+    async def async_save(self) -> None:
+        """Save data."""
+        await self._store.async_save(self._data)
+
+
+@AUTH_PROVIDERS.register('homeassistant')
+class HassAuthProvider(AuthProvider):
+    """Auth provider based on a local storage of users in HASS config dir."""
+
+    DEFAULT_TITLE = 'Home Assistant Local'
+
+    data = None
+
+    async def async_initialize(self) -> None:
+        """Initialize the auth provider."""
+        if self.data is not None:
+            return
+
+        self.data = Data(self.hass)
+        await self.data.async_load()
+
+    async def async_login_flow(
+            self, context: Optional[Dict]) -> LoginFlow:
+        """Return a flow to login."""
+        return HassLoginFlow(self)
+
+    async def async_validate_login(self, username: str, password: str) -> None:
+        """Validate a username and password."""
+        if self.data is None:
+            await self.async_initialize()
+            assert self.data is not None
+
+        await self.hass.async_add_executor_job(
+            self.data.validate_login, username, password)
+
+    async def async_get_or_create_credentials(
+            self, flow_result: Dict[str, str]) -> Credentials:
+        """Get credentials based on the flow result."""
+        username = flow_result['username']
+
+        for credential in await self.async_credentials():
+            if credential.data['username'] == username:
+                return credential
+
+        # Create new credentials.
+        return self.async_create_credentials({
+            'username': username
+        })
+
+    async def async_user_meta_for_credentials(
+            self, credentials: Credentials) -> UserMeta:
+        """Get extra info for this credential."""
+        return UserMeta(name=credentials.data['username'], is_active=True)
+
+    async def async_will_remove_credentials(
+            self, credentials: Credentials) -> None:
+        """When credentials get removed, also remove the auth."""
+        if self.data is None:
+            await self.async_initialize()
+            assert self.data is not None
+
+        try:
+            self.data.async_remove_auth(credentials.data['username'])
+            await self.data.async_save()
+        except InvalidUser:
+            # Can happen if somehow we didn't clean up a credential
+            pass
+
+
+class HassLoginFlow(LoginFlow):
+    """Handler for the login flow."""
+
+    async def async_step_init(
+            self, user_input: Optional[Dict[str, str]] = None) \
+            -> Dict[str, Any]:
+        """Handle the step of the form."""
+        errors = {}
+
+        if user_input is not None:
+            try:
+                await cast(HassAuthProvider, self._auth_provider)\
+                    .async_validate_login(user_input['username'],
+                                          user_input['password'])
+            except InvalidAuth:
+                errors['base'] = 'invalid_auth'
+
+            if not errors:
+                user_input.pop('password')
+                return await self.async_finish(user_input)
+
+        schema = OrderedDict()  # type: Dict[str, type]
+        schema['username'] = str
+        schema['password'] = str
+
+        return self.async_show_form(
+            step_id='init',
+            data_schema=vol.Schema(schema),
+            errors=errors,
+        )
--- a/homeassistant/auth/providers/insecure_example.py
+++ b/homeassistant/auth/providers/insecure_example.py
@@ -1,13 +1,16 @@
 """Example auth provider."""
 from collections import OrderedDict
 import hmac
+from typing import Any, Dict, Optional, cast

 import voluptuous as vol

 from homeassistant.exceptions import HomeAssistantError
-from homeassistant import auth, data_entry_flow
 from homeassistant.core import callback

+from . import AuthProvider, AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS, LoginFlow
+from ..models import Credentials, UserMeta
+

 USER_SCHEMA = vol.Schema({
    vol.Required('username'): str,
@@ -16,7 +19,7 @@ USER_SCHEMA = vol.Schema({
 })


-CONFIG_SCHEMA = auth.AUTH_PROVIDER_SCHEMA.extend({
+CONFIG_SCHEMA = AUTH_PROVIDER_SCHEMA.extend({
    vol.Required('users'): [USER_SCHEMA]
 }, extra=vol.PREVENT_EXTRA)

@@ -25,17 +28,17 @@ class InvalidAuthError(HomeAssistantError):
    """Raised when submitting invalid authentication."""


-@auth.AUTH_PROVIDERS.register('insecure_example')
-class ExampleAuthProvider(auth.AuthProvider):
+@AUTH_PROVIDERS.register('insecure_example')
+class ExampleAuthProvider(AuthProvider):
    """Example auth provider based on hardcoded usernames and passwords."""

-    async def async_credential_flow(self):
+    async def async_login_flow(self, context: Optional[Dict]) -> LoginFlow:
        """Return a flow to login."""
-        return LoginFlow(self)
+        return ExampleLoginFlow(self)

    @callback
-    def async_validate_login(self, username, password):
-        """Helper to validate a username and password."""
+    def async_validate_login(self, username: str, password: str) -> None:
+        """Validate a username and password."""
        user = None

        # Compare all users to avoid timing attacks.
@@ -54,7 +57,8 @@ class ExampleAuthProvider(auth.AuthProvider):
                                   password.encode('utf-8')):
            raise InvalidAuthError

-    async def async_get_or_create_credentials(self, flow_result):
+    async def async_get_or_create_credentials(
+            self, flow_result: Dict[str, str]) -> Credentials:
        """Get credentials based on the flow result."""
        username = flow_result['username']

@@ -67,47 +71,45 @@ class ExampleAuthProvider(auth.AuthProvider):
            'username': username
        })

-    async def async_user_meta_for_credentials(self, credentials):
+    async def async_user_meta_for_credentials(
+            self, credentials: Credentials) -> UserMeta:
        """Return extra user metadata for credentials.

        Will be used to populate info when creating a new user.
        """
        username = credentials.data['username']
+        name = None

        for user in self.config['users']:
            if user['username'] == username:
-                return {
-                    'name': user.get('name')
-                }
+                name = user.get('name')
+                break

-        return {}
+        return UserMeta(name=name, is_active=True)


-class LoginFlow(data_entry_flow.FlowHandler):
+class ExampleLoginFlow(LoginFlow):
    """Handler for the login flow."""

-    def __init__(self, auth_provider):
-        """Initialize the login flow."""
-        self._auth_provider = auth_provider
-
-    async def async_step_init(self, user_input=None):
+    async def async_step_init(
+            self, user_input: Optional[Dict[str, str]] = None) \
+            -> Dict[str, Any]:
        """Handle the step of the form."""
        errors = {}

        if user_input is not None:
            try:
-                self._auth_provider.async_validate_login(
-                    user_input['username'], user_input['password'])
+                cast(ExampleAuthProvider, self._auth_provider)\
+                    .async_validate_login(user_input['username'],
+                                          user_input['password'])
            except InvalidAuthError:
                errors['base'] = 'invalid_auth'

            if not errors:
-                return self.async_create_entry(
-                    title=self._auth_provider.name,
-                    data=user_input
-                )
+                user_input.pop('password')
+                return await self.async_finish(user_input)

-        schema = OrderedDict()
+        schema = OrderedDict()  # type: Dict[str, type]
        schema['username'] = str
        schema['password'] = str

--- a/homeassistant/auth/providers/legacy_api_password.py
+++ b/homeassistant/auth/providers/legacy_api_password.py
@@ -0,0 +1,103 @@
+"""
+Support Legacy API password auth provider.
+
+It will be removed when auth system production ready
+"""
+import hmac
+from typing import Any, Dict, Optional, cast
+
+import voluptuous as vol
+
+from homeassistant.components.http import HomeAssistantHTTP  # noqa: F401
+from homeassistant.core import callback
+from homeassistant.exceptions import HomeAssistantError
+
+from . import AuthProvider, AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS, LoginFlow
+from ..models import Credentials, UserMeta
+
+
+USER_SCHEMA = vol.Schema({
+    vol.Required('username'): str,
+})
+
+
+CONFIG_SCHEMA = AUTH_PROVIDER_SCHEMA.extend({
+}, extra=vol.PREVENT_EXTRA)
+
+LEGACY_USER = 'homeassistant'
+
+
+class InvalidAuthError(HomeAssistantError):
+    """Raised when submitting invalid authentication."""
+
+
+@AUTH_PROVIDERS.register('legacy_api_password')
+class LegacyApiPasswordAuthProvider(AuthProvider):
+    """Example auth provider based on hardcoded usernames and passwords."""
+
+    DEFAULT_TITLE = 'Legacy API Password'
+
+    async def async_login_flow(self, context: Optional[Dict]) -> LoginFlow:
+        """Return a flow to login."""
+        return LegacyLoginFlow(self)
+
+    @callback
+    def async_validate_login(self, password: str) -> None:
+        """Validate a username and password."""
+        hass_http = getattr(self.hass, 'http', None)  # type: HomeAssistantHTTP
+
+        if not hmac.compare_digest(hass_http.api_password.encode('utf-8'),
+                                   password.encode('utf-8')):
+            raise InvalidAuthError
+
+    async def async_get_or_create_credentials(
+            self, flow_result: Dict[str, str]) -> Credentials:
+        """Return LEGACY_USER always."""
+        for credential in await self.async_credentials():
+            if credential.data['username'] == LEGACY_USER:
+                return credential
+
+        return self.async_create_credentials({
+            'username': LEGACY_USER
+        })
+
+    async def async_user_meta_for_credentials(
+            self, credentials: Credentials) -> UserMeta:
+        """
+        Set name as LEGACY_USER always.
+
+        Will be used to populate info when creating a new user.
+        """
+        return UserMeta(name=LEGACY_USER, is_active=True)
+
+
+class LegacyLoginFlow(LoginFlow):
+    """Handler for the login flow."""
+
+    async def async_step_init(
+            self, user_input: Optional[Dict[str, str]] = None) \
+            -> Dict[str, Any]:
+        """Handle the step of the form."""
+        errors = {}
+
+        hass_http = getattr(self.hass, 'http', None)
+        if hass_http is None or not hass_http.api_password:
+            return self.async_abort(
+                reason='no_api_password_set'
+            )
+
+        if user_input is not None:
+            try:
+                cast(LegacyApiPasswordAuthProvider, self._auth_provider)\
+                    .async_validate_login(user_input['password'])
+            except InvalidAuthError:
+                errors['base'] = 'invalid_auth'
+
+            if not errors:
+                return await self.async_finish({})
+
+        return self.async_show_form(
+            step_id='init',
+            data_schema=vol.Schema({'password': str}),
+            errors=errors,
+        )
--- a/homeassistant/auth/providers/trusted_networks.py
+++ b/homeassistant/auth/providers/trusted_networks.py
@@ -0,0 +1,141 @@
+"""Trusted Networks auth provider.
+
+It shows list of users if access from trusted network.
+Abort login flow if not access from trusted network.
+"""
+from typing import Any, Dict, Optional, cast
+
+import voluptuous as vol
+
+from homeassistant.components.http import HomeAssistantHTTP  # noqa: F401
+from homeassistant.core import callback
+from homeassistant.exceptions import HomeAssistantError
+
+from . import AuthProvider, AUTH_PROVIDER_SCHEMA, AUTH_PROVIDERS, LoginFlow
+from ..models import Credentials, UserMeta
+
+CONFIG_SCHEMA = AUTH_PROVIDER_SCHEMA.extend({
+}, extra=vol.PREVENT_EXTRA)
+
+
+class InvalidAuthError(HomeAssistantError):
+    """Raised when try to access from untrusted networks."""
+
+
+class InvalidUserError(HomeAssistantError):
+    """Raised when try to login as invalid user."""
+
+
+@AUTH_PROVIDERS.register('trusted_networks')
+class TrustedNetworksAuthProvider(AuthProvider):
+    """Trusted Networks auth provider.
+
+    Allow passwordless access from trusted network.
+    """
+
+    DEFAULT_TITLE = 'Trusted Networks'
+
+    @property
+    def support_mfa(self) -> bool:
+        """Trusted Networks auth provider does not support MFA."""
+        return False
+
+    async def async_login_flow(self, context: Optional[Dict]) -> LoginFlow:
+        """Return a flow to login."""
+        assert context is not None
+        users = await self.store.async_get_users()
+        available_users = {user.id: user.name
+                           for user in users
+                           if not user.system_generated and user.is_active}
+
+        return TrustedNetworksLoginFlow(
+            self, cast(str, context.get('ip_address')), available_users)
+
+    async def async_get_or_create_credentials(
+            self, flow_result: Dict[str, str]) -> Credentials:
+        """Get credentials based on the flow result."""
+        user_id = flow_result['user']
+
+        users = await self.store.async_get_users()
+        for user in users:
+            if (not user.system_generated and
+                    user.is_active and
+                    user.id == user_id):
+                for credential in await self.async_credentials():
+                    if credential.data['user_id'] == user_id:
+                        return credential
+                cred = self.async_create_credentials({'user_id': user_id})
+                await self.store.async_link_user(user, cred)
+                return cred
+
+        # We only allow login as exist user
+        raise InvalidUserError
+
+    async def async_user_meta_for_credentials(
+            self, credentials: Credentials) -> UserMeta:
+        """Return extra user metadata for credentials.
+
+        Trusted network auth provider should never create new user.
+        """
+        raise NotImplementedError
+
+    @callback
+    def async_validate_access(self, ip_address: str) -> None:
+        """Make sure the access from trusted networks.
+
+        Raise InvalidAuthError if not.
+        Raise InvalidAuthError if trusted_networks is not configured.
+        """
+        hass_http = getattr(self.hass, 'http', None)  # type: HomeAssistantHTTP
+
+        if not hass_http or not hass_http.trusted_networks:
+            raise InvalidAuthError('trusted_networks is not configured')
+
+        if not any(ip_address in trusted_network for trusted_network
+                   in hass_http.trusted_networks):
+            raise InvalidAuthError('Not in trusted_networks')
+
+
+class TrustedNetworksLoginFlow(LoginFlow):
+    """Handler for the login flow."""
+
+    def __init__(self, auth_provider: TrustedNetworksAuthProvider,
+                 ip_address: str, available_users: Dict[str, Optional[str]]) \
+            -> None:
+        """Initialize the login flow."""
+        super().__init__(auth_provider)
+        self._available_users = available_users
+        self._ip_address = ip_address
+
+    async def async_step_init(
+            self, user_input: Optional[Dict[str, str]] = None) \
+            -> Dict[str, Any]:
+        """Handle the step of the form."""
+        errors = {}
+        try:
+            cast(TrustedNetworksAuthProvider, self._auth_provider)\
+                .async_validate_access(self._ip_address)
+
+        except InvalidAuthError:
+            errors['base'] = 'invalid_auth'
+            return self.async_show_form(
+                step_id='init',
+                data_schema=None,
+                errors=errors,
+            )
+
+        if user_input is not None:
+            user_id = user_input['user']
+            if user_id not in self._available_users:
+                errors['base'] = 'invalid_auth'
+
+            if not errors:
+                return await self.async_finish(user_input)
+
+        schema = {'user': vol.In(self._available_users)}
+
+        return self.async_show_form(
+            step_id='init',
+            data_schema=vol.Schema(schema),
+            errors=errors,
+        )
--- a/homeassistant/auth/util.py
+++ b/homeassistant/auth/util.py
@@ -0,0 +1,13 @@
+"""Auth utils."""
+import binascii
+import os
+
+
+def generate_secret(entropy: int = 32) -> str:
+    """Generate a secret.
+
+    Backport of secrets.token_hex from Python 3.6
+
+    Event loop friendly.
+    """
+    return binascii.hexlify(os.urandom(entropy)).decode('ascii')
--- a/homeassistant/auth_providers/init.py
+++ b/homeassistant/auth_providers/init.py
@@ -1 +0,0 @@
-"""Auth providers for Home Assistant."""
--- a/homeassistant/auth_providers/homeassistant.py
+++ b/homeassistant/auth_providers/homeassistant.py
@@ -1,181 +0,0 @@
-"""Home Assistant auth provider."""
-import base64
-from collections import OrderedDict
-import hashlib
-import hmac
-
-import voluptuous as vol
-
-from homeassistant import auth, data_entry_flow
-from homeassistant.exceptions import HomeAssistantError
-from homeassistant.util import json
-
-
-PATH_DATA = '.users.json'
-
-CONFIG_SCHEMA = auth.AUTH_PROVIDER_SCHEMA.extend({
-}, extra=vol.PREVENT_EXTRA)
-
-
-class InvalidAuth(HomeAssistantError):
-    """Raised when we encounter invalid authentication."""
-
-
-class InvalidUser(HomeAssistantError):
-    """Raised when invalid user is specified.
-
-    Will not be raised when validating authentication.
-    """
-
-
-class Data:
-    """Hold the user data."""
-
-    def __init__(self, path, data):
-        """Initialize the user data store."""
-        self.path = path
-        if data is None:
-            data = {
-                'salt': auth.generate_secret(),
-                'users': []
-            }
-        self._data = data
-
-    @property
-    def users(self):
-        """Return users."""
-        return self._data['users']
-
-    def validate_login(self, username, password):
-        """Validate a username and password.
-
-        Raises InvalidAuth if auth invalid.
-        """
-        password = self.hash_password(password)
-
-        found = None
-
-        # Compare all users to avoid timing attacks.
-        for user in self._data['users']:
-            if username == user['username']:
-                found = user
-
-        if found is None:
-            # Do one more compare to make timing the same as if user was found.
-            hmac.compare_digest(password, password)
-            raise InvalidAuth
-
-        if not hmac.compare_digest(password,
-                                   base64.b64decode(found['password'])):
-            raise InvalidAuth
-
-    def hash_password(self, password, for_storage=False):
-        """Encode a password."""
-        hashed = hashlib.pbkdf2_hmac(
-            'sha512', password.encode(), self._data['salt'].encode(), 100000)
-        if for_storage:
-            hashed = base64.b64encode(hashed).decode()
-        return hashed
-
-    def add_user(self, username, password):
-        """Add a user."""
-        if any(user['username'] == username for user in self.users):
-            raise InvalidUser
-
-        self.users.append({
-            'username': username,
-            'password': self.hash_password(password, True),
-        })
-
-    def change_password(self, username, new_password):
-        """Update the password of a user.
-
-        Raises InvalidUser if user cannot be found.
-        """
-        for user in self.users:
-            if user['username'] == username:
-                user['password'] = self.hash_password(new_password, True)
-                break
-        else:
-            raise InvalidUser
-
-    def save(self):
-        """Save data."""
-        json.save_json(self.path, self._data)
-
-
-def load_data(path):
-    """Load auth data."""
-    return Data(path, json.load_json(path, None))
-
-
-@auth.AUTH_PROVIDERS.register('homeassistant')
-class HassAuthProvider(auth.AuthProvider):
-    """Auth provider based on a local storage of users in HASS config dir."""
-
-    DEFAULT_TITLE = 'Home Assistant Local'
-
-    async def async_credential_flow(self):
-        """Return a flow to login."""
-        return LoginFlow(self)
-
-    async def async_validate_login(self, username, password):
-        """Helper to validate a username and password."""
-        def validate():
-            """Validate creds."""
-            data = self._auth_data()
-            data.validate_login(username, password)
-
-        await self.hass.async_add_job(validate)
-
-    async def async_get_or_create_credentials(self, flow_result):
-        """Get credentials based on the flow result."""
-        username = flow_result['username']
-
-        for credential in await self.async_credentials():
-            if credential.data['username'] == username:
-                return credential
-
-        # Create new credentials.
-        return self.async_create_credentials({
-            'username': username
-        })
-
-    def _auth_data(self):
-        """Return the auth provider data."""
-        return load_data(self.hass.config.path(PATH_DATA))
-
-
-class LoginFlow(data_entry_flow.FlowHandler):
-    """Handler for the login flow."""
-
-    def __init__(self, auth_provider):
-        """Initialize the login flow."""
-        self._auth_provider = auth_provider
-
-    async def async_step_init(self, user_input=None):
-        """Handle the step of the form."""
-        errors = {}
-
-        if user_input is not None:
-            try:
-                await self._auth_provider.async_validate_login(
-                    user_input['username'], user_input['password'])
-            except InvalidAuth:
-                errors['base'] = 'invalid_auth'
-
-            if not errors:
-                return self.async_create_entry(
-                    title=self._auth_provider.name,
-                    data=user_input
-                )
-
-        schema = OrderedDict()
-        schema['username'] = str
-        schema['password'] = str
-
-        return self.async_show_form(
-            step_id='init',
-            data_schema=vol.Schema(schema),
-            errors=errors,
-        )
--- a/homeassistant/bootstrap.py
+++ b/homeassistant/bootstrap.py
@@ -28,9 +28,8 @@ ERROR_LOG_FILENAME = 'home-assistant.log'
 # hass.data key for logging information.
 DATA_LOGGING = 'logging'

-FIRST_INIT_COMPONENT = set((
-    'system_log', 'recorder', 'mqtt', 'mqtt_eventstream', 'logger',
-    'introduction', 'frontend', 'history'))
+FIRST_INIT_COMPONENT = {'system_log', 'recorder', 'mqtt', 'mqtt_eventstream',
+                        'logger', 'introduction', 'frontend', 'history'}


 def from_config_dict(config: Dict[str, Any],
@@ -88,14 +87,19 @@ async def async_from_config_dict(config: Dict[str, Any],
                             log_no_color)

    core_config = config.get(core.DOMAIN, {})
+    has_api_password = bool((config.get('http') or {}).get('api_password'))
+    has_trusted_networks = bool((config.get('http') or {})
+                                .get('trusted_networks'))

    try:
-        await conf_util.async_process_ha_core_config(hass, core_config)
+        await conf_util.async_process_ha_core_config(
+            hass, core_config, has_api_password, has_trusted_networks)
    except vol.Invalid as ex:
        conf_util.async_log_exception(ex, 'homeassistant', core_config, hass)
        return None

-    await hass.async_add_job(conf_util.process_ha_config_upgrade, hass)
+    await hass.async_add_executor_job(
+        conf_util.process_ha_config_upgrade, hass)

    hass.config.skip_pip = skip_pip
    if skip_pip:
@@ -123,7 +127,6 @@ async def async_from_config_dict(config: Dict[str, Any],
    components.update(hass.config_entries.async_domains())

    # setup components
-    # pylint: disable=not-an-iterable
    res = await core_components.async_setup(hass, config)
    if not res:
        _LOGGER.error("Home Assistant core failed to initialize. "
@@ -138,7 +141,7 @@ async def async_from_config_dict(config: Dict[str, Any],
    for component in components:
        if component not in FIRST_INIT_COMPONENT:
            continue
-        hass.async_add_job(async_setup_component(hass, component, config))
+        hass.async_create_task(async_setup_component(hass, component, config))

    await hass.async_block_till_done()

@@ -146,7 +149,7 @@ async def async_from_config_dict(config: Dict[str, Any],
    for component in components:
        if component in FIRST_INIT_COMPONENT:
            continue
-        hass.async_add_job(async_setup_component(hass, component, config))
+        hass.async_create_task(async_setup_component(hass, component, config))

    await hass.async_block_till_done()

@@ -163,7 +166,8 @@ def from_config_file(config_path: str,
                     skip_pip: bool = True,
                     log_rotate_days: Any = None,
                     log_file: Any = None,
-                     log_no_color: bool = False):
+                     log_no_color: bool = False)\
+        -> Optional[core.HomeAssistant]:
    """Read the configuration file and try to start all the functionality.

    Will add functionality to 'hass' parameter if given,
@@ -188,7 +192,8 @@ async def async_from_config_file(config_path: str,
                                 skip_pip: bool = True,
                                 log_rotate_days: Any = None,
                                 log_file: Any = None,
-                                 log_no_color: bool = False):
+                                 log_no_color: bool = False)\
+        -> Optional[core.HomeAssistant]:
    """Read the configuration file and try to start all the functionality.

    Will add functionality to 'hass' parameter.
@@ -205,7 +210,7 @@ async def async_from_config_file(config_path: str,
                         log_no_color)

    try:
-        config_dict = await hass.async_add_job(
+        config_dict = await hass.async_add_executor_job(
            conf_util.load_yaml_config_file, config_path)
    except HomeAssistantError as err:
        _LOGGER.error("Error loading %s: %s", config_path, err)
@@ -220,8 +225,8 @@ async def async_from_config_file(config_path: str,
@core.callback
 def async_enable_logging(hass: core.HomeAssistant,
                         verbose: bool = False,
-                         log_rotate_days=None,
-                         log_file=None,
+                         log_rotate_days: Optional[int] = None,
+                         log_file: Optional[str] = None,
                         log_no_color: bool = False) -> None:
    """Set up the logging.

@@ -290,9 +295,9 @@ def async_enable_logging(hass: core.HomeAssistant,

        async_handler = AsyncHandler(hass.loop, err_handler)

-        async def async_stop_async_handler(event):
+        async def async_stop_async_handler(_: Any) -> None:
            """Cleanup async handler."""
-            logging.getLogger('').removeHandler(async_handler)
+            logging.getLogger('').removeHandler(async_handler)  # type: ignore
            await async_handler.async_close(blocking=True)

        hass.bus.async_listen_once(
@@ -306,7 +311,7 @@ def async_enable_logging(hass: core.HomeAssistant,
        hass.data[DATA_LOGGING] = err_log_path
    else:
        _LOGGER.error(
-            "Unable to setup error log %s (access denied)", err_log_path)
+            "Unable to set up error log %s (access denied)", err_log_path)


 async def async_mount_local_lib_path(config_dir: str) -> str:
--- a/homeassistant/components/init.py
+++ b/homeassistant/components/init.py
@@ -10,6 +10,7 @@ Component design guidelines:
 import asyncio
 import itertools as it
 import logging
+from typing import Awaitable

 import homeassistant.core as ha
 import homeassistant.config as conf_util
@@ -109,7 +110,7 @@ def async_reload_core_config(hass):


@asyncio.coroutine
-def async_setup(hass, config):
+def async_setup(hass: ha.HomeAssistant, config: dict) -> Awaitable[bool]:
    """Set up general services related to Home Assistant."""
    @asyncio.coroutine
    def async_handle_turn_service(service):
@@ -167,7 +168,7 @@ def async_setup(hass, config):
    def async_handle_core_service(call):
        """Service handler for handling core services."""
        if call.service == SERVICE_HOMEASSISTANT_STOP:
-            hass.async_add_job(hass.async_stop())
+            hass.async_create_task(hass.async_stop())
            return

        try:
@@ -183,7 +184,7 @@ def async_setup(hass, config):
            return

        if call.service == SERVICE_HOMEASSISTANT_RESTART:
-            hass.async_add_job(hass.async_stop(RESTART_EXIT_CODE))
+            hass.async_create_task(hass.async_stop(RESTART_EXIT_CODE))

    hass.services.async_register(
        ha.DOMAIN, SERVICE_HOMEASSISTANT_STOP, async_handle_core_service)
--- a/homeassistant/components/abode.py
+++ b/homeassistant/components/abode.py
@@ -85,7 +85,7 @@ ABODE_PLATFORMS = [
 ]


-class AbodeSystem(object):
+class AbodeSystem:
    """Abode System class."""

    def __init__(self, username, password, cache,
--- a/homeassistant/components/ads/init.py
+++ b/homeassistant/components/ads/init.py
@@ -110,7 +110,7 @@ NotificationItem = namedtuple(
 )


-class AdsHub(object):
+class AdsHub:
    """Representation of an ADS connection."""

    def __init__(self, ads_client):
--- a/homeassistant/components/alarm_control_panel/init.py
+++ b/homeassistant/components/alarm_control_panel/init.py
@@ -26,20 +26,6 @@ ATTR_CHANGED_BY = 'changed_by'

 ENTITY_ID_FORMAT = DOMAIN + '.{}'

-SERVICE_TO_METHOD = {
-    SERVICE_ALARM_DISARM: 'alarm_disarm',
-    SERVICE_ALARM_ARM_HOME: 'alarm_arm_home',
-    SERVICE_ALARM_ARM_AWAY: 'alarm_arm_away',
-    SERVICE_ALARM_ARM_NIGHT: 'alarm_arm_night',
-    SERVICE_ALARM_ARM_CUSTOM_BYPASS: 'alarm_arm_custom_bypass',
-    SERVICE_ALARM_TRIGGER: 'alarm_trigger'
-}
-
-ATTR_TO_PROPERTY = [
-    ATTR_CODE,
-    ATTR_CODE_FORMAT
-]
-
 ALARM_SERVICE_SCHEMA = vol.Schema({
    vol.Optional(ATTR_ENTITY_ID): cv.entity_ids,
    vol.Optional(ATTR_CODE): cv.string,
@@ -121,39 +107,49 @@ def alarm_arm_custom_bypass(hass, code=None, entity_id=None):
@asyncio.coroutine
 def async_setup(hass, config):
    """Track states and offer events for sensors."""
-    component = EntityComponent(
+    component = hass.data[DOMAIN] = EntityComponent(
        logging.getLogger(__name__), DOMAIN, hass, SCAN_INTERVAL)

    yield from component.async_setup(config)

-    @asyncio.coroutine
-    def async_alarm_service_handler(service):
-        """Map services to methods on Alarm."""
-        target_alarms = component.async_extract_from_service(service)
-
-        code = service.data.get(ATTR_CODE)
-
-        method = "async_{}".format(SERVICE_TO_METHOD[service.service])
-
-        update_tasks = []
-        for alarm in target_alarms:
-            yield from getattr(alarm, method)(code)
-
-            if not alarm.should_poll:
-                continue
-            update_tasks.append(alarm.async_update_ha_state(True))
-
-        if update_tasks:
-            yield from asyncio.wait(update_tasks, loop=hass.loop)
-
-    for service in SERVICE_TO_METHOD:
-        hass.services.async_register(
-            DOMAIN, service, async_alarm_service_handler,
-            schema=ALARM_SERVICE_SCHEMA)
+    component.async_register_entity_service(
+        SERVICE_ALARM_DISARM, ALARM_SERVICE_SCHEMA,
+        'async_alarm_disarm'
+    )
+    component.async_register_entity_service(
+        SERVICE_ALARM_ARM_HOME, ALARM_SERVICE_SCHEMA,
+        'async_alarm_arm_home'
+    )
+    component.async_register_entity_service(
+        SERVICE_ALARM_ARM_AWAY, ALARM_SERVICE_SCHEMA,
+        'async_alarm_arm_away'
+    )
+    component.async_register_entity_service(
+        SERVICE_ALARM_ARM_NIGHT, ALARM_SERVICE_SCHEMA,
+        'async_alarm_arm_night'
+    )
+    component.async_register_entity_service(
+        SERVICE_ALARM_ARM_CUSTOM_BYPASS, ALARM_SERVICE_SCHEMA,
+        'async_alarm_arm_custom_bypass'
+    )
+    component.async_register_entity_service(
+        SERVICE_ALARM_TRIGGER, ALARM_SERVICE_SCHEMA,
+        'async_alarm_trigger'
+    )

    return True


+async def async_setup_entry(hass, entry):
+    """Set up a config entry."""
+    return await hass.data[DOMAIN].async_setup_entry(entry)
+
+
+async def async_unload_entry(hass, entry):
+    """Unload a config entry."""
+    return await hass.data[DOMAIN].async_unload_entry(entry)
+
+
 # pylint: disable=no-self-use
 class AlarmControlPanel(Entity):
    """An abstract class for alarm control devices."""
@@ -177,7 +173,7 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_disarm, code)
+        return self.hass.async_add_executor_job(self.alarm_disarm, code)

    def alarm_arm_home(self, code=None):
        """Send arm home command."""
@@ -188,7 +184,7 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_arm_home, code)
+        return self.hass.async_add_executor_job(self.alarm_arm_home, code)

    def alarm_arm_away(self, code=None):
        """Send arm away command."""
@@ -199,7 +195,7 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_arm_away, code)
+        return self.hass.async_add_executor_job(self.alarm_arm_away, code)

    def alarm_arm_night(self, code=None):
        """Send arm night command."""
@@ -210,7 +206,7 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_arm_night, code)
+        return self.hass.async_add_executor_job(self.alarm_arm_night, code)

    def alarm_trigger(self, code=None):
        """Send alarm trigger command."""
@@ -221,7 +217,7 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_trigger, code)
+        return self.hass.async_add_executor_job(self.alarm_trigger, code)

    def alarm_arm_custom_bypass(self, code=None):
        """Send arm custom bypass command."""
@@ -232,7 +228,8 @@ class AlarmControlPanel(Entity):

        This method must be run in the event loop and returns a coroutine.
        """
-        return self.hass.async_add_job(self.alarm_arm_custom_bypass, code)
+        return self.hass.async_add_executor_job(
+            self.alarm_arm_custom_bypass, code)

    @property
    def state_attributes(self):
--- a/homeassistant/components/alarm_control_panel/abode.py
+++ b/homeassistant/components/alarm_control_panel/abode.py
@@ -20,7 +20,7 @@ _LOGGER = logging.getLogger(__name__)
 ICON = 'mdi:security'


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up an alarm control panel for an Abode device."""
    data = hass.data[ABODE_DOMAIN]

@@ -28,7 +28,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):

    data.devices.extend(alarm_devices)

-    add_devices(alarm_devices)
+    add_entities(alarm_devices)


 class AbodeAlarm(AbodeDevice, AlarmControlPanel):
--- a/homeassistant/components/alarm_control_panel/alarmdecoder.py
+++ b/homeassistant/components/alarm_control_panel/alarmdecoder.py
@@ -26,10 +26,10 @@ ALARM_TOGGLE_CHIME_SCHEMA = vol.Schema({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up for AlarmDecoder alarm panels."""
    device = AlarmDecoderAlarmPanel()
-    add_devices([device])
+    add_entities([device])

    def alarm_toggle_chime_handler(service):
        """Register toggle chime handler."""
--- a/homeassistant/components/alarm_control_panel/alarmdotcom.py
+++ b/homeassistant/components/alarm_control_panel/alarmdotcom.py
@@ -33,7 +33,8 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({


@asyncio.coroutine
-def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
+def async_setup_platform(hass, config, async_add_entities,
+                         discovery_info=None):
    """Set up a Alarm.com control panel."""
    name = config.get(CONF_NAME)
    code = config.get(CONF_CODE)
@@ -42,7 +43,7 @@ def async_setup_platform(hass, config, async_add_devices, discovery_info=None):

    alarmdotcom = AlarmDotCom(hass, name, code, username, password)
    yield from alarmdotcom.async_login()
-    async_add_devices([alarmdotcom])
+    async_add_entities([alarmdotcom])


 class AlarmDotCom(alarm.AlarmControlPanel):
@@ -83,7 +84,7 @@ class AlarmDotCom(alarm.AlarmControlPanel):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

@@ -92,9 +93,9 @@ class AlarmDotCom(alarm.AlarmControlPanel):
        """Return the state of the device."""
        if self._alarm.state.lower() == 'disarmed':
            return STATE_ALARM_DISARMED
-        elif self._alarm.state.lower() == 'armed stay':
+        if self._alarm.state.lower() == 'armed stay':
            return STATE_ALARM_ARMED_HOME
-        elif self._alarm.state.lower() == 'armed away':
+        if self._alarm.state.lower() == 'armed away':
            return STATE_ALARM_ARMED_AWAY
        return STATE_UNKNOWN

--- a/homeassistant/components/alarm_control_panel/arlo.py
+++ b/homeassistant/components/alarm_control_panel/arlo.py
@@ -38,7 +38,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Arlo Alarm Control Panels."""
    arlo = hass.data[DATA_ARLO]

@@ -51,7 +51,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
    for base_station in arlo.base_stations:
        base_stations.append(ArloBaseStation(base_station, home_mode_name,
                                             away_mode_name))
-    add_devices(base_stations, True)
+    add_entities(base_stations, True)


 class ArloBaseStation(AlarmControlPanel):
@@ -122,10 +122,10 @@ class ArloBaseStation(AlarmControlPanel):
        """Convert Arlo mode to Home Assistant state."""
        if mode == ARMED:
            return STATE_ALARM_ARMED_AWAY
-        elif mode == DISARMED:
+        if mode == DISARMED:
            return STATE_ALARM_DISARMED
-        elif mode == self._home_mode_name:
+        if mode == self._home_mode_name:
            return STATE_ALARM_ARMED_HOME
-        elif mode == self._away_mode_name:
+        if mode == self._away_mode_name:
            return STATE_ALARM_ARMED_AWAY
        return mode
--- a/homeassistant/components/alarm_control_panel/canary.py
+++ b/homeassistant/components/alarm_control_panel/canary.py
@@ -16,7 +16,7 @@ DEPENDENCIES = ['canary']
 _LOGGER = logging.getLogger(__name__)


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Canary alarms."""
    data = hass.data[DATA_CANARY]
    devices = []
@@ -24,7 +24,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
    for location in data.locations:
        devices.append(CanaryAlarm(data, location.location_id))

-    add_devices(devices, True)
+    add_entities(devices, True)


 class CanaryAlarm(AlarmControlPanel):
@@ -55,9 +55,9 @@ class CanaryAlarm(AlarmControlPanel):
        mode = location.mode
        if mode.name == LOCATION_MODE_AWAY:
            return STATE_ALARM_ARMED_AWAY
-        elif mode.name == LOCATION_MODE_HOME:
+        if mode.name == LOCATION_MODE_HOME:
            return STATE_ALARM_ARMED_HOME
-        elif mode.name == LOCATION_MODE_NIGHT:
+        if mode.name == LOCATION_MODE_NIGHT:
            return STATE_ALARM_ARMED_NIGHT
        return None

--- a/homeassistant/components/alarm_control_panel/concord232.py
+++ b/homeassistant/components/alarm_control_panel/concord232.py
@@ -35,7 +35,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Concord232 alarm control panel platform."""
    name = config.get(CONF_NAME)
    host = config.get(CONF_HOST)
@@ -44,7 +44,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
    url = 'http://{}:{}'.format(host, port)

    try:
-        add_devices([Concord232Alarm(hass, url, name)])
+        add_entities([Concord232Alarm(hass, url, name)])
    except requests.exceptions.ConnectionError as ex:
        _LOGGER.error("Unable to connect to Concord232: %s", str(ex))
        return
--- a/homeassistant/components/alarm_control_panel/demo.py
+++ b/homeassistant/components/alarm_control_panel/demo.py
@@ -5,7 +5,7 @@ For more details about this platform, please refer to the documentation
 https://home-assistant.io/components/demo/
 """
 import datetime
-import homeassistant.components.alarm_control_panel.manual as manual
+from homeassistant.components.alarm_control_panel import manual
 from homeassistant.const import (
    STATE_ALARM_ARMED_AWAY, STATE_ALARM_ARMED_CUSTOM_BYPASS,
    STATE_ALARM_ARMED_HOME, STATE_ALARM_ARMED_NIGHT,
@@ -13,9 +13,9 @@ from homeassistant.const import (
    CONF_PENDING_TIME, CONF_TRIGGER_TIME)


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Demo alarm control panel platform."""
-    add_devices([
+    add_entities([
        manual.ManualAlarm(hass, 'Alarm', '1234', None, False, {
            STATE_ALARM_ARMED_AWAY: {
                CONF_DELAY_TIME: datetime.timedelta(seconds=0),
--- a/homeassistant/components/alarm_control_panel/egardia.py
+++ b/homeassistant/components/alarm_control_panel/egardia.py
@@ -34,7 +34,7 @@ STATES = {
 }


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Egardia platform."""
    if discovery_info is None:
        return
@@ -45,7 +45,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
        discovery_info.get(CONF_REPORT_SERVER_CODES),
        discovery_info[CONF_REPORT_SERVER_PORT])
    # add egardia alarm device
-    add_devices([device], True)
+    add_entities([device], True)


 class EgardiaAlarm(alarm.AlarmControlPanel):
--- a/homeassistant/components/alarm_control_panel/envisalink.py
+++ b/homeassistant/components/alarm_control_panel/envisalink.py
@@ -33,7 +33,8 @@ ALARM_KEYPRESS_SCHEMA = vol.Schema({


@asyncio.coroutine
-def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
+def async_setup_platform(hass, config, async_add_entities,
+                         discovery_info=None):
    """Perform the setup for Envisalink alarm panels."""
    configured_partitions = discovery_info['partitions']
    code = discovery_info[CONF_CODE]
@@ -53,7 +54,7 @@ def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
        )
        devices.append(device)

-    async_add_devices(devices)
+    async_add_entities(devices)

    @callback
    def alarm_keypress_handler(service):
--- a/homeassistant/components/alarm_control_panel/homematicip_cloud.py
+++ b/homeassistant/components/alarm_control_panel/homematicip_cloud.py
@@ -0,0 +1,83 @@
+"""
+Support for HomematicIP Cloud alarm control panel.
+
+For more details about this platform, please refer to the documentation at
+https://home-assistant.io/components/alarm_control_panel.homematicip_cloud/
+"""
+
+import logging
+
+from homeassistant.components.alarm_control_panel import AlarmControlPanel
+from homeassistant.components.homematicip_cloud import (
+    HMIPC_HAPID, HomematicipGenericDevice)
+from homeassistant.components.homematicip_cloud import DOMAIN as HMIPC_DOMAIN
+from homeassistant.const import (
+    STATE_ALARM_ARMED_AWAY, STATE_ALARM_ARMED_HOME, STATE_ALARM_DISARMED,
+    STATE_ALARM_TRIGGERED)
+
+_LOGGER = logging.getLogger(__name__)
+
+DEPENDENCIES = ['homematicip_cloud']
+
+HMIP_ZONE_AWAY = 'EXTERNAL'
+HMIP_ZONE_HOME = 'INTERNAL'
+
+
+async def async_setup_platform(
+        hass, config, async_add_entities, discovery_info=None):
+    """Set up the HomematicIP Cloud alarm control devices."""
+    pass
+
+
+async def async_setup_entry(hass, config_entry, async_add_entities):
+    """Set up the HomematicIP alarm control panel from a config entry."""
+    from homematicip.aio.group import AsyncSecurityZoneGroup
+
+    home = hass.data[HMIPC_DOMAIN][config_entry.data[HMIPC_HAPID]].home
+    devices = []
+    for group in home.groups:
+        if isinstance(group, AsyncSecurityZoneGroup):
+            devices.append(HomematicipSecurityZone(home, group))
+
+    if devices:
+        async_add_entities(devices)
+
+
+class HomematicipSecurityZone(HomematicipGenericDevice, AlarmControlPanel):
+    """Representation of an HomematicIP Cloud security zone group."""
+
+    def __init__(self, home, device):
+        """Initialize the security zone group."""
+        device.modelType = 'Group-SecurityZone'
+        device.windowState = ''
+        super().__init__(home, device)
+
+    @property
+    def state(self):
+        """Return the state of the device."""
+        from homematicip.base.enums import WindowState
+
+        if self._device.active:
+            if (self._device.sabotage or self._device.motionDetected or
+                    self._device.windowState == WindowState.OPEN):
+                return STATE_ALARM_TRIGGERED
+
+            active = self._home.get_security_zones_activation()
+            if active == (True, True):
+                return STATE_ALARM_ARMED_AWAY
+            if active == (False, True):
+                return STATE_ALARM_ARMED_HOME
+
+        return STATE_ALARM_DISARMED
+
+    async def async_alarm_disarm(self, code=None):
+        """Send disarm command."""
+        await self._home.set_security_zones_activation(False, False)
+
+    async def async_alarm_arm_home(self, code=None):
+        """Send arm home command."""
+        await self._home.set_security_zones_activation(True, False)
+
+    async def async_alarm_arm_away(self, code=None):
+        """Send arm away command."""
+        await self._home.set_security_zones_activation(True, True)
--- a/homeassistant/components/alarm_control_panel/ialarm.py
+++ b/homeassistant/components/alarm_control_panel/ialarm.py
@@ -40,7 +40,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up an iAlarm control panel."""
    name = config.get(CONF_NAME)
    username = config.get(CONF_USERNAME)
@@ -49,7 +49,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):

    url = 'http://{}'.format(host)
    ialarm = IAlarmPanel(name, username, password, url)
-    add_devices([ialarm], True)
+    add_entities([ialarm], True)


 class IAlarmPanel(alarm.AlarmControlPanel):
--- a/homeassistant/components/alarm_control_panel/ifttt.py
+++ b/homeassistant/components/alarm_control_panel/ifttt.py
@@ -59,7 +59,7 @@ PUSH_ALARM_STATE_SERVICE_SCHEMA = vol.Schema({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up a control panel managed through IFTTT."""
    if DATA_IFTTT_ALARM not in hass.data:
        hass.data[DATA_IFTTT_ALARM] = []
@@ -75,7 +75,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
    alarmpanel = IFTTTAlarmPanel(name, code, event_away, event_home,
                                 event_night, event_disarm, optimistic)
    hass.data[DATA_IFTTT_ALARM].append(alarmpanel)
-    add_devices([alarmpanel])
+    add_entities([alarmpanel])

    async def push_state_update(service):
        """Set the service state as device state attribute."""
@@ -128,7 +128,7 @@ class IFTTTAlarmPanel(alarm.AlarmControlPanel):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

--- a/homeassistant/components/alarm_control_panel/manual.py
+++ b/homeassistant/components/alarm_control_panel/manual.py
@@ -103,9 +103,9 @@ PLATFORM_SCHEMA = vol.Schema(vol.All({
 }, _state_validator))


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the manual alarm platform."""
-    add_devices([ManualAlarm(
+    add_entities([ManualAlarm(
        hass,
        config[CONF_NAME],
        config.get(CONF_CODE),
@@ -205,7 +205,7 @@ class ManualAlarm(alarm.AlarmControlPanel):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

--- a/homeassistant/components/alarm_control_panel/manual_mqtt.py
+++ b/homeassistant/components/alarm_control_panel/manual_mqtt.py
@@ -19,7 +19,7 @@ from homeassistant.const import (
    STATE_ALARM_DISARMED, STATE_ALARM_PENDING, STATE_ALARM_TRIGGERED,
    CONF_PLATFORM, CONF_NAME, CONF_CODE, CONF_DELAY_TIME, CONF_PENDING_TIME,
    CONF_TRIGGER_TIME, CONF_DISARM_AFTER_TRIGGER)
-import homeassistant.components.mqtt as mqtt
+from homeassistant.components import mqtt

 from homeassistant.helpers.event import async_track_state_change
 from homeassistant.core import callback
@@ -123,9 +123,9 @@ PLATFORM_SCHEMA = vol.Schema(vol.All(mqtt.MQTT_BASE_PLATFORM_SCHEMA.extend({
 }), _state_validator))


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the manual MQTT alarm platform."""
-    add_devices([ManualMQTTAlarm(
+    add_entities([ManualMQTTAlarm(
        hass,
        config[CONF_NAME],
        config.get(CONF_CODE),
@@ -241,7 +241,7 @@ class ManualMQTTAlarm(alarm.AlarmControlPanel):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

--- a/homeassistant/components/alarm_control_panel/mqtt.py
+++ b/homeassistant/components/alarm_control_panel/mqtt.py
@@ -12,7 +12,7 @@ import voluptuous as vol

 from homeassistant.core import callback
 import homeassistant.components.alarm_control_panel as alarm
-import homeassistant.components.mqtt as mqtt
+from homeassistant.components import mqtt
 from homeassistant.const import (
    STATE_ALARM_ARMED_AWAY, STATE_ALARM_ARMED_HOME, STATE_ALARM_DISARMED,
    STATE_ALARM_PENDING, STATE_ALARM_TRIGGERED, STATE_UNKNOWN,
@@ -20,7 +20,7 @@ from homeassistant.const import (
 from homeassistant.components.mqtt import (
    CONF_AVAILABILITY_TOPIC, CONF_STATE_TOPIC, CONF_COMMAND_TOPIC,
    CONF_PAYLOAD_AVAILABLE, CONF_PAYLOAD_NOT_AVAILABLE, CONF_QOS,
-    MqttAvailability)
+    CONF_RETAIN, MqttAvailability)
 import homeassistant.helpers.config_validation as cv

 _LOGGER = logging.getLogger(__name__)
@@ -47,13 +47,18 @@ PLATFORM_SCHEMA = mqtt.MQTT_BASE_PLATFORM_SCHEMA.extend({


@asyncio.coroutine
-def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
+def async_setup_platform(hass, config, async_add_entities,
+                         discovery_info=None):
    """Set up the MQTT Alarm Control Panel platform."""
-    async_add_devices([MqttAlarm(
+    if discovery_info is not None:
+        config = PLATFORM_SCHEMA(discovery_info)
+
+    async_add_entities([MqttAlarm(
        config.get(CONF_NAME),
        config.get(CONF_STATE_TOPIC),
        config.get(CONF_COMMAND_TOPIC),
        config.get(CONF_QOS),
+        config.get(CONF_RETAIN),
        config.get(CONF_PAYLOAD_DISARM),
        config.get(CONF_PAYLOAD_ARM_HOME),
        config.get(CONF_PAYLOAD_ARM_AWAY),
@@ -66,9 +71,9 @@ def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
 class MqttAlarm(MqttAvailability, alarm.AlarmControlPanel):
    """Representation of a MQTT alarm status."""

-    def __init__(self, name, state_topic, command_topic, qos, payload_disarm,
-                 payload_arm_home, payload_arm_away, code, availability_topic,
-                 payload_available, payload_not_available):
+    def __init__(self, name, state_topic, command_topic, qos, retain,
+                 payload_disarm, payload_arm_home, payload_arm_away, code,
+                 availability_topic, payload_available, payload_not_available):
        """Init the MQTT Alarm Control Panel."""
        super().__init__(availability_topic, qos, payload_available,
                         payload_not_available)
@@ -77,6 +82,7 @@ class MqttAlarm(MqttAvailability, alarm.AlarmControlPanel):
        self._state_topic = state_topic
        self._command_topic = command_topic
        self._qos = qos
+        self._retain = retain
        self._payload_disarm = payload_disarm
        self._payload_arm_home = payload_arm_home
        self._payload_arm_away = payload_arm_away
@@ -121,7 +127,7 @@ class MqttAlarm(MqttAvailability, alarm.AlarmControlPanel):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

@@ -134,7 +140,8 @@ class MqttAlarm(MqttAvailability, alarm.AlarmControlPanel):
        if not self._validate_code(code, 'disarming'):
            return
        mqtt.async_publish(
-            self.hass, self._command_topic, self._payload_disarm, self._qos)
+            self.hass, self._command_topic, self._payload_disarm, self._qos,
+            self._retain)

    @asyncio.coroutine
    def async_alarm_arm_home(self, code=None):
@@ -145,7 +152,8 @@ class MqttAlarm(MqttAvailability, alarm.AlarmControlPanel):
        if not self._validate_code(code, 'arming home'):
            return
        mqtt.async_publish(
-            self.hass, self._command_topic, self._payload_arm_home, self._qos)
+            self.hass, self._command_topic, self._payload_arm_home, self._qos,
+            self._retain)

    @asyncio.coroutine
    def async_alarm_arm_away(self, code=None):
@@ -156,7 +164,8 @@ class MqttAlarm(MqttAvailability, alarm.AlarmControlPanel):
        if not self._validate_code(code, 'arming away'):
            return
        mqtt.async_publish(
-            self.hass, self._command_topic, self._payload_arm_away, self._qos)
+            self.hass, self._command_topic, self._payload_arm_away, self._qos,
+            self._retain)

    def _validate_code(self, code, state):
        """Validate given code."""
--- a/homeassistant/components/alarm_control_panel/nx584.py
+++ b/homeassistant/components/alarm_control_panel/nx584.py
@@ -31,7 +31,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the NX584 platform."""
    name = config.get(CONF_NAME)
    host = config.get(CONF_HOST)
@@ -40,7 +40,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
    url = 'http://{}:{}'.format(host, port)

    try:
-        add_devices([NX584Alarm(hass, url, name)])
+        add_entities([NX584Alarm(hass, url, name)])
    except requests.exceptions.ConnectionError as ex:
        _LOGGER.error("Unable to connect to NX584: %s", str(ex))
        return False
--- a/homeassistant/components/alarm_control_panel/satel_integra.py
+++ b/homeassistant/components/alarm_control_panel/satel_integra.py
@@ -19,14 +19,15 @@ DEPENDENCIES = ['satel_integra']


@asyncio.coroutine
-def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
+def async_setup_platform(hass, config, async_add_entities,
+                         discovery_info=None):
    """Set up for Satel Integra alarm panels."""
    if not discovery_info:
        return

    device = SatelIntegraAlarmPanel(
        "Alarm Panel", discovery_info.get(CONF_ARM_HOME_MODE))
-    async_add_devices([device])
+    async_add_entities([device])


 class SatelIntegraAlarmPanel(alarm.AlarmControlPanel):
--- a/homeassistant/components/alarm_control_panel/simplisafe.py
+++ b/homeassistant/components/alarm_control_panel/simplisafe.py
@@ -9,23 +9,22 @@ import re

 import voluptuous as vol

-import homeassistant.components.alarm_control_panel as alarm
-from homeassistant.components.alarm_control_panel import PLATFORM_SCHEMA
+from homeassistant.components.alarm_control_panel import (
+    PLATFORM_SCHEMA, AlarmControlPanel)
 from homeassistant.const import (
    CONF_CODE, CONF_NAME, CONF_PASSWORD, CONF_USERNAME,
-    EVENT_HOMEASSISTANT_STOP, STATE_ALARM_ARMED_AWAY, STATE_ALARM_ARMED_HOME,
+    STATE_ALARM_ARMED_AWAY, STATE_ALARM_ARMED_HOME,
    STATE_ALARM_DISARMED, STATE_UNKNOWN)
 import homeassistant.helpers.config_validation as cv

-REQUIREMENTS = ['simplisafe-python==1.0.5']
+REQUIREMENTS = ['simplisafe-python==2.0.2']

 _LOGGER = logging.getLogger(__name__)

 DEFAULT_NAME = 'SimpliSafe'
-DOMAIN = 'simplisafe'

-NOTIFICATION_ID = 'simplisafe_notification'
-NOTIFICATION_TITLE = 'SimpliSafe Setup'
+ATTR_ALARM_ACTIVE = "alarm_active"
+ATTR_TEMPERATURE = "temperature"

 PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
    vol.Required(CONF_PASSWORD): cv.string,
@@ -35,38 +34,29 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the SimpliSafe platform."""
-    from simplipy.api import SimpliSafeApiInterface, get_systems
+    from simplipy.api import SimpliSafeApiInterface, SimpliSafeAPIException
    name = config.get(CONF_NAME)
    code = config.get(CONF_CODE)
    username = config.get(CONF_USERNAME)
    password = config.get(CONF_PASSWORD)

-    simplisafe = SimpliSafeApiInterface()
-    status = simplisafe.set_credentials(username, password)
-    if status:
-        hass.data[DOMAIN] = simplisafe
-        locations = get_systems(simplisafe)
-        for location in locations:
-            add_devices([SimpliSafeAlarm(location, name, code)])
-    else:
-        message = 'Failed to log into SimpliSafe. Check credentials.'
-        _LOGGER.error(message)
-        hass.components.persistent_notification.create(
-            message,
-            title=NOTIFICATION_TITLE,
-            notification_id=NOTIFICATION_ID)
-        return False
+    try:
+        simplisafe = SimpliSafeApiInterface(username, password)
+    except SimpliSafeAPIException:
+        _LOGGER.error("Failed to set up SimpliSafe")
+        return

-    def logout(event):
-        """Logout of the SimpliSafe API."""
-        hass.data[DOMAIN].logout()
+    systems = []

-    hass.bus.listen(EVENT_HOMEASSISTANT_STOP, logout)
+    for system in simplisafe.get_systems():
+        systems.append(SimpliSafeAlarm(system, name, code))
+
+    add_entities(systems)


-class SimpliSafeAlarm(alarm.AlarmControlPanel):
+class SimpliSafeAlarm(AlarmControlPanel):
    """Representation of a SimpliSafe alarm."""

    def __init__(self, simplisafe, name, code):
@@ -75,31 +65,37 @@ class SimpliSafeAlarm(alarm.AlarmControlPanel):
        self._name = name
        self._code = str(code) if code else None

+    @property
+    def unique_id(self):
+        """Return the unique ID."""
+        return self.simplisafe.location_id
+
    @property
    def name(self):
        """Return the name of the device."""
        if self._name is not None:
            return self._name
-        return 'Alarm {}'.format(self.simplisafe.location_id())
+        return 'Alarm {}'.format(self.simplisafe.location_id)

    @property
    def code_format(self):
        """Return one or more digits/characters."""
        if self._code is None:
            return None
-        elif isinstance(self._code, str) and re.search('^\\d+$', self._code):
+        if isinstance(self._code, str) and re.search('^\\d+$', self._code):
            return 'Number'
        return 'Any'

    @property
    def state(self):
        """Return the state of the device."""
-        status = self.simplisafe.state()
-        if status == 'off':
+        status = self.simplisafe.state
+        if status.lower() == 'off':
            state = STATE_ALARM_DISARMED
-        elif status == 'home':
+        elif status.lower() == 'home' or status.lower() == 'home_count':
            state = STATE_ALARM_ARMED_HOME
-        elif status == 'away':
+        elif (status.lower() == 'away' or status.lower() == 'exitDelay' or
+              status.lower() == 'away_count'):
            state = STATE_ALARM_ARMED_AWAY
        else:
            state = STATE_UNKNOWN
@@ -108,14 +104,13 @@ class SimpliSafeAlarm(alarm.AlarmControlPanel):
    @property
    def device_state_attributes(self):
        """Return the state attributes."""
-        return {
-            'alarm': self.simplisafe.alarm(),
-            'co': self.simplisafe.carbon_monoxide(),
-            'fire': self.simplisafe.fire(),
-            'flood': self.simplisafe.flood(),
-            'last_event': self.simplisafe.last_event(),
-            'temperature': self.simplisafe.temperature(),
-        }
+        attributes = {}
+
+        attributes[ATTR_ALARM_ACTIVE] = self.simplisafe.alarm_active
+        if self.simplisafe.temperature is not None:
+            attributes[ATTR_TEMPERATURE] = self.simplisafe.temperature
+
+        return attributes

    def update(self):
        """Update alarm status."""
--- a/homeassistant/components/alarm_control_panel/spc.py
+++ b/homeassistant/components/alarm_control_panel/spc.py
@@ -29,7 +29,8 @@ def _get_alarm_state(spc_mode):


@asyncio.coroutine
-def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
+def async_setup_platform(hass, config, async_add_entities,
+                         discovery_info=None):
    """Set up the SPC alarm control panel platform."""
    if (discovery_info is None or
            discovery_info[ATTR_DISCOVER_AREAS] is None):
@@ -39,7 +40,7 @@ def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
    devices = [SpcAlarm(api, area)
               for area in discovery_info[ATTR_DISCOVER_AREAS]]

-    async_add_devices(devices)
+    async_add_entities(devices)


 class SpcAlarm(alarm.AlarmControlPanel):
--- a/homeassistant/components/alarm_control_panel/totalconnect.py
+++ b/homeassistant/components/alarm_control_panel/totalconnect.py
@@ -31,14 +31,14 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up a TotalConnect control panel."""
    name = config.get(CONF_NAME)
    username = config.get(CONF_USERNAME)
    password = config.get(CONF_PASSWORD)

    total_connect = TotalConnect(name, username, password)
-    add_devices([total_connect], True)
+    add_entities([total_connect], True)


 class TotalConnect(alarm.AlarmControlPanel):
--- a/homeassistant/components/alarm_control_panel/verisure.py
+++ b/homeassistant/components/alarm_control_panel/verisure.py
@@ -17,13 +17,13 @@ from homeassistant.const import (
 _LOGGER = logging.getLogger(__name__)


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Verisure platform."""
    alarms = []
    if int(hub.config.get(CONF_ALARM, 1)):
        hub.update_overview()
        alarms.append(VerisureAlarm())
-    add_devices(alarms)
+    add_entities(alarms)


 def set_arm_state(state, code=None):
--- a/homeassistant/components/alarm_control_panel/wink.py
+++ b/homeassistant/components/alarm_control_panel/wink.py
@@ -20,7 +20,7 @@ DEPENDENCIES = ['wink']
 STATE_ALARM_PRIVACY = 'Private'


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Wink platform."""
    import pywink

@@ -32,7 +32,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
        except AttributeError:
            _id = camera.object_id() + camera.name()
            if _id not in hass.data[DOMAIN]['unique_ids']:
-                add_devices([WinkCameraDevice(camera, hass)])
+                add_entities([WinkCameraDevice(camera, hass)])


 class WinkCameraDevice(WinkDevice, alarm.AlarmControlPanel):
--- a/homeassistant/components/alarmdecoder.py
+++ b/homeassistant/components/alarmdecoder.py
@@ -34,6 +34,8 @@ CONF_ZONE_NAME = 'name'
 CONF_ZONE_TYPE = 'type'
 CONF_ZONE_RFID = 'rfid'
 CONF_ZONES = 'zones'
+CONF_RELAY_ADDR = 'relayaddr'
+CONF_RELAY_CHAN = 'relaychan'

 DEFAULT_DEVICE_TYPE = 'socket'
 DEFAULT_DEVICE_HOST = 'localhost'
@@ -53,6 +55,7 @@ SIGNAL_PANEL_DISARM = 'alarmdecoder.panel_disarm'
 SIGNAL_ZONE_FAULT = 'alarmdecoder.zone_fault'
 SIGNAL_ZONE_RESTORE = 'alarmdecoder.zone_restore'
 SIGNAL_RFX_MESSAGE = 'alarmdecoder.rfx_message'
+SIGNAL_REL_MESSAGE = 'alarmdecoder.rel_message'

 DEVICE_SOCKET_SCHEMA = vol.Schema({
    vol.Required(CONF_DEVICE_TYPE): 'socket',
@@ -71,7 +74,11 @@ ZONE_SCHEMA = vol.Schema({
    vol.Required(CONF_ZONE_NAME): cv.string,
    vol.Optional(CONF_ZONE_TYPE,
                 default=DEFAULT_ZONE_TYPE): vol.Any(DEVICE_CLASSES_SCHEMA),
-    vol.Optional(CONF_ZONE_RFID): cv.string})
+    vol.Optional(CONF_ZONE_RFID): cv.string,
+    vol.Inclusive(CONF_RELAY_ADDR, 'relaylocation',
+                  'Relay address and channel must exist together'): cv.byte,
+    vol.Inclusive(CONF_RELAY_CHAN, 'relaylocation',
+                  'Relay address and channel must exist together'): cv.byte})

 CONFIG_SCHEMA = vol.Schema({
    DOMAIN: vol.Schema({
@@ -153,6 +160,11 @@ def setup(hass, config):
        hass.helpers.dispatcher.dispatcher_send(
            SIGNAL_ZONE_RESTORE, zone)

+    def handle_rel_message(sender, message):
+        """Handle relay message from AlarmDecoder."""
+        hass.helpers.dispatcher.dispatcher_send(
+            SIGNAL_REL_MESSAGE, message)
+
    controller = False
    if device_type == 'socket':
        host = device.get(CONF_DEVICE_HOST)
@@ -171,6 +183,7 @@ def setup(hass, config):
    controller.on_zone_fault += zone_fault_callback
    controller.on_zone_restore += zone_restore_callback
    controller.on_close += handle_closed_connection
+    controller.on_relay_changed += handle_rel_message

    hass.data[DATA_AD] = controller

--- a/homeassistant/components/alert.py
+++ b/homeassistant/components/alert.py
@@ -68,7 +68,7 @@ def turn_on(hass, entity_id):
 def async_turn_on(hass, entity_id):
    """Async reset the alert."""
    data = {ATTR_ENTITY_ID: entity_id}
-    hass.async_add_job(
+    hass.async_create_task(
        hass.services.async_call(DOMAIN, SERVICE_TURN_ON, data))


@@ -81,7 +81,7 @@ def turn_off(hass, entity_id):
 def async_turn_off(hass, entity_id):
    """Async acknowledge the alert."""
    data = {ATTR_ENTITY_ID: entity_id}
-    hass.async_add_job(
+    hass.async_create_task(
        hass.services.async_call(DOMAIN, SERVICE_TURN_OFF, data))


@@ -94,7 +94,7 @@ def toggle(hass, entity_id):
 def async_toggle(hass, entity_id):
    """Async toggle acknowledgement of alert."""
    data = {ATTR_ENTITY_ID: entity_id}
-    hass.async_add_job(
+    hass.async_create_task(
        hass.services.async_call(DOMAIN, SERVICE_TOGGLE, data))


@@ -111,6 +111,7 @@ def async_setup(hass, config):

        for alert_id in alert_ids:
            alert = all_alerts[alert_id]
+            alert.async_set_context(service_call.context)
            if service_call.service == SERVICE_TURN_ON:
                yield from alert.async_turn_on()
            elif service_call.service == SERVICE_TOGGLE:
@@ -217,7 +218,7 @@ class Alert(ToggleEntity):
        else:
            yield from self._schedule_notify()

-        self.hass.async_add_job(self.async_update_ha_state)
+        self.async_schedule_update_ha_state()

    @asyncio.coroutine
    def end_alerting(self):
@@ -228,7 +229,7 @@ class Alert(ToggleEntity):
        self._firing = False
        if self._done_message and self._send_done_message:
            yield from self._notify_done_message()
-        self.hass.async_add_job(self.async_update_ha_state)
+        self.async_schedule_update_ha_state()

    @asyncio.coroutine
    def _schedule_notify(self):
--- a/homeassistant/components/alexa/intent.py
+++ b/homeassistant/components/alexa/intent.py
@@ -210,7 +210,7 @@ def resolve_slot_synonyms(key, request):
    return resolved_value


-class AlexaResponse(object):
+class AlexaResponse:
    """Help generating the response for Alexa."""

    def __init__(self, hass, intent_info):
--- a/homeassistant/components/alexa/smart_home.py
+++ b/homeassistant/components/alexa/smart_home.py
@@ -13,12 +13,13 @@ import homeassistant.util.color as color_util
 from homeassistant.util.temperature import convert as convert_temperature
 from homeassistant.util.decorator import Registry
 from homeassistant.const import (
-    ATTR_ENTITY_ID, ATTR_SUPPORTED_FEATURES, ATTR_TEMPERATURE, CONF_NAME,
-    SERVICE_LOCK, SERVICE_MEDIA_NEXT_TRACK, SERVICE_MEDIA_PAUSE,
-    SERVICE_MEDIA_PLAY, SERVICE_MEDIA_PREVIOUS_TRACK, SERVICE_MEDIA_STOP,
+    ATTR_ENTITY_ID, ATTR_SUPPORTED_FEATURES, ATTR_TEMPERATURE,
+    ATTR_UNIT_OF_MEASUREMENT, CONF_NAME, SERVICE_LOCK,
+    SERVICE_MEDIA_NEXT_TRACK, SERVICE_MEDIA_PAUSE, SERVICE_MEDIA_PLAY,
+    SERVICE_MEDIA_PREVIOUS_TRACK, SERVICE_MEDIA_STOP,
    SERVICE_SET_COVER_POSITION, SERVICE_TURN_OFF, SERVICE_TURN_ON,
    SERVICE_UNLOCK, SERVICE_VOLUME_SET, TEMP_FAHRENHEIT, TEMP_CELSIUS,
-    CONF_UNIT_OF_MEASUREMENT, STATE_LOCKED, STATE_UNLOCKED, STATE_ON)
+    STATE_LOCKED, STATE_UNLOCKED, STATE_ON)

 from .const import CONF_FILTER, CONF_ENTITY_CONFIG

@@ -53,9 +54,10 @@ CONF_DISPLAY_CATEGORIES = 'display_categories'

 HANDLERS = Registry()
 ENTITY_ADAPTERS = Registry()
+EVENT_ALEXA_SMART_HOME = 'alexa_smart_home'


-class _DisplayCategory(object):
+class _DisplayCategory:
    """Possible display categories for Discovery response.

    https://developer.amazon.com/docs/device-apis/alexa-discovery.html#display-categories
@@ -107,7 +109,6 @@ class _DisplayCategory(object):
    THERMOSTAT = "THERMOSTAT"

    # Indicates the endpoint is a television.
-    # pylint: disable=invalid-name
    TV = "TV"


@@ -154,13 +155,14 @@ class _UnsupportedProperty(Exception):
    """This entity does not support the requested Smart Home API property."""


-class _AlexaEntity(object):
+class _AlexaEntity:
    """An adaptation of an entity, expressed in Alexa's terms.

    The API handlers should manipulate entities only through this interface.
    """

-    def __init__(self, config, entity):
+    def __init__(self, hass, config, entity):
+        self.hass = hass
        self.config = config
        self.entity = entity
        self.entity_conf = config.entity_config.get(entity.entity_id, {})
@@ -209,7 +211,7 @@ class _AlexaEntity(object):
        raise NotImplementedError


-class _AlexaInterface(object):
+class _AlexaInterface:
    def __init__(self, entity):
        self.entity = entity

@@ -271,11 +273,14 @@ class _AlexaInterface(object):
        """Return properties serialized for an API response."""
        for prop in self.properties_supported():
            prop_name = prop['name']
-            yield {
-                'name': prop_name,
-                'namespace': self.name(),
-                'value': self.get_property(prop_name),
-            }
+            # pylint: disable=assignment-from-no-return
+            prop_value = self.get_property(prop_name)
+            if prop_value is not None:
+                yield {
+                    'name': prop_name,
+                    'namespace': self.name(),
+                    'value': prop_value,
+                }


 class _AlexaPowerController(_AlexaInterface):
@@ -313,7 +318,7 @@ class _AlexaLockController(_AlexaInterface):

        if self.entity.state == STATE_LOCKED:
            return 'LOCKED'
-        elif self.entity.state == STATE_UNLOCKED:
+        if self.entity.state == STATE_UNLOCKED:
            return 'UNLOCKED'
        return 'JAMMED'

@@ -381,6 +386,10 @@ class _AlexaInputController(_AlexaInterface):


 class _AlexaTemperatureSensor(_AlexaInterface):
+    def __init__(self, hass, entity):
+        _AlexaInterface.__init__(self, entity)
+        self.hass = hass
+
    def name(self):
        return 'Alexa.TemperatureSensor'

@@ -394,9 +403,10 @@ class _AlexaTemperatureSensor(_AlexaInterface):
        if name != 'temperature':
            raise _UnsupportedProperty(name)

-        unit = self.entity.attributes[CONF_UNIT_OF_MEASUREMENT]
+        unit = self.entity.attributes.get(ATTR_UNIT_OF_MEASUREMENT)
        temp = self.entity.state
        if self.entity.domain == climate.DOMAIN:
+            unit = self.hass.config.units.temperature_unit
            temp = self.entity.attributes.get(
                climate.ATTR_CURRENT_TEMPERATURE)
        return {
@@ -406,6 +416,10 @@ class _AlexaTemperatureSensor(_AlexaInterface):


 class _AlexaThermostatController(_AlexaInterface):
+    def __init__(self, hass, entity):
+        _AlexaInterface.__init__(self, entity)
+        self.hass = hass
+
    def name(self):
        return 'Alexa.ThermostatController'

@@ -436,17 +450,19 @@ class _AlexaThermostatController(_AlexaInterface):
                raise _UnsupportedProperty(name)
            return mode

-        unit = self.entity.attributes[CONF_UNIT_OF_MEASUREMENT]
-        temp = None
+        unit = self.hass.config.units.temperature_unit
        if name == 'targetSetpoint':
-            temp = self.entity.attributes.get(ATTR_TEMPERATURE)
+            temp = self.entity.attributes.get(climate.ATTR_TEMPERATURE)
        elif name == 'lowerSetpoint':
            temp = self.entity.attributes.get(climate.ATTR_TARGET_TEMP_LOW)
        elif name == 'upperSetpoint':
            temp = self.entity.attributes.get(climate.ATTR_TARGET_TEMP_HIGH)
-        if temp is None:
+        else:
            raise _UnsupportedProperty(name)

+        if temp is None:
+            return None
+
        return {
            'value': float(temp),
            'scale': API_TEMP_UNITS[unit],
@@ -485,8 +501,8 @@ class _ClimateCapabilities(_AlexaEntity):
        return [_DisplayCategory.THERMOSTAT]

    def interfaces(self):
-        yield _AlexaThermostatController(self.entity)
-        yield _AlexaTemperatureSensor(self.entity)
+        yield _AlexaThermostatController(self.hass, self.entity)
+        yield _AlexaTemperatureSensor(self.hass, self.entity)


@ENTITY_ADAPTERS.register(cover.DOMAIN)
@@ -603,14 +619,14 @@ class _SensorCapabilities(_AlexaEntity):

    def interfaces(self):
        attrs = self.entity.attributes
-        if attrs.get(CONF_UNIT_OF_MEASUREMENT) in (
+        if attrs.get(ATTR_UNIT_OF_MEASUREMENT) in (
                TEMP_FAHRENHEIT,
                TEMP_CELSIUS,
        ):
-            yield _AlexaTemperatureSensor(self.entity)
+            yield _AlexaTemperatureSensor(self.hass, self.entity)


-class _Cause(object):
+class _Cause:
    """Possible causes for property changes.

    https://developer.amazon.com/docs/smarthome/state-reporting-for-a-smart-home-skill.html#cause-object
@@ -698,24 +714,47 @@ class SmartHomeView(http.HomeAssistantView):
        return b'' if response is None else self.json(response)


-@asyncio.coroutine
-def async_handle_message(hass, config, message):
+async def async_handle_message(hass, config, request, context=None):
    """Handle incoming API messages."""
-    assert message[API_DIRECTIVE][API_HEADER]['payloadVersion'] == '3'
+    assert request[API_DIRECTIVE][API_HEADER]['payloadVersion'] == '3'
+
+    if context is None:
+        context = ha.Context()

    # Read head data
-    message = message[API_DIRECTIVE]
-    namespace = message[API_HEADER]['namespace']
-    name = message[API_HEADER]['name']
+    request = request[API_DIRECTIVE]
+    namespace = request[API_HEADER]['namespace']
+    name = request[API_HEADER]['name']

    # Do we support this API request?
    funct_ref = HANDLERS.get((namespace, name))
-    if not funct_ref:
+    if funct_ref:
+        response = await funct_ref(hass, config, request, context)
+    else:
        _LOGGER.warning(
            "Unsupported API request %s/%s", namespace, name)
-        return api_error(message)
+        response = api_error(request)

-    return (yield from funct_ref(hass, config, message))
+    request_info = {
+        'namespace': namespace,
+        'name': name,
+    }
+
+    if API_ENDPOINT in request and 'endpointId' in request[API_ENDPOINT]:
+        request_info['entity_id'] = \
+            request[API_ENDPOINT]['endpointId'].replace('#', '.')
+
+    response_header = response[API_EVENT][API_HEADER]
+
+    hass.bus.async_fire(EVENT_ALEXA_SMART_HOME, {
+        'request': request_info,
+        'response': {
+            'namespace': response_header['namespace'],
+            'name': response_header['name'],
+        }
+    }, context=context)
+
+    return response


 def api_message(request,
@@ -779,8 +818,7 @@ def api_error(request,


@HANDLERS.register(('Alexa.Discovery', 'Discover'))
-@asyncio.coroutine
-def async_api_discovery(hass, config, request):
+async def async_api_discovery(hass, config, request, context):
    """Create a API formatted discovery response.

    Async friendly.
@@ -795,7 +833,7 @@ def async_api_discovery(hass, config, request):

        if entity.domain not in ENTITY_ADAPTERS:
            continue
-        alexa_entity = ENTITY_ADAPTERS[entity.domain](config, entity)
+        alexa_entity = ENTITY_ADAPTERS[entity.domain](hass, config, entity)

        endpoint = {
            'displayCategories': alexa_entity.display_categories(),
@@ -822,8 +860,7 @@ def async_api_discovery(hass, config, request):

 def extract_entity(funct):
    """Decorate for extract entity object from request."""
-    @asyncio.coroutine
-    def async_api_entity_wrapper(hass, config, request):
+    async def async_api_entity_wrapper(hass, config, request, context):
        """Process a turn on request."""
        entity_id = request[API_ENDPOINT]['endpointId'].replace('#', '.')

@@ -834,15 +871,14 @@ def extract_entity(funct):
                          request[API_HEADER]['name'], entity_id)
            return api_error(request, error_type='NO_SUCH_ENDPOINT')

-        return (yield from funct(hass, config, request, entity))
+        return await funct(hass, config, request, context, entity)

    return async_api_entity_wrapper


@HANDLERS.register(('Alexa.PowerController', 'TurnOn'))
@extract_entity
-@asyncio.coroutine
-def async_api_turn_on(hass, config, request, entity):
+async def async_api_turn_on(hass, config, request, context, entity):
    """Process a turn on request."""
    domain = entity.domain
    if entity.domain == group.DOMAIN:
@@ -852,17 +888,16 @@ def async_api_turn_on(hass, config, request, entity):
    if entity.domain == cover.DOMAIN:
        service = cover.SERVICE_OPEN_COVER

-    yield from hass.services.async_call(domain, service, {
+    await hass.services.async_call(domain, service, {
        ATTR_ENTITY_ID: entity.entity_id
-    }, blocking=False)
+    }, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.PowerController', 'TurnOff'))
@extract_entity
-@asyncio.coroutine
-def async_api_turn_off(hass, config, request, entity):
+async def async_api_turn_off(hass, config, request, context, entity):
    """Process a turn off request."""
    domain = entity.domain
    if entity.domain == group.DOMAIN:
@@ -872,32 +907,30 @@ def async_api_turn_off(hass, config, request, entity):
    if entity.domain == cover.DOMAIN:
        service = cover.SERVICE_CLOSE_COVER

-    yield from hass.services.async_call(domain, service, {
+    await hass.services.async_call(domain, service, {
        ATTR_ENTITY_ID: entity.entity_id
-    }, blocking=False)
+    }, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.BrightnessController', 'SetBrightness'))
@extract_entity
-@asyncio.coroutine
-def async_api_set_brightness(hass, config, request, entity):
+async def async_api_set_brightness(hass, config, request, context, entity):
    """Process a set brightness request."""
    brightness = int(request[API_PAYLOAD]['brightness'])

-    yield from hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
+    await hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
        ATTR_ENTITY_ID: entity.entity_id,
        light.ATTR_BRIGHTNESS_PCT: brightness,
-    }, blocking=False)
+    }, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.BrightnessController', 'AdjustBrightness'))
@extract_entity
-@asyncio.coroutine
-def async_api_adjust_brightness(hass, config, request, entity):
+async def async_api_adjust_brightness(hass, config, request, context, entity):
    """Process an adjust brightness request."""
    brightness_delta = int(request[API_PAYLOAD]['brightnessDelta'])

@@ -910,18 +943,17 @@ def async_api_adjust_brightness(hass, config, request, entity):

    # set brightness
    brightness = max(0, brightness_delta + current)
-    yield from hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
+    await hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
        ATTR_ENTITY_ID: entity.entity_id,
        light.ATTR_BRIGHTNESS_PCT: brightness,
-    }, blocking=False)
+    }, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.ColorController', 'SetColor'))
@extract_entity
-@asyncio.coroutine
-def async_api_set_color(hass, config, request, entity):
+async def async_api_set_color(hass, config, request, context, entity):
    """Process a set color request."""
    rgb = color_util.color_hsb_to_RGB(
        float(request[API_PAYLOAD]['color']['hue']),
@@ -929,25 +961,25 @@ def async_api_set_color(hass, config, request, entity):
        float(request[API_PAYLOAD]['color']['brightness'])
    )

-    yield from hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
+    await hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
        ATTR_ENTITY_ID: entity.entity_id,
        light.ATTR_RGB_COLOR: rgb,
-    }, blocking=False)
+    }, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.ColorTemperatureController', 'SetColorTemperature'))
@extract_entity
-@asyncio.coroutine
-def async_api_set_color_temperature(hass, config, request, entity):
+async def async_api_set_color_temperature(hass, config, request, context,
+                                          entity):
    """Process a set color temperature request."""
    kelvin = int(request[API_PAYLOAD]['colorTemperatureInKelvin'])

-    yield from hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
+    await hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
        ATTR_ENTITY_ID: entity.entity_id,
        light.ATTR_KELVIN: kelvin,
-    }, blocking=False)
+    }, blocking=False, context=context)

    return api_message(request)

@@ -955,17 +987,17 @@ def async_api_set_color_temperature(hass, config, request, entity):
@HANDLERS.register(
    ('Alexa.ColorTemperatureController', 'DecreaseColorTemperature'))
@extract_entity
-@asyncio.coroutine
-def async_api_decrease_color_temp(hass, config, request, entity):
+async def async_api_decrease_color_temp(hass, config, request, context,
+                                        entity):
    """Process a decrease color temperature request."""
    current = int(entity.attributes.get(light.ATTR_COLOR_TEMP))
    max_mireds = int(entity.attributes.get(light.ATTR_MAX_MIREDS))

    value = min(max_mireds, current + 50)
-    yield from hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
+    await hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
        ATTR_ENTITY_ID: entity.entity_id,
        light.ATTR_COLOR_TEMP: value,
-    }, blocking=False)
+    }, blocking=False, context=context)

    return api_message(request)

@@ -973,31 +1005,30 @@ def async_api_decrease_color_temp(hass, config, request, entity):
@HANDLERS.register(
    ('Alexa.ColorTemperatureController', 'IncreaseColorTemperature'))
@extract_entity
-@asyncio.coroutine
-def async_api_increase_color_temp(hass, config, request, entity):
+async def async_api_increase_color_temp(hass, config, request, context,
+                                        entity):
    """Process an increase color temperature request."""
    current = int(entity.attributes.get(light.ATTR_COLOR_TEMP))
    min_mireds = int(entity.attributes.get(light.ATTR_MIN_MIREDS))

    value = max(min_mireds, current - 50)
-    yield from hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
+    await hass.services.async_call(entity.domain, SERVICE_TURN_ON, {
        ATTR_ENTITY_ID: entity.entity_id,
        light.ATTR_COLOR_TEMP: value,
-    }, blocking=False)
+    }, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.SceneController', 'Activate'))
@extract_entity
-@asyncio.coroutine
-def async_api_activate(hass, config, request, entity):
+async def async_api_activate(hass, config, request, context, entity):
    """Process an activate request."""
    domain = entity.domain

-    yield from hass.services.async_call(domain, SERVICE_TURN_ON, {
+    await hass.services.async_call(domain, SERVICE_TURN_ON, {
        ATTR_ENTITY_ID: entity.entity_id
-    }, blocking=False)
+    }, blocking=False, context=context)

    payload = {
        'cause': {'type': _Cause.VOICE_INTERACTION},
@@ -1014,14 +1045,13 @@ def async_api_activate(hass, config, request, entity):

@HANDLERS.register(('Alexa.SceneController', 'Deactivate'))
@extract_entity
-@asyncio.coroutine
-def async_api_deactivate(hass, config, request, entity):
+async def async_api_deactivate(hass, config, request, context, entity):
    """Process a deactivate request."""
    domain = entity.domain

-    yield from hass.services.async_call(domain, SERVICE_TURN_OFF, {
+    await hass.services.async_call(domain, SERVICE_TURN_OFF, {
        ATTR_ENTITY_ID: entity.entity_id
-    }, blocking=False)
+    }, blocking=False, context=context)

    payload = {
        'cause': {'type': _Cause.VOICE_INTERACTION},
@@ -1038,8 +1068,7 @@ def async_api_deactivate(hass, config, request, entity):

@HANDLERS.register(('Alexa.PercentageController', 'SetPercentage'))
@extract_entity
-@asyncio.coroutine
-def async_api_set_percentage(hass, config, request, entity):
+async def async_api_set_percentage(hass, config, request, context, entity):
    """Process a set percentage request."""
    percentage = int(request[API_PAYLOAD]['percentage'])
    service = None
@@ -1061,16 +1090,15 @@ def async_api_set_percentage(hass, config, request, entity):
        service = SERVICE_SET_COVER_POSITION
        data[cover.ATTR_POSITION] = percentage

-    yield from hass.services.async_call(
-        entity.domain, service, data, blocking=False)
+    await hass.services.async_call(
+        entity.domain, service, data, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.PercentageController', 'AdjustPercentage'))
@extract_entity
-@asyncio.coroutine
-def async_api_adjust_percentage(hass, config, request, entity):
+async def async_api_adjust_percentage(hass, config, request, context, entity):
    """Process an adjust percentage request."""
    percentage_delta = int(request[API_PAYLOAD]['percentageDelta'])
    service = None
@@ -1109,20 +1137,19 @@ def async_api_adjust_percentage(hass, config, request, entity):

        data[cover.ATTR_POSITION] = max(0, percentage_delta + current)

-    yield from hass.services.async_call(
-        entity.domain, service, data, blocking=False)
+    await hass.services.async_call(
+        entity.domain, service, data, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.LockController', 'Lock'))
@extract_entity
-@asyncio.coroutine
-def async_api_lock(hass, config, request, entity):
+async def async_api_lock(hass, config, request, context, entity):
    """Process a lock request."""
-    yield from hass.services.async_call(entity.domain, SERVICE_LOCK, {
+    await hass.services.async_call(entity.domain, SERVICE_LOCK, {
        ATTR_ENTITY_ID: entity.entity_id
-    }, blocking=False)
+    }, blocking=False, context=context)

    # Alexa expects a lockState in the response, we don't know the actual
    # lockState at this point but assume it is locked. It is reported
@@ -1139,20 +1166,18 @@ def async_api_lock(hass, config, request, entity):
 # Not supported by Alexa yet
@HANDLERS.register(('Alexa.LockController', 'Unlock'))
@extract_entity
-@asyncio.coroutine
-def async_api_unlock(hass, config, request, entity):
+async def async_api_unlock(hass, config, request, context, entity):
    """Process an unlock request."""
-    yield from hass.services.async_call(entity.domain, SERVICE_UNLOCK, {
+    await hass.services.async_call(entity.domain, SERVICE_UNLOCK, {
        ATTR_ENTITY_ID: entity.entity_id
-    }, blocking=False)
+    }, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.Speaker', 'SetVolume'))
@extract_entity
-@asyncio.coroutine
-def async_api_set_volume(hass, config, request, entity):
+async def async_api_set_volume(hass, config, request, context, entity):
    """Process a set volume request."""
    volume = round(float(request[API_PAYLOAD]['volume'] / 100), 2)

@@ -1161,17 +1186,16 @@ def async_api_set_volume(hass, config, request, entity):
        media_player.ATTR_MEDIA_VOLUME_LEVEL: volume,
    }

-    yield from hass.services.async_call(
+    await hass.services.async_call(
        entity.domain, SERVICE_VOLUME_SET,
-        data, blocking=False)
+        data, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.InputController', 'SelectInput'))
@extract_entity
-@asyncio.coroutine
-def async_api_select_input(hass, config, request, entity):
+async def async_api_select_input(hass, config, request, context, entity):
    """Process a set input request."""
    media_input = request[API_PAYLOAD]['input']

@@ -1195,17 +1219,16 @@ def async_api_select_input(hass, config, request, entity):
        media_player.ATTR_INPUT_SOURCE: media_input,
    }

-    yield from hass.services.async_call(
+    await hass.services.async_call(
        entity.domain, media_player.SERVICE_SELECT_SOURCE,
-        data, blocking=False)
+        data, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.Speaker', 'AdjustVolume'))
@extract_entity
-@asyncio.coroutine
-def async_api_adjust_volume(hass, config, request, entity):
+async def async_api_adjust_volume(hass, config, request, context, entity):
    """Process an adjust volume request."""
    volume_delta = int(request[API_PAYLOAD]['volume'])

@@ -1224,17 +1247,16 @@ def async_api_adjust_volume(hass, config, request, entity):
        media_player.ATTR_MEDIA_VOLUME_LEVEL: volume,
    }

-    yield from hass.services.async_call(
+    await hass.services.async_call(
        entity.domain, media_player.SERVICE_VOLUME_SET,
-        data, blocking=False)
+        data, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.StepSpeaker', 'AdjustVolume'))
@extract_entity
-@asyncio.coroutine
-def async_api_adjust_volume_step(hass, config, request, entity):
+async def async_api_adjust_volume_step(hass, config, request, context, entity):
    """Process an adjust volume step request."""
    # media_player volume up/down service does not support specifying steps
    # each component handles it differently e.g. via config.
@@ -1247,13 +1269,13 @@ def async_api_adjust_volume_step(hass, config, request, entity):
    }

    if volume_step > 0:
-        yield from hass.services.async_call(
+        await hass.services.async_call(
            entity.domain, media_player.SERVICE_VOLUME_UP,
-            data, blocking=False)
+            data, blocking=False, context=context)
    elif volume_step < 0:
-        yield from hass.services.async_call(
+        await hass.services.async_call(
            entity.domain, media_player.SERVICE_VOLUME_DOWN,
-            data, blocking=False)
+            data, blocking=False, context=context)

    return api_message(request)

@@ -1261,8 +1283,7 @@ def async_api_adjust_volume_step(hass, config, request, entity):
@HANDLERS.register(('Alexa.StepSpeaker', 'SetMute'))
@HANDLERS.register(('Alexa.Speaker', 'SetMute'))
@extract_entity
-@asyncio.coroutine
-def async_api_set_mute(hass, config, request, entity):
+async def async_api_set_mute(hass, config, request, context, entity):
    """Process a set mute request."""
    mute = bool(request[API_PAYLOAD]['mute'])

@@ -1271,98 +1292,94 @@ def async_api_set_mute(hass, config, request, entity):
        media_player.ATTR_MEDIA_VOLUME_MUTED: mute,
    }

-    yield from hass.services.async_call(
+    await hass.services.async_call(
        entity.domain, media_player.SERVICE_VOLUME_MUTE,
-        data, blocking=False)
+        data, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.PlaybackController', 'Play'))
@extract_entity
-@asyncio.coroutine
-def async_api_play(hass, config, request, entity):
+async def async_api_play(hass, config, request, context, entity):
    """Process a play request."""
    data = {
        ATTR_ENTITY_ID: entity.entity_id
    }

-    yield from hass.services.async_call(
+    await hass.services.async_call(
        entity.domain, SERVICE_MEDIA_PLAY,
-        data, blocking=False)
+        data, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.PlaybackController', 'Pause'))
@extract_entity
-@asyncio.coroutine
-def async_api_pause(hass, config, request, entity):
+async def async_api_pause(hass, config, request, context, entity):
    """Process a pause request."""
    data = {
        ATTR_ENTITY_ID: entity.entity_id
    }

-    yield from hass.services.async_call(
+    await hass.services.async_call(
        entity.domain, SERVICE_MEDIA_PAUSE,
-        data, blocking=False)
+        data, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.PlaybackController', 'Stop'))
@extract_entity
-@asyncio.coroutine
-def async_api_stop(hass, config, request, entity):
+async def async_api_stop(hass, config, request, context, entity):
    """Process a stop request."""
    data = {
        ATTR_ENTITY_ID: entity.entity_id
    }

-    yield from hass.services.async_call(
+    await hass.services.async_call(
        entity.domain, SERVICE_MEDIA_STOP,
-        data, blocking=False)
+        data, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.PlaybackController', 'Next'))
@extract_entity
-@asyncio.coroutine
-def async_api_next(hass, config, request, entity):
+async def async_api_next(hass, config, request, context, entity):
    """Process a next request."""
    data = {
        ATTR_ENTITY_ID: entity.entity_id
    }

-    yield from hass.services.async_call(
+    await hass.services.async_call(
        entity.domain, SERVICE_MEDIA_NEXT_TRACK,
-        data, blocking=False)
+        data, blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.PlaybackController', 'Previous'))
@extract_entity
-@asyncio.coroutine
-def async_api_previous(hass, config, request, entity):
+async def async_api_previous(hass, config, request, context, entity):
    """Process a previous request."""
    data = {
        ATTR_ENTITY_ID: entity.entity_id
    }

-    yield from hass.services.async_call(
+    await hass.services.async_call(
        entity.domain, SERVICE_MEDIA_PREVIOUS_TRACK,
-        data, blocking=False)
+        data, blocking=False, context=context)

    return api_message(request)


-def api_error_temp_range(request, temp, min_temp, max_temp, unit):
+def api_error_temp_range(hass, request, temp, min_temp, max_temp):
    """Create temperature value out of range API error response.

    Async friendly.
    """
+    unit = hass.config.units.temperature_unit
    temp_range = {
        'minimumValue': {
            'value': min_temp,
@@ -1383,8 +1400,9 @@ def api_error_temp_range(request, temp, min_temp, max_temp, unit):
    )


-def temperature_from_object(temp_obj, to_unit, interval=False):
+def temperature_from_object(hass, temp_obj, interval=False):
    """Get temperature from Temperature object in requested unit."""
+    to_unit = hass.config.units.temperature_unit
    from_unit = TEMP_CELSIUS
    temp = float(temp_obj['value'])

@@ -1400,9 +1418,8 @@ def temperature_from_object(temp_obj, to_unit, interval=False):

@HANDLERS.register(('Alexa.ThermostatController', 'SetTargetTemperature'))
@extract_entity
-async def async_api_set_target_temp(hass, config, request, entity):
+async def async_api_set_target_temp(hass, config, request, context, entity):
    """Process a set target temperature request."""
-    unit = entity.attributes[CONF_UNIT_OF_MEASUREMENT]
    min_temp = entity.attributes.get(climate.ATTR_MIN_TEMP)
    max_temp = entity.attributes.get(climate.ATTR_MAX_TEMP)

@@ -1412,48 +1429,45 @@ async def async_api_set_target_temp(hass, config, request, entity):

    payload = request[API_PAYLOAD]
    if 'targetSetpoint' in payload:
-        temp = temperature_from_object(
-            payload['targetSetpoint'], unit)
+        temp = temperature_from_object(hass, payload['targetSetpoint'])
        if temp < min_temp or temp > max_temp:
            return api_error_temp_range(
-                request, temp, min_temp, max_temp, unit)
+                hass, request, temp, min_temp, max_temp)
        data[ATTR_TEMPERATURE] = temp
    if 'lowerSetpoint' in payload:
-        temp_low = temperature_from_object(
-            payload['lowerSetpoint'], unit)
+        temp_low = temperature_from_object(hass, payload['lowerSetpoint'])
        if temp_low < min_temp or temp_low > max_temp:
            return api_error_temp_range(
-                request, temp_low, min_temp, max_temp, unit)
+                hass, request, temp_low, min_temp, max_temp)
        data[climate.ATTR_TARGET_TEMP_LOW] = temp_low
    if 'upperSetpoint' in payload:
-        temp_high = temperature_from_object(
-            payload['upperSetpoint'], unit)
+        temp_high = temperature_from_object(hass, payload['upperSetpoint'])
        if temp_high < min_temp or temp_high > max_temp:
            return api_error_temp_range(
-                request, temp_high, min_temp, max_temp, unit)
+                hass, request, temp_high, min_temp, max_temp)
        data[climate.ATTR_TARGET_TEMP_HIGH] = temp_high

    await hass.services.async_call(
-        entity.domain, climate.SERVICE_SET_TEMPERATURE, data, blocking=False)
+        entity.domain, climate.SERVICE_SET_TEMPERATURE, data, blocking=False,
+        context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.ThermostatController', 'AdjustTargetTemperature'))
@extract_entity
-async def async_api_adjust_target_temp(hass, config, request, entity):
+async def async_api_adjust_target_temp(hass, config, request, context, entity):
    """Process an adjust target temperature request."""
-    unit = entity.attributes[CONF_UNIT_OF_MEASUREMENT]
    min_temp = entity.attributes.get(climate.ATTR_MIN_TEMP)
    max_temp = entity.attributes.get(climate.ATTR_MAX_TEMP)

    temp_delta = temperature_from_object(
-        request[API_PAYLOAD]['targetSetpointDelta'], unit, interval=True)
+        hass, request[API_PAYLOAD]['targetSetpointDelta'], interval=True)
    target_temp = float(entity.attributes.get(ATTR_TEMPERATURE)) + temp_delta

    if target_temp < min_temp or target_temp > max_temp:
        return api_error_temp_range(
-            request, target_temp, min_temp, max_temp, unit)
+            hass, request, target_temp, min_temp, max_temp)

    data = {
        ATTR_ENTITY_ID: entity.entity_id,
@@ -1461,22 +1475,21 @@ async def async_api_adjust_target_temp(hass, config, request, entity):
    }

    await hass.services.async_call(
-        entity.domain, climate.SERVICE_SET_TEMPERATURE, data, blocking=False)
+        entity.domain, climate.SERVICE_SET_TEMPERATURE, data, blocking=False,
+        context=context)

    return api_message(request)


@HANDLERS.register(('Alexa.ThermostatController', 'SetThermostatMode'))
@extract_entity
-async def async_api_set_thermostat_mode(hass, config, request, entity):
+async def async_api_set_thermostat_mode(hass, config, request, context,
+                                        entity):
    """Process a set thermostat mode request."""
    mode = request[API_PAYLOAD]['thermostatMode']
    mode = mode if isinstance(mode, str) else mode['value']

    operation_list = entity.attributes.get(climate.ATTR_OPERATION_LIST)
-    # Work around a pylint false positive due to
-    #  https://github.com/PyCQA/pylint/issues/1830
-    # pylint: disable=stop-iteration-return
    ha_mode = next(
        (k for k, v in API_THERMOSTAT_MODES.items() if v == mode),
        None
@@ -1497,17 +1510,16 @@ async def async_api_set_thermostat_mode(hass, config, request, entity):

    await hass.services.async_call(
        entity.domain, climate.SERVICE_SET_OPERATION_MODE, data,
-        blocking=False)
+        blocking=False, context=context)

    return api_message(request)


@HANDLERS.register(('Alexa', 'ReportState'))
@extract_entity
-@asyncio.coroutine
-def async_api_reportstate(hass, config, request, entity):
+async def async_api_reportstate(hass, config, request, context, entity):
    """Process a ReportState request."""
-    alexa_entity = ENTITY_ADAPTERS[entity.domain](config, entity)
+    alexa_entity = ENTITY_ADAPTERS[entity.domain](hass, config, entity)
    properties = []
    for interface in alexa_entity.interfaces():
        properties.extend(interface.serialize_properties())
--- a/homeassistant/components/amcrest.py
+++ b/homeassistant/components/amcrest.py
@@ -164,7 +164,7 @@ def setup(hass, config):
    return True


-class AmcrestDevice(object):
+class AmcrestDevice:
    """Representation of a base Amcrest discovery device."""

    def __init__(self, camera, name, authentication, ffmpeg_arguments,
--- a/homeassistant/components/android_ip_webcam.py
+++ b/homeassistant/components/android_ip_webcam.py
@@ -214,11 +214,11 @@ def async_setup(hass, config):
                CONF_PASSWORD: password
            })

-        hass.async_add_job(discovery.async_load_platform(
+        hass.async_create_task(discovery.async_load_platform(
            hass, 'camera', 'mjpeg', mjpeg_camera, config))

        if sensors:
-            hass.async_add_job(discovery.async_load_platform(
+            hass.async_create_task(discovery.async_load_platform(
                hass, 'sensor', DOMAIN, {
                    CONF_NAME: name,
                    CONF_HOST: host,
@@ -226,7 +226,7 @@ def async_setup(hass, config):
                }, config))

        if switches:
-            hass.async_add_job(discovery.async_load_platform(
+            hass.async_create_task(discovery.async_load_platform(
                hass, 'switch', DOMAIN, {
                    CONF_NAME: name,
                    CONF_HOST: host,
@@ -234,7 +234,7 @@ def async_setup(hass, config):
                }, config))

        if motion:
-            hass.async_add_job(discovery.async_load_platform(
+            hass.async_create_task(discovery.async_load_platform(
                hass, 'binary_sensor', DOMAIN, {
                    CONF_HOST: host,
                    CONF_NAME: name,
--- a/homeassistant/components/apcupsd.py
+++ b/homeassistant/components/apcupsd.py
@@ -58,7 +58,7 @@ def setup(hass, config):
    return True


-class APCUPSdData(object):
+class APCUPSdData:
    """Stores the data retrieved from APCUPSd.

    For each entity to use, acts as the single point responsible for fetching
--- a/homeassistant/components/api.py
+++ b/homeassistant/components/api.py
@@ -24,7 +24,7 @@ from homeassistant.exceptions import TemplateError
 from homeassistant.helpers import template
 from homeassistant.helpers.service import async_get_all_descriptions
 from homeassistant.helpers.state import AsyncTrackStates
-import homeassistant.remote as rem
+from homeassistant.helpers.json import JSONEncoder

 _LOGGER = logging.getLogger(__name__)

@@ -81,7 +81,6 @@ class APIEventStream(HomeAssistantView):

    async def get(self, request):
        """Provide a streaming interface for the event bus."""
-        # pylint: disable=no-self-use
        hass = request.app['hass']
        stop_obj = object()
        to_write = asyncio.Queue(loop=hass.loop)
@@ -103,7 +102,7 @@ class APIEventStream(HomeAssistantView):
            if event.event_type == EVENT_HOMEASSISTANT_STOP:
                data = stop_obj
            else:
-                data = json.dumps(event, cls=rem.JSONEncoder)
+                data = json.dumps(event, cls=JSONEncoder)

            await to_write.put(data)

@@ -221,7 +220,8 @@ class APIEntityStateView(HomeAssistantView):
        is_new_state = hass.states.get(entity_id) is None

        # Write state
-        hass.states.async_set(entity_id, new_state, attributes, force_update)
+        hass.states.async_set(entity_id, new_state, attributes, force_update,
+                              self.context(request))

        # Read the state back for our response
        status_code = HTTP_CREATED if is_new_state else 200
@@ -280,7 +280,8 @@ class APIEventView(HomeAssistantView):
                    event_data[key] = state

        request.app['hass'].bus.async_fire(
-            event_type, event_data, ha.EventOrigin.remote)
+            event_type, event_data, ha.EventOrigin.remote,
+            self.context(request))

        return self.json_message("Event {} fired.".format(event_type))

@@ -317,7 +318,8 @@ class APIDomainServicesView(HomeAssistantView):
                "Data should be valid JSON.", HTTP_BAD_REQUEST)

        with AsyncTrackStates(hass) as changed_states:
-            await hass.services.async_call(domain, service, data, True)
+            await hass.services.async_call(
+                domain, service, data, True, self.context(request))

        return self.json(changed_states)

--- a/homeassistant/components/apple_tv.py
+++ b/homeassistant/components/apple_tv.py
@@ -45,7 +45,7 @@ NOTIFICATION_AUTH_TITLE = 'Apple TV Authentication'
 NOTIFICATION_SCAN_ID = 'apple_tv_scan_notification'
 NOTIFICATION_SCAN_TITLE = 'Apple TV Scan'

-T = TypeVar('T')
+T = TypeVar('T')  # pylint: disable=invalid-name


 # This version of ensure_list interprets an empty dict as no value
@@ -218,10 +218,10 @@ def _setup_atv(hass, atv_config):
        ATTR_POWER: power
    }

-    hass.async_add_job(discovery.async_load_platform(
+    hass.async_create_task(discovery.async_load_platform(
        hass, 'media_player', DOMAIN, atv_config))

-    hass.async_add_job(discovery.async_load_platform(
+    hass.async_create_task(discovery.async_load_platform(
        hass, 'remote', DOMAIN, atv_config))


--- a/homeassistant/components/arduino.py
+++ b/homeassistant/components/arduino.py
@@ -62,7 +62,7 @@ def setup(hass, config):
    return True


-class ArduinoBoard(object):
+class ArduinoBoard:
    """Representation of an Arduino board."""

    def __init__(self, port):
--- a/homeassistant/components/arlo.py
+++ b/homeassistant/components/arlo.py
@@ -16,7 +16,7 @@ from homeassistant.const import (
 from homeassistant.helpers.event import track_time_interval
 from homeassistant.helpers.dispatcher import dispatcher_send

-REQUIREMENTS = ['pyarlo==0.1.7']
+REQUIREMENTS = ['pyarlo==0.2.0']

 _LOGGER = logging.getLogger(__name__)

--- a/homeassistant/components/asterisk_mbox.py
+++ b/homeassistant/components/asterisk_mbox.py
@@ -48,7 +48,7 @@ def setup(hass, config):
    return True


-class AsteriskData(object):
+class AsteriskData:
    """Store Asterisk mailbox data."""

    def __init__(self, hass, host, port, password):
--- a/homeassistant/components/august.py
+++ b/homeassistant/components/august.py
@@ -21,7 +21,7 @@ _LOGGER = logging.getLogger(__name__)

 _CONFIGURING = {}

-REQUIREMENTS = ['py-august==0.4.0']
+REQUIREMENTS = ['py-august==0.6.0']

 DEFAULT_TIMEOUT = 10
 ACTIVITY_FETCH_LIMIT = 10
@@ -123,9 +123,9 @@ def setup_august(hass, config, api, authenticator):
            discovery.load_platform(hass, component, DOMAIN, {}, config)

        return True
-    elif state == AuthenticationState.BAD_PASSWORD:
+    if state == AuthenticationState.BAD_PASSWORD:
        return False
-    elif state == AuthenticationState.REQUIRES_VALIDATION:
+    if state == AuthenticationState.REQUIRES_VALIDATION:
        request_configuration(hass, config, api, authenticator)
        return True

--- a/homeassistant/components/auth/.translations/en.json
+++ b/homeassistant/components/auth/.translations/en.json
@@ -0,0 +1,16 @@
+{
+    "mfa_setup": {
+        "totp": {
+            "error": {
+                "invalid_code": "Invalid code, please try again. If you get this error consistently, please make sure the clock on Home Assistant system is accurate."
+            },
+            "step": {
+                "init": {
+                    "description": "Scan the QR code with your authentication app, such as **Google Authenticator** or **Authy**. If you have problem to scan the QR code, using **`{code}`** to manual setup. \n\n{qr_code}\n\nEnter the six digi code appeared in your app below to verify the setup:",
+                    "title": "Scan this QR code with your app"
+                }
+            },
+            "title": "TOTP"
+        }
+    }
+}
--- a/homeassistant/components/auth/init.py
+++ b/homeassistant/components/auth/init.py
@@ -1,62 +1,5 @@
 """Component to allow users to login and get tokens.

-All requests will require passing in a valid client ID and secret via HTTP
-Basic Auth.
-
-# GET /auth/providers
-
-Return a list of auth providers. Example:
-
-[
-    {
-        "name": "Local",
-        "id": null,
-        "type": "local_provider",
-    }
-]
-
-# POST /auth/login_flow
-
-Create a login flow. Will return the first step of the flow.
-
-Pass in parameter 'handler' to specify the auth provider to use. Auth providers
-are identified by type and id.
-
-{
-    "handler": ["local_provider", null]
-}
-
-Return value will be a step in a data entry flow. See the docs for data entry
-flow for details.
-
-{
-    "data_schema": [
-        {"name": "username", "type": "string"},
-        {"name": "password", "type": "string"}
-    ],
-    "errors": {},
-    "flow_id": "8f7e42faab604bcab7ac43c44ca34d58",
-    "handler": ["insecure_example", null],
-    "step_id": "init",
-    "type": "form"
-}
-
-# POST /auth/login_flow/{flow_id}
-
-Progress the flow. Most flows will be 1 page, but could optionally add extra
-login challenges, like TFA. Once the flow has finished, the returned step will
-have type "create_entry" and "result" key will contain an authorization code.
-
-{
-    "flow_id": "8f7e42faab604bcab7ac43c44ca34d58",
-    "handler": ["insecure_example", null],
-    "result": "411ee2f916e648d691e937ae9344681e",
-    "source": "user",
-    "title": "Example",
-    "type": "create_entry",
-    "version": 1
-}
-
 # POST /auth/token

 This is an OAuth2 endpoint for granting tokens. We currently support the grant
@@ -101,183 +44,180 @@ a limited expiration.
    "expires_in": 1800,
    "token_type": "Bearer"
 }
+
+## Revoking a refresh token
+
+It is also possible to revoke a refresh token and all access tokens that have
+ever been granted by that refresh token. Response code will ALWAYS be 200.
+
+{
+    "token": "IJKLMNOPQRST",
+    "action": "revoke"
+}
+
 """
 import logging
 import uuid
+from datetime import timedelta

-import aiohttp.web
+from aiohttp import web
 import voluptuous as vol

-from homeassistant import data_entry_flow
-from homeassistant.core import callback
-from homeassistant.helpers.data_entry_flow import (
-    FlowManagerIndexView, FlowManagerResourceView)
-from homeassistant.components.http.view import HomeAssistantView
+from homeassistant.auth.models import User, Credentials
+from homeassistant.components import websocket_api
+from homeassistant.components.http.ban import log_invalid_auth
 from homeassistant.components.http.data_validator import RequestDataValidator
+from homeassistant.components.http.view import HomeAssistantView
+from homeassistant.core import callback, HomeAssistant
+from homeassistant.util import dt as dt_util

-from .client import verify_client
+from . import indieauth
+from . import login_flow
+from . import mfa_setup_flow

 DOMAIN = 'auth'
 DEPENDENCIES = ['http']
+
+WS_TYPE_CURRENT_USER = 'auth/current_user'
+SCHEMA_WS_CURRENT_USER = websocket_api.BASE_COMMAND_MESSAGE_SCHEMA.extend({
+    vol.Required('type'): WS_TYPE_CURRENT_USER,
+})
+
+RESULT_TYPE_CREDENTIALS = 'credentials'
+RESULT_TYPE_USER = 'user'
+
 _LOGGER = logging.getLogger(__name__)


 async def async_setup(hass, config):
    """Component to allow users to login."""
-    store_credentials, retrieve_credentials = _create_cred_store()
+    store_result, retrieve_result = _create_auth_code_store()

-    hass.http.register_view(AuthProvidersView)
-    hass.http.register_view(LoginFlowIndexView(hass.auth.login_flow))
-    hass.http.register_view(
-        LoginFlowResourceView(hass.auth.login_flow, store_credentials))
-    hass.http.register_view(GrantTokenView(retrieve_credentials))
-    hass.http.register_view(LinkUserView(retrieve_credentials))
+    hass.http.register_view(TokenView(retrieve_result))
+    hass.http.register_view(LinkUserView(retrieve_result))
+
+    hass.components.websocket_api.async_register_command(
+        WS_TYPE_CURRENT_USER, websocket_current_user,
+        SCHEMA_WS_CURRENT_USER
+    )
+
+    await login_flow.async_setup(hass, store_result)
+    await mfa_setup_flow.async_setup(hass)

    return True


-class AuthProvidersView(HomeAssistantView):
-    """View to get available auth providers."""
-
-    url = '/auth/providers'
-    name = 'api:auth:providers'
-    requires_auth = False
-
-    @verify_client
-    async def get(self, request, client):
-        """Get available auth providers."""
-        return self.json([{
-            'name': provider.name,
-            'id': provider.id,
-            'type': provider.type,
-        } for provider in request.app['hass'].auth.async_auth_providers])
-
-
-class LoginFlowIndexView(FlowManagerIndexView):
-    """View to create a config flow."""
-
-    url = '/auth/login_flow'
-    name = 'api:auth:login_flow'
-    requires_auth = False
-
-    async def get(self, request):
-        """Do not allow index of flows in progress."""
-        return aiohttp.web.Response(status=405)
-
-    # pylint: disable=arguments-differ
-    @verify_client
-    @RequestDataValidator(vol.Schema({
-        vol.Required('handler'): vol.Any(str, list),
-        vol.Required('redirect_uri'): str,
-    }))
-    async def post(self, request, client, data):
-        """Create a new login flow."""
-        if data['redirect_uri'] not in client.redirect_uris:
-            return self.json_message('invalid redirect uri', )
-
-        # pylint: disable=no-value-for-parameter
-        return await super().post(request)
-
-
-class LoginFlowResourceView(FlowManagerResourceView):
-    """View to interact with the flow manager."""
-
-    url = '/auth/login_flow/{flow_id}'
-    name = 'api:auth:login_flow:resource'
-    requires_auth = False
-
-    def __init__(self, flow_mgr, store_credentials):
-        """Initialize the login flow resource view."""
-        super().__init__(flow_mgr)
-        self._store_credentials = store_credentials
-
-    # pylint: disable=arguments-differ
-    async def get(self, request):
-        """Do not allow getting status of a flow in progress."""
-        return self.json_message('Invalid flow specified', 404)
-
-    # pylint: disable=arguments-differ
-    @verify_client
-    @RequestDataValidator(vol.Schema(dict), allow_empty=True)
-    async def post(self, request, client, flow_id, data):
-        """Handle progressing a login flow request."""
-        try:
-            result = await self._flow_mgr.async_configure(flow_id, data)
-        except data_entry_flow.UnknownFlow:
-            return self.json_message('Invalid flow specified', 404)
-        except vol.Invalid:
-            return self.json_message('User input malformed', 400)
-
-        if result['type'] != data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
-            return self.json(self._prepare_result_json(result))
-
-        result.pop('data')
-        result['result'] = self._store_credentials(client.id, result['result'])
-
-        return self.json(result)
-
-
-class GrantTokenView(HomeAssistantView):
-    """View to grant tokens."""
+class TokenView(HomeAssistantView):
+    """View to issue or revoke tokens."""

    url = '/auth/token'
    name = 'api:auth:token'
    requires_auth = False
+    cors_allowed = True

-    def __init__(self, retrieve_credentials):
-        """Initialize the grant token view."""
-        self._retrieve_credentials = retrieve_credentials
+    def __init__(self, retrieve_user):
+        """Initialize the token view."""
+        self._retrieve_user = retrieve_user

-    @verify_client
-    async def post(self, request, client):
+    @log_invalid_auth
+    async def post(self, request):
        """Grant a token."""
        hass = request.app['hass']
        data = await request.post()
+
        grant_type = data.get('grant_type')

-        if grant_type == 'authorization_code':
-            return await self._async_handle_auth_code(
-                hass, client.id, data)
+        # IndieAuth 6.3.5
+        # The revocation endpoint is the same as the token endpoint.
+        # The revocation request includes an additional parameter,
+        # action=revoke.
+        if data.get('action') == 'revoke':
+            return await self._async_handle_revoke_token(hass, data)

-        elif grant_type == 'refresh_token':
-            return await self._async_handle_refresh_token(
-                hass, client.id, data)
+        if grant_type == 'authorization_code':
+            return await self._async_handle_auth_code(hass, data)
+
+        if grant_type == 'refresh_token':
+            return await self._async_handle_refresh_token(hass, data)

        return self.json({
            'error': 'unsupported_grant_type',
        }, status_code=400)

-    async def _async_handle_auth_code(self, hass, client_id, data):
+    async def _async_handle_revoke_token(self, hass, data):
+        """Handle revoke token request."""
+        # OAuth 2.0 Token Revocation [RFC7009]
+        # 2.2 The authorization server responds with HTTP status code 200
+        # if the token has been revoked successfully or if the client
+        # submitted an invalid token.
+        token = data.get('token')
+
+        if token is None:
+            return web.Response(status=200)
+
+        refresh_token = await hass.auth.async_get_refresh_token_by_token(token)
+
+        if refresh_token is None:
+            return web.Response(status=200)
+
+        await hass.auth.async_remove_refresh_token(refresh_token)
+        return web.Response(status=200)
+
+    async def _async_handle_auth_code(self, hass, data):
        """Handle authorization code request."""
+        client_id = data.get('client_id')
+        if client_id is None or not indieauth.verify_client_id(client_id):
+            return self.json({
+                'error': 'invalid_request',
+                'error_description': 'Invalid client id',
+            }, status_code=400)
+
        code = data.get('code')

        if code is None:
            return self.json({
                'error': 'invalid_request',
+                'error_description': 'Invalid code',
            }, status_code=400)

-        credentials = self._retrieve_credentials(client_id, code)
+        user = self._retrieve_user(client_id, RESULT_TYPE_USER, code)

-        if credentials is None:
+        if user is None or not isinstance(user, User):
            return self.json({
                'error': 'invalid_request',
+                'error_description': 'Invalid code',
            }, status_code=400)

-        user = await hass.auth.async_get_or_create_user(credentials)
+        # refresh user
+        user = await hass.auth.async_get_user(user.id)
+
+        if not user.is_active:
+            return self.json({
+                'error': 'access_denied',
+                'error_description': 'User is not active',
+            }, status_code=403)
+
        refresh_token = await hass.auth.async_create_refresh_token(user,
                                                                   client_id)
        access_token = hass.auth.async_create_access_token(refresh_token)

        return self.json({
-            'access_token': access_token.token,
+            'access_token': access_token,
            'token_type': 'Bearer',
            'refresh_token': refresh_token.token,
            'expires_in':
                int(refresh_token.access_token_expiration.total_seconds()),
        })

-    async def _async_handle_refresh_token(self, hass, client_id, data):
+    async def _async_handle_refresh_token(self, hass, data):
        """Handle authorization code request."""
+        client_id = data.get('client_id')
+        if client_id is not None and not indieauth.verify_client_id(client_id):
+            return self.json({
+                'error': 'invalid_request',
+                'error_description': 'Invalid client id',
+            }, status_code=400)
+
        token = data.get('refresh_token')

        if token is None:
@@ -285,17 +225,22 @@ class GrantTokenView(HomeAssistantView):
                'error': 'invalid_request',
            }, status_code=400)

-        refresh_token = await hass.auth.async_get_refresh_token(token)
+        refresh_token = await hass.auth.async_get_refresh_token_by_token(token)

-        if refresh_token is None or refresh_token.client_id != client_id:
+        if refresh_token is None:
            return self.json({
                'error': 'invalid_grant',
            }, status_code=400)

+        if refresh_token.client_id != client_id:
+            return self.json({
+                'error': 'invalid_request',
+            }, status_code=400)
+
        access_token = hass.auth.async_create_access_token(refresh_token)

        return self.json({
-            'access_token': access_token.token,
+            'access_token': access_token,
            'token_type': 'Bearer',
            'expires_in':
                int(refresh_token.access_token_expiration.total_seconds()),
@@ -322,7 +267,7 @@ class LinkUserView(HomeAssistantView):
        user = request['hass_user']

        credentials = self._retrieve_credentials(
-            data['client_id'], data['code'])
+            data['client_id'], RESULT_TYPE_CREDENTIALS, data['code'])

        if credentials is None:
            return self.json_message('Invalid code', status_code=400)
@@ -332,20 +277,69 @@ class LinkUserView(HomeAssistantView):


@callback
-def _create_cred_store():
-    """Create a credential store."""
-    temp_credentials = {}
+def _create_auth_code_store():
+    """Create an in memory store."""
+    temp_results = {}

    @callback
-    def store_credentials(client_id, credentials):
-        """Store credentials and return a code to retrieve it."""
+    def store_result(client_id, result):
+        """Store flow result and return a code to retrieve it."""
+        if isinstance(result, User):
+            result_type = RESULT_TYPE_USER
+        elif isinstance(result, Credentials):
+            result_type = RESULT_TYPE_CREDENTIALS
+        else:
+            raise ValueError('result has to be either User or Credentials')
+
        code = uuid.uuid4().hex
-        temp_credentials[(client_id, code)] = credentials
+        temp_results[(client_id, result_type, code)] = \
+            (dt_util.utcnow(), result_type, result)
        return code

    @callback
-    def retrieve_credentials(client_id, code):
-        """Retrieve credentials."""
-        return temp_credentials.pop((client_id, code), None)
+    def retrieve_result(client_id, result_type, code):
+        """Retrieve flow result."""
+        key = (client_id, result_type, code)

-    return store_credentials, retrieve_credentials
+        if key not in temp_results:
+            return None
+
+        created, _, result = temp_results.pop(key)
+
+        # OAuth 4.2.1
+        # The authorization code MUST expire shortly after it is issued to
+        # mitigate the risk of leaks.  A maximum authorization code lifetime of
+        # 10 minutes is RECOMMENDED.
+        if dt_util.utcnow() - created < timedelta(minutes=10):
+            return result
+
+        return None
+
+    return store_result, retrieve_result
+
+
+@websocket_api.ws_require_user()
+@callback
+def websocket_current_user(
+        hass: HomeAssistant, connection: websocket_api.ActiveConnection, msg):
+    """Return the current user."""
+    async def async_get_current_user(user):
+        """Get current user."""
+        enabled_modules = await hass.auth.async_get_enabled_mfa(user)
+
+        connection.send_message_outside(
+            websocket_api.result_message(msg['id'], {
+                'id': user.id,
+                'name': user.name,
+                'is_owner': user.is_owner,
+                'credentials': [{'auth_provider_type': c.auth_provider_type,
+                                 'auth_provider_id': c.auth_provider_id}
+                                for c in user.credentials],
+                'mfa_modules': [{
+                    'id': module.id,
+                    'name': module.name,
+                    'enabled': module.id in enabled_modules,
+                } for module in hass.auth.auth_mfa_modules],
+            }))
+
+    hass.async_create_task(async_get_current_user(connection.user))
--- a/homeassistant/components/auth/client.py
+++ b/homeassistant/components/auth/client.py
@@ -1,79 +0,0 @@
-"""Helpers to resolve client ID/secret."""
-import base64
-from functools import wraps
-import hmac
-
-import aiohttp.hdrs
-
-
-def verify_client(method):
-    """Decorator to verify client id/secret on requests."""
-    @wraps(method)
-    async def wrapper(view, request, *args, **kwargs):
-        """Verify client id/secret before doing request."""
-        client = await _verify_client(request)
-
-        if client is None:
-            return view.json({
-                'error': 'invalid_client',
-            }, status_code=401)
-
-        return await method(
-            view, request, *args, **kwargs, client=client)
-
-    return wrapper
-
-
-async def _verify_client(request):
-    """Method to verify the client id/secret in consistent time.
-
-    By using a consistent time for looking up client id and comparing the
-    secret, we prevent attacks by malicious actors trying different client ids
-    and are able to derive from the time it takes to process the request if
-    they guessed the client id correctly.
-    """
-    if aiohttp.hdrs.AUTHORIZATION not in request.headers:
-        return None
-
-    auth_type, auth_value = \
-        request.headers.get(aiohttp.hdrs.AUTHORIZATION).split(' ', 1)
-
-    if auth_type != 'Basic':
-        return None
-
-    decoded = base64.b64decode(auth_value).decode('utf-8')
-    try:
-        client_id, client_secret = decoded.split(':', 1)
-    except ValueError:
-        # If no ':' in decoded
-        client_id, client_secret = decoded, None
-
-    return await async_secure_get_client(
-        request.app['hass'], client_id, client_secret)
-
-
-async def async_secure_get_client(hass, client_id, client_secret):
-    """Get a client id/secret in consistent time."""
-    client = await hass.auth.async_get_client(client_id)
-
-    if client is None:
-        if client_secret is not None:
-            # Still do a compare so we run same time as if a client was found.
-            hmac.compare_digest(client_secret.encode('utf-8'),
-                                client_secret.encode('utf-8'))
-        return None
-
-    if client.secret is None:
-        return client
-
-    elif client_secret is None:
-        # Still do a compare so we run same time as if a secret was passed.
-        hmac.compare_digest(client.secret.encode('utf-8'),
-                            client.secret.encode('utf-8'))
-        return None
-
-    elif hmac.compare_digest(client_secret.encode('utf-8'),
-                             client.secret.encode('utf-8')):
-        return client
-
-    return None
--- a/homeassistant/components/auth/indieauth.py
+++ b/homeassistant/components/auth/indieauth.py
@@ -0,0 +1,193 @@
+"""Helpers to resolve client ID/secret."""
+import asyncio
+from html.parser import HTMLParser
+from ipaddress import ip_address, ip_network
+from urllib.parse import urlparse, urljoin
+
+import aiohttp
+from aiohttp.client_exceptions import ClientError
+
+# IP addresses of loopback interfaces
+ALLOWED_IPS = (
+    ip_address('127.0.0.1'),
+    ip_address('::1'),
+)
+
+# RFC1918 - Address allocation for Private Internets
+ALLOWED_NETWORKS = (
+    ip_network('10.0.0.0/8'),
+    ip_network('172.16.0.0/12'),
+    ip_network('192.168.0.0/16'),
+)
+
+
+async def verify_redirect_uri(hass, client_id, redirect_uri):
+    """Verify that the client and redirect uri match."""
+    try:
+        client_id_parts = _parse_client_id(client_id)
+    except ValueError:
+        return False
+
+    redirect_parts = _parse_url(redirect_uri)
+
+    # Verify redirect url and client url have same scheme and domain.
+    is_valid = (
+        client_id_parts.scheme == redirect_parts.scheme and
+        client_id_parts.netloc == redirect_parts.netloc
+    )
+
+    if is_valid:
+        return True
+
+    # IndieAuth 4.2.2 allows for redirect_uri to be on different domain
+    # but needs to be specified in link tag when fetching `client_id`.
+    redirect_uris = await fetch_redirect_uris(hass, client_id)
+    return redirect_uri in redirect_uris
+
+
+class LinkTagParser(HTMLParser):
+    """Parser to find link tags."""
+
+    def __init__(self, rel):
+        """Initialize a link tag parser."""
+        super().__init__()
+        self.rel = rel
+        self.found = []
+
+    def handle_starttag(self, tag, attrs):
+        """Handle finding a start tag."""
+        if tag != 'link':
+            return
+
+        attrs = dict(attrs)
+
+        if attrs.get('rel') == self.rel:
+            self.found.append(attrs.get('href'))
+
+
+async def fetch_redirect_uris(hass, url):
+    """Find link tag with redirect_uri values.
+
+    IndieAuth 4.2.2
+
+    The client SHOULD publish one or more <link> tags or Link HTTP headers with
+    a rel attribute of redirect_uri at the client_id URL.
+
+    We limit to the first 10kB of the page.
+
+    We do not implement extracting redirect uris from headers.
+    """
+    parser = LinkTagParser('redirect_uri')
+    chunks = 0
+    try:
+        async with aiohttp.ClientSession() as session:
+            async with session.get(url, timeout=5) as resp:
+                async for data in resp.content.iter_chunked(1024):
+                    parser.feed(data.decode())
+                    chunks += 1
+
+                    if chunks == 10:
+                        break
+
+    except (asyncio.TimeoutError, ClientError):
+        pass
+
+    # Authorization endpoints verifying that a redirect_uri is allowed for use
+    # by a client MUST look for an exact match of the given redirect_uri in the
+    # request against the list of redirect_uris discovered after resolving any
+    # relative URLs.
+    return [urljoin(url, found) for found in parser.found]
+
+
+def verify_client_id(client_id):
+    """Verify that the client id is valid."""
+    try:
+        _parse_client_id(client_id)
+        return True
+    except ValueError:
+        return False
+
+
+def _parse_url(url):
+    """Parse a url in parts and canonicalize according to IndieAuth."""
+    parts = urlparse(url)
+
+    # Canonicalize a url according to IndieAuth 3.2.
+
+    # SHOULD convert the hostname to lowercase
+    parts = parts._replace(netloc=parts.netloc.lower())
+
+    # If a URL with no path component is ever encountered,
+    # it MUST be treated as if it had the path /.
+    if parts.path == '':
+        parts = parts._replace(path='/')
+
+    return parts
+
+
+def _parse_client_id(client_id):
+    """Test if client id is a valid URL according to IndieAuth section 3.2.
+
+    https://indieauth.spec.indieweb.org/#client-identifier
+    """
+    parts = _parse_url(client_id)
+
+    # Client identifier URLs
+    # MUST have either an https or http scheme
+    if parts.scheme not in ('http', 'https'):
+        raise ValueError()
+
+    # MUST contain a path component
+    # Handled by url canonicalization.
+
+    # MUST NOT contain single-dot or double-dot path segments
+    if any(segment in ('.', '..') for segment in parts.path.split('/')):
+        raise ValueError(
+            'Client ID cannot contain single-dot or double-dot path segments')
+
+    # MUST NOT contain a fragment component
+    if parts.fragment != '':
+        raise ValueError('Client ID cannot contain a fragment')
+
+    # MUST NOT contain a username or password component
+    if parts.username is not None:
+        raise ValueError('Client ID cannot contain username')
+
+    if parts.password is not None:
+        raise ValueError('Client ID cannot contain password')
+
+    # MAY contain a port
+    try:
+        # parts raises ValueError when port cannot be parsed as int
+        parts.port
+    except ValueError:
+        raise ValueError('Client ID contains invalid port')
+
+    # Additionally, hostnames
+    # MUST be domain names or a loopback interface and
+    # MUST NOT be IPv4 or IPv6 addresses except for IPv4 127.0.0.1
+    # or IPv6 [::1]
+
+    # We are not goint to follow the spec here. We are going to allow
+    # any internal network IP to be used inside a client id.
+
+    address = None
+
+    try:
+        netloc = parts.netloc
+
+        # Strip the [, ] from ipv6 addresses before parsing
+        if netloc[0] == '[' and netloc[-1] == ']':
+            netloc = netloc[1:-1]
+
+        address = ip_address(netloc)
+    except ValueError:
+        # Not an ip address
+        pass
+
+    if (address is None or
+            address in ALLOWED_IPS or
+            any(address in network for network in ALLOWED_NETWORKS)):
+        return parts
+
+    raise ValueError('Hostname should be a domain name or local IP address')
--- a/homeassistant/components/auth/login_flow.py
+++ b/homeassistant/components/auth/login_flow.py
@@ -0,0 +1,237 @@
+"""HTTP views handle login flow.
+
+# GET /auth/providers
+
+Return a list of auth providers. Example:
+
+[
+    {
+        "name": "Local",
+        "id": null,
+        "type": "local_provider",
+    }
+]
+
+
+# POST /auth/login_flow
+
+Create a login flow. Will return the first step of the flow.
+
+Pass in parameter 'client_id' and 'redirect_url' validate by indieauth.
+
+Pass in parameter 'handler' to specify the auth provider to use. Auth providers
+are identified by type and id.
+
+And optional parameter 'type' has to set as 'link_user' if login flow used for
+link credential to exist user. Default 'type' is 'authorize'.
+
+{
+    "client_id": "https://hassbian.local:8123/",
+    "handler": ["local_provider", null],
+    "redirect_url": "https://hassbian.local:8123/",
+    "type': "authorize"
+}
+
+Return value will be a step in a data entry flow. See the docs for data entry
+flow for details.
+
+{
+    "data_schema": [
+        {"name": "username", "type": "string"},
+        {"name": "password", "type": "string"}
+    ],
+    "errors": {},
+    "flow_id": "8f7e42faab604bcab7ac43c44ca34d58",
+    "handler": ["insecure_example", null],
+    "step_id": "init",
+    "type": "form"
+}
+
+
+# POST /auth/login_flow/{flow_id}
+
+Progress the flow. Most flows will be 1 page, but could optionally add extra
+login challenges, like TFA. Once the flow has finished, the returned step will
+have type "create_entry" and "result" key will contain an authorization code.
+The authorization code associated with an authorized user by default, it will
+associate with an credential if "type" set to "link_user" in
+"/auth/login_flow"
+
+{
+    "flow_id": "8f7e42faab604bcab7ac43c44ca34d58",
+    "handler": ["insecure_example", null],
+    "result": "411ee2f916e648d691e937ae9344681e",
+    "title": "Example",
+    "type": "create_entry",
+    "version": 1
+}
+"""
+import aiohttp.web
+import voluptuous as vol
+
+from homeassistant import data_entry_flow
+from homeassistant.components.http import KEY_REAL_IP
+from homeassistant.components.http.ban import process_wrong_login, \
+    log_invalid_auth
+from homeassistant.components.http.data_validator import RequestDataValidator
+from homeassistant.components.http.view import HomeAssistantView
+from . import indieauth
+
+
+async def async_setup(hass, store_result):
+    """Component to allow users to login."""
+    hass.http.register_view(AuthProvidersView)
+    hass.http.register_view(LoginFlowIndexView(hass.auth.login_flow))
+    hass.http.register_view(
+        LoginFlowResourceView(hass.auth.login_flow, store_result))
+
+
+class AuthProvidersView(HomeAssistantView):
+    """View to get available auth providers."""
+
+    url = '/auth/providers'
+    name = 'api:auth:providers'
+    requires_auth = False
+
+    async def get(self, request):
+        """Get available auth providers."""
+        return self.json([{
+            'name': provider.name,
+            'id': provider.id,
+            'type': provider.type,
+        } for provider in request.app['hass'].auth.auth_providers])
+
+
+def _prepare_result_json(result):
+    """Convert result to JSON."""
+    if result['type'] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
+        data = result.copy()
+        data.pop('result')
+        data.pop('data')
+        return data
+
+    if result['type'] != data_entry_flow.RESULT_TYPE_FORM:
+        return result
+
+    import voluptuous_serialize
+
+    data = result.copy()
+
+    schema = data['data_schema']
+    if schema is None:
+        data['data_schema'] = []
+    else:
+        data['data_schema'] = voluptuous_serialize.convert(schema)
+
+    return data
+
+
+class LoginFlowIndexView(HomeAssistantView):
+    """View to create a config flow."""
+
+    url = '/auth/login_flow'
+    name = 'api:auth:login_flow'
+    requires_auth = False
+
+    def __init__(self, flow_mgr):
+        """Initialize the flow manager index view."""
+        self._flow_mgr = flow_mgr
+
+    async def get(self, request):
+        """Do not allow index of flows in progress."""
+        return aiohttp.web.Response(status=405)
+
+    @RequestDataValidator(vol.Schema({
+        vol.Required('client_id'): str,
+        vol.Required('handler'): vol.Any(str, list),
+        vol.Required('redirect_uri'): str,
+        vol.Optional('type', default='authorize'): str,
+    }))
+    @log_invalid_auth
+    async def post(self, request, data):
+        """Create a new login flow."""
+        if not await indieauth.verify_redirect_uri(
+                request.app['hass'], data['client_id'], data['redirect_uri']):
+            return self.json_message('invalid client id or redirect uri', 400)
+
+        if isinstance(data['handler'], list):
+            handler = tuple(data['handler'])
+        else:
+            handler = data['handler']
+
+        try:
+            result = await self._flow_mgr.async_init(
+                handler, context={
+                    'ip_address': request[KEY_REAL_IP],
+                    'credential_only': data.get('type') == 'link_user',
+                })
+        except data_entry_flow.UnknownHandler:
+            return self.json_message('Invalid handler specified', 404)
+        except data_entry_flow.UnknownStep:
+            return self.json_message('Handler does not support init', 400)
+
+        return self.json(_prepare_result_json(result))
+
+
+class LoginFlowResourceView(HomeAssistantView):
+    """View to interact with the flow manager."""
+
+    url = '/auth/login_flow/{flow_id}'
+    name = 'api:auth:login_flow:resource'
+    requires_auth = False
+
+    def __init__(self, flow_mgr, store_result):
+        """Initialize the login flow resource view."""
+        self._flow_mgr = flow_mgr
+        self._store_result = store_result
+
+    async def get(self, request):
+        """Do not allow getting status of a flow in progress."""
+        return self.json_message('Invalid flow specified', 404)
+
+    @RequestDataValidator(vol.Schema({
+        'client_id': str
+    }, extra=vol.ALLOW_EXTRA))
+    @log_invalid_auth
+    async def post(self, request, flow_id, data):
+        """Handle progressing a login flow request."""
+        client_id = data.pop('client_id')
+
+        if not indieauth.verify_client_id(client_id):
+            return self.json_message('Invalid client id', 400)
+
+        try:
+            # do not allow change ip during login flow
+            for flow in self._flow_mgr.async_progress():
+                if (flow['flow_id'] == flow_id and
+                        flow['context']['ip_address'] !=
+                        request.get(KEY_REAL_IP)):
+                    return self.json_message('IP address changed', 400)
+
+            result = await self._flow_mgr.async_configure(flow_id, data)
+        except data_entry_flow.UnknownFlow:
+            return self.json_message('Invalid flow specified', 404)
+        except vol.Invalid:
+            return self.json_message('User input malformed', 400)
+
+        if result['type'] != data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
+            # @log_invalid_auth does not work here since it returns HTTP 200
+            # need manually log failed login attempts
+            if result['errors'] is not None and \
+                    result['errors'].get('base') == 'invalid_auth':
+                await process_wrong_login(request)
+            return self.json(_prepare_result_json(result))
+
+        result.pop('data')
+        result['result'] = self._store_result(client_id, result['result'])
+
+        return self.json(result)
+
+    async def delete(self, request, flow_id):
+        """Cancel a flow in progress."""
+        try:
+            self._flow_mgr.async_abort(flow_id)
+        except data_entry_flow.UnknownFlow:
+            return self.json_message('Invalid flow specified', 404)
+
+        return self.json_message('Flow aborted')
--- a/homeassistant/components/auth/mfa_setup_flow.py
+++ b/homeassistant/components/auth/mfa_setup_flow.py
@@ -0,0 +1,134 @@
+"""Helpers to setup multi-factor auth module."""
+import logging
+
+import voluptuous as vol
+
+from homeassistant import data_entry_flow
+from homeassistant.components import websocket_api
+from homeassistant.core import callback, HomeAssistant
+
+WS_TYPE_SETUP_MFA = 'auth/setup_mfa'
+SCHEMA_WS_SETUP_MFA = websocket_api.BASE_COMMAND_MESSAGE_SCHEMA.extend({
+    vol.Required('type'): WS_TYPE_SETUP_MFA,
+    vol.Exclusive('mfa_module_id', 'module_or_flow_id'): str,
+    vol.Exclusive('flow_id', 'module_or_flow_id'): str,
+    vol.Optional('user_input'): object,
+})
+
+WS_TYPE_DEPOSE_MFA = 'auth/depose_mfa'
+SCHEMA_WS_DEPOSE_MFA = websocket_api.BASE_COMMAND_MESSAGE_SCHEMA.extend({
+    vol.Required('type'): WS_TYPE_DEPOSE_MFA,
+    vol.Required('mfa_module_id'): str,
+})
+
+DATA_SETUP_FLOW_MGR = 'auth_mfa_setup_flow_manager'
+
+_LOGGER = logging.getLogger(__name__)
+
+
+async def async_setup(hass):
+    """Init mfa setup flow manager."""
+    async def _async_create_setup_flow(handler, context, data):
+        """Create a setup flow. hanlder is a mfa module."""
+        mfa_module = hass.auth.get_auth_mfa_module(handler)
+        if mfa_module is None:
+            raise ValueError('Mfa module {} is not found'.format(handler))
+
+        user_id = data.pop('user_id')
+        return await mfa_module.async_setup_flow(user_id)
+
+    async def _async_finish_setup_flow(flow, flow_result):
+        _LOGGER.debug('flow_result: %s', flow_result)
+        return flow_result
+
+    hass.data[DATA_SETUP_FLOW_MGR] = data_entry_flow.FlowManager(
+        hass, _async_create_setup_flow, _async_finish_setup_flow)
+
+    hass.components.websocket_api.async_register_command(
+        WS_TYPE_SETUP_MFA, websocket_setup_mfa, SCHEMA_WS_SETUP_MFA)
+
+    hass.components.websocket_api.async_register_command(
+        WS_TYPE_DEPOSE_MFA, websocket_depose_mfa, SCHEMA_WS_DEPOSE_MFA)
+
+
+@callback
+@websocket_api.ws_require_user(allow_system_user=False)
+def websocket_setup_mfa(
+        hass: HomeAssistant, connection: websocket_api.ActiveConnection, msg):
+    """Return a setup flow for mfa auth module."""
+    async def async_setup_flow(msg):
+        """Return a setup flow for mfa auth module."""
+        flow_manager = hass.data[DATA_SETUP_FLOW_MGR]
+
+        flow_id = msg.get('flow_id')
+        if flow_id is not None:
+            result = await flow_manager.async_configure(
+                flow_id, msg.get('user_input'))
+            connection.send_message_outside(
+                websocket_api.result_message(
+                    msg['id'], _prepare_result_json(result)))
+            return
+
+        mfa_module_id = msg.get('mfa_module_id')
+        mfa_module = hass.auth.get_auth_mfa_module(mfa_module_id)
+        if mfa_module is None:
+            connection.send_message_outside(websocket_api.error_message(
+                msg['id'], 'no_module',
+                'MFA module {} is not found'.format(mfa_module_id)))
+            return
+
+        result = await flow_manager.async_init(
+            mfa_module_id, data={'user_id': connection.user.id})
+
+        connection.send_message_outside(
+            websocket_api.result_message(
+                msg['id'], _prepare_result_json(result)))
+
+    hass.async_create_task(async_setup_flow(msg))
+
+
+@callback
+@websocket_api.ws_require_user(allow_system_user=False)
+def websocket_depose_mfa(
+        hass: HomeAssistant, connection: websocket_api.ActiveConnection, msg):
+    """Remove user from mfa module."""
+    async def async_depose(msg):
+        """Remove user from mfa auth module."""
+        mfa_module_id = msg['mfa_module_id']
+        try:
+            await hass.auth.async_disable_user_mfa(
+                connection.user, msg['mfa_module_id'])
+        except ValueError as err:
+            connection.send_message_outside(websocket_api.error_message(
+                msg['id'], 'disable_failed',
+                'Cannot disable MFA Module {}: {}'.format(
+                    mfa_module_id, err)))
+            return
+
+        connection.send_message_outside(
+            websocket_api.result_message(
+                msg['id'], 'done'))
+
+    hass.async_create_task(async_depose(msg))
+
+
+def _prepare_result_json(result):
+    """Convert result to JSON."""
+    if result['type'] == data_entry_flow.RESULT_TYPE_CREATE_ENTRY:
+        data = result.copy()
+        return data
+
+    if result['type'] != data_entry_flow.RESULT_TYPE_FORM:
+        return result
+
+    import voluptuous_serialize
+
+    data = result.copy()
+
+    schema = data['data_schema']
+    if schema is None:
+        data['data_schema'] = []
+    else:
+        data['data_schema'] = voluptuous_serialize.convert(schema)
+
+    return data
--- a/homeassistant/components/auth/strings.json
+++ b/homeassistant/components/auth/strings.json
@@ -0,0 +1,16 @@
+{
+  "mfa_setup":{
+    "totp": {
+      "title": "TOTP",
+      "step": {
+        "init": {
+          "title": "Set up two-factor authentication using TOTP",
+          "description": "To activate two factor authentication using time-based one-time passwords, scan the QR code with your authentication app. If you don't have one, we recommend either [Google Authenticator](https://support.google.com/accounts/answer/1066447) or [Authy](https://authy.com/).\n\n{qr_code}\n\nAfter scanning the code, enter the six digit code from your app to verify the setup. If you have problems scanning the QR code, do a manual setup with code **`{code}`**."
+        }
+      },
+      "error": {
+        "invalid_code": "Invalid code, please try again. If you get this error consistently, please make sure the clock of your Home Assistant system is accurate."
+      }
+    }
+  }
+}
--- a/homeassistant/components/automation/init.py
+++ b/homeassistant/components/automation/init.py
@@ -1,5 +1,5 @@
 """
-Allow to setup simple automation rules via the config file.
+Allow to set up simple automation rules via the config file.

 For more details about this component, please refer to the documentation at
 https://home-assistant.io/components/automation/
@@ -297,7 +297,7 @@ class AutomationEntity(ToggleEntity):
            return

        # HomeAssistant is starting up
-        elif self.hass.state == CoreState.not_running:
+        if self.hass.state == CoreState.not_running:
            @asyncio.coroutine
            def async_enable_automation(event):
                """Start automation on startup."""
--- a/homeassistant/components/automation/homeassistant.py
+++ b/homeassistant/components/automation/homeassistant.py
@@ -44,7 +44,7 @@ def async_trigger(hass, config, action):

    # Automation are enabled while hass is starting up, fire right away
    # Check state because a config reload shouldn't trigger it.
-    elif hass.state == CoreState.starting:
+    if hass.state == CoreState.starting:
        hass.async_run_job(action, {
            'trigger': {
                'platform': 'homeassistant',
--- a/homeassistant/components/automation/mqtt.py
+++ b/homeassistant/components/automation/mqtt.py
@@ -10,7 +10,7 @@ import json
 import voluptuous as vol

 from homeassistant.core import callback
-import homeassistant.components.mqtt as mqtt
+from homeassistant.components import mqtt
 from homeassistant.const import (CONF_PLATFORM, CONF_PAYLOAD)
 import homeassistant.helpers.config_validation as cv

--- a/homeassistant/components/bbb_gpio.py
+++ b/homeassistant/components/bbb_gpio.py
@@ -16,11 +16,10 @@ _LOGGER = logging.getLogger(__name__)
 DOMAIN = 'bbb_gpio'


-# pylint: disable=no-member
 def setup(hass, config):
    """Set up the BeagleBone Black GPIO component."""
    # pylint: disable=import-error
-    import Adafruit_BBIO.GPIO as GPIO
+    from Adafruit_BBIO import GPIO

    def cleanup_gpio(event):
        """Stuff to do before stopping."""
@@ -34,41 +33,39 @@ def setup(hass, config):
    return True


-# noqa: F821
-
 def setup_output(pin):
    """Set up a GPIO as output."""
-    # pylint: disable=import-error,undefined-variable
-    import Adafruit_BBIO.GPIO as GPIO
+    # pylint: disable=import-error
+    from Adafruit_BBIO import GPIO
    GPIO.setup(pin, GPIO.OUT)


 def setup_input(pin, pull_mode):
    """Set up a GPIO as input."""
-    # pylint: disable=import-error,undefined-variable
-    import Adafruit_BBIO.GPIO as GPIO
-    GPIO.setup(pin, GPIO.IN,                            # noqa: F821
-               GPIO.PUD_DOWN if pull_mode == 'DOWN'     # noqa: F821
-               else GPIO.PUD_UP)                        # noqa: F821
+    # pylint: disable=import-error
+    from Adafruit_BBIO import GPIO
+    GPIO.setup(pin, GPIO.IN,
+               GPIO.PUD_DOWN if pull_mode == 'DOWN'
+               else GPIO.PUD_UP)


 def write_output(pin, value):
    """Write a value to a GPIO."""
-    # pylint: disable=import-error,undefined-variable
-    import Adafruit_BBIO.GPIO as GPIO
+    # pylint: disable=import-error
+    from Adafruit_BBIO import GPIO
    GPIO.output(pin, value)


 def read_input(pin):
    """Read a value from a GPIO."""
-    # pylint: disable=import-error,undefined-variable
-    import Adafruit_BBIO.GPIO as GPIO
+    # pylint: disable=import-error
+    from Adafruit_BBIO import GPIO
    return GPIO.input(pin) is GPIO.HIGH


 def edge_detect(pin, event_callback, bounce):
    """Add detection for RISING and FALLING events."""
-    # pylint: disable=import-error,undefined-variable
-    import Adafruit_BBIO.GPIO as GPIO
+    # pylint: disable=import-error
+    from Adafruit_BBIO import GPIO
    GPIO.add_event_detect(
        pin, GPIO.BOTH, callback=event_callback, bouncetime=bounce)
--- a/homeassistant/components/binary_sensor/init.py
+++ b/homeassistant/components/binary_sensor/init.py
@@ -58,7 +58,7 @@ async def async_setup(hass, config):


 async def async_setup_entry(hass, entry):
-    """Setup a config entry."""
+    """Set up a config entry."""
    return await hass.data[DOMAIN].async_setup_entry(entry)


@@ -67,7 +67,6 @@ async def async_unload_entry(hass, entry):
    return await hass.data[DOMAIN].async_unload_entry(entry)


-# pylint: disable=no-self-use
 class BinarySensorDevice(Entity):
    """Represent a binary sensor."""

--- a/homeassistant/components/binary_sensor/abode.py
+++ b/homeassistant/components/binary_sensor/abode.py
@@ -16,7 +16,7 @@ DEPENDENCIES = ['abode']
 _LOGGER = logging.getLogger(__name__)


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up a sensor for an Abode device."""
    import abodepy.helpers.constants as CONST
    import abodepy.helpers.timeline as TIMELINE
@@ -44,7 +44,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):

    data.devices.extend(devices)

-    add_devices(devices)
+    add_entities(devices)


 class AbodeBinarySensor(AbodeDevice, BinarySensorDevice):
--- a/homeassistant/components/binary_sensor/ads.py
+++ b/homeassistant/components/binary_sensor/ads.py
@@ -27,7 +27,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Binary Sensor platform for ADS."""
    ads_hub = hass.data.get(DATA_ADS)

@@ -36,7 +36,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
    device_class = config.get(CONF_DEVICE_CLASS)

    ads_sensor = AdsBinarySensor(ads_hub, name, ads_var, device_class)
-    add_devices([ads_sensor])
+    add_entities([ads_sensor])


 class AdsBinarySensor(BinarySensorDevice):
--- a/homeassistant/components/binary_sensor/alarmdecoder.py
+++ b/homeassistant/components/binary_sensor/alarmdecoder.py
@@ -11,7 +11,8 @@ from homeassistant.components.binary_sensor import BinarySensorDevice
 from homeassistant.components.alarmdecoder import (
    ZONE_SCHEMA, CONF_ZONES, CONF_ZONE_NAME, CONF_ZONE_TYPE,
    CONF_ZONE_RFID, SIGNAL_ZONE_FAULT, SIGNAL_ZONE_RESTORE,
-    SIGNAL_RFX_MESSAGE)
+    SIGNAL_RFX_MESSAGE, SIGNAL_REL_MESSAGE, CONF_RELAY_ADDR,
+    CONF_RELAY_CHAN)

 DEPENDENCIES = ['alarmdecoder']

@@ -27,7 +28,7 @@ ATTR_RF_LOOP4 = 'rf_loop4'
 ATTR_RF_LOOP1 = 'rf_loop1'


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the AlarmDecoder binary sensor devices."""
    configured_zones = discovery_info[CONF_ZONES]

@@ -37,11 +38,13 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
        zone_type = device_config_data[CONF_ZONE_TYPE]
        zone_name = device_config_data[CONF_ZONE_NAME]
        zone_rfid = device_config_data.get(CONF_ZONE_RFID)
+        relay_addr = device_config_data.get(CONF_RELAY_ADDR)
+        relay_chan = device_config_data.get(CONF_RELAY_CHAN)
        device = AlarmDecoderBinarySensor(
-            zone_num, zone_name, zone_type, zone_rfid)
+            zone_num, zone_name, zone_type, zone_rfid, relay_addr, relay_chan)
        devices.append(device)

-    add_devices(devices)
+    add_entities(devices)

    return True

@@ -49,7 +52,8 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
 class AlarmDecoderBinarySensor(BinarySensorDevice):
    """Representation of an AlarmDecoder binary sensor."""

-    def __init__(self, zone_number, zone_name, zone_type, zone_rfid):
+    def __init__(self, zone_number, zone_name, zone_type, zone_rfid,
+                 relay_addr, relay_chan):
        """Initialize the binary_sensor."""
        self._zone_number = zone_number
        self._zone_type = zone_type
@@ -57,6 +61,8 @@ class AlarmDecoderBinarySensor(BinarySensorDevice):
        self._name = zone_name
        self._rfid = zone_rfid
        self._rfstate = None
+        self._relay_addr = relay_addr
+        self._relay_chan = relay_chan

    @asyncio.coroutine
    def async_added_to_hass(self):
@@ -70,6 +76,9 @@ class AlarmDecoderBinarySensor(BinarySensorDevice):
        self.hass.helpers.dispatcher.async_dispatcher_connect(
            SIGNAL_RFX_MESSAGE, self._rfx_message_callback)

+        self.hass.helpers.dispatcher.async_dispatcher_connect(
+            SIGNAL_REL_MESSAGE, self._rel_message_callback)
+
    @property
    def name(self):
        """Return the name of the entity."""
@@ -122,3 +131,12 @@ class AlarmDecoderBinarySensor(BinarySensorDevice):
        if self._rfid and message and message.serial_number == self._rfid:
            self._rfstate = message.value
            self.schedule_update_ha_state()
+
+    def _rel_message_callback(self, message):
+        """Update relay state."""
+        if (self._relay_addr == message.address and
+                self._relay_chan == message.channel):
+            _LOGGER.debug("Relay %d:%d value:%d", message.address,
+                          message.channel, message.value)
+            self._state = message.value
+            self.schedule_update_ha_state()
--- a/homeassistant/components/binary_sensor/android_ip_webcam.py
+++ b/homeassistant/components/binary_sensor/android_ip_webcam.py
@@ -14,7 +14,8 @@ DEPENDENCIES = ['android_ip_webcam']


@asyncio.coroutine
-def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
+def async_setup_platform(hass, config, async_add_entities,
+                         discovery_info=None):
    """Set up the IP Webcam binary sensors."""
    if discovery_info is None:
        return
@@ -23,7 +24,7 @@ def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
    name = discovery_info[CONF_NAME]
    ipcam = hass.data[DATA_IP_WEBCAM][host]

-    async_add_devices(
+    async_add_entities(
        [IPWebcamBinarySensor(name, host, ipcam, 'motion_active')], True)


--- a/homeassistant/components/binary_sensor/apcupsd.py
+++ b/homeassistant/components/binary_sensor/apcupsd.py
@@ -20,9 +20,9 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up an APCUPSd Online Status binary sensor."""
-    add_devices([OnlineStatus(config, apcupsd.DATA)], True)
+    add_entities([OnlineStatus(config, apcupsd.DATA)], True)


 class OnlineStatus(BinarySensorDevice):
--- a/homeassistant/components/binary_sensor/arest.py
+++ b/homeassistant/components/binary_sensor/arest.py
@@ -29,7 +29,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the aREST binary sensor."""
    resource = config.get(CONF_RESOURCE)
    pin = config.get(CONF_PIN)
@@ -47,7 +47,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):

    arest = ArestData(resource, pin)

-    add_devices([ArestBinarySensor(
+    add_entities([ArestBinarySensor(
        arest, resource, config.get(CONF_NAME, response[CONF_NAME]),
        device_class, pin)], True)

@@ -89,7 +89,7 @@ class ArestBinarySensor(BinarySensorDevice):
        self.arest.update()


-class ArestData(object):
+class ArestData:
    """Class for handling the data retrieval for pins."""

    def __init__(self, resource, pin):
--- a/homeassistant/components/binary_sensor/august.py
+++ b/homeassistant/components/binary_sensor/august.py
@@ -53,7 +53,7 @@ SENSOR_TYPES = {
 }


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the August binary sensors."""
    data = hass.data[DATA_AUGUST]
    devices = []
@@ -62,7 +62,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
        for sensor_type in SENSOR_TYPES:
            devices.append(AugustBinarySensor(data, sensor_type, doorbell))

-    add_devices(devices, True)
+    add_entities(devices, True)


 class AugustBinarySensor(BinarySensorDevice):
--- a/homeassistant/components/binary_sensor/aurora.py
+++ b/homeassistant/components/binary_sensor/aurora.py
@@ -39,7 +39,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the aurora sensor."""
    if None in (hass.config.latitude, hass.config.longitude):
        _LOGGER.error("Lat. or long. not set in Home Assistant config")
@@ -57,7 +57,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
            "Connection to aurora forecast service failed: %s", error)
        return False

-    add_devices([AuroraSensor(aurora_data, name)], True)
+    add_entities([AuroraSensor(aurora_data, name)], True)


 class AuroraSensor(BinarySensorDevice):
@@ -99,7 +99,7 @@ class AuroraSensor(BinarySensorDevice):
        self.aurora_data.update()


-class AuroraData(object):
+class AuroraData:
    """Get aurora forecast."""

    def __init__(self, latitude, longitude, threshold):
--- a/homeassistant/components/binary_sensor/axis.py
+++ b/homeassistant/components/binary_sensor/axis.py
@@ -18,9 +18,9 @@ DEPENDENCIES = ['axis']
 _LOGGER = logging.getLogger(__name__)


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Axis binary devices."""
-    add_devices([AxisBinarySensor(hass, discovery_info)], True)
+    add_entities([AxisBinarySensor(hass, discovery_info)], True)


 class AxisBinarySensor(AxisDeviceEvent, BinarySensorDevice):
--- a/homeassistant/components/binary_sensor/bayesian.py
+++ b/homeassistant/components/binary_sensor/bayesian.py
@@ -75,7 +75,8 @@ def update_probability(prior, prob_true, prob_false):


@asyncio.coroutine
-def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
+def async_setup_platform(hass, config, async_add_entities,
+                         discovery_info=None):
    """Set up the Bayesian Binary sensor."""
    name = config.get(CONF_NAME)
    observations = config.get(CONF_OBSERVATIONS)
@@ -83,7 +84,7 @@ def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
    probability_threshold = config.get(CONF_PROBABILITY_THRESHOLD)
    device_class = config.get(CONF_DEVICE_CLASS)

-    async_add_devices([
+    async_add_entities([
        BayesianBinarySensor(
            name, prior, observations, probability_threshold, device_class)
    ], True)
@@ -122,7 +123,6 @@ class BayesianBinarySensor(BinarySensorDevice):
    def async_added_to_hass(self):
        """Call when entity about to be added."""
        @callback
-        # pylint: disable=invalid-name
        def async_threshold_sensor_state_listener(entity, old_state,
                                                  new_state):
            """Handle sensor state changes."""
--- a/homeassistant/components/binary_sensor/bbb_gpio.py
+++ b/homeassistant/components/binary_sensor/bbb_gpio.py
@@ -8,7 +8,7 @@ import logging

 import voluptuous as vol

-import homeassistant.components.bbb_gpio as bbb_gpio
+from homeassistant.components import bbb_gpio
 from homeassistant.components.binary_sensor import (
    BinarySensorDevice, PLATFORM_SCHEMA)
 from homeassistant.const import (DEVICE_DEFAULT_NAME, CONF_NAME)
@@ -41,7 +41,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Beaglebone Black GPIO devices."""
    pins = config.get(CONF_PINS)

@@ -49,7 +49,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):

    for pin, params in pins.items():
        binary_sensors.append(BBBGPIOBinarySensor(pin, params))
-    add_devices(binary_sensors)
+    add_entities(binary_sensors)


 class BBBGPIOBinarySensor(BinarySensorDevice):
--- a/homeassistant/components/binary_sensor/blink.py
+++ b/homeassistant/components/binary_sensor/blink.py
@@ -10,7 +10,7 @@ from homeassistant.components.binary_sensor import BinarySensorDevice
 DEPENDENCIES = ['blink']


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the blink binary sensors."""
    if discovery_info is None:
        return
@@ -20,7 +20,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
    for name in data.cameras:
        devs.append(BlinkCameraMotionSensor(name, data))
    devs.append(BlinkSystemSensor(data))
-    add_devices(devs, True)
+    add_entities(devs, True)


 class BlinkCameraMotionSensor(BinarySensorDevice):
--- a/homeassistant/components/binary_sensor/bloomsky.py
+++ b/homeassistant/components/binary_sensor/bloomsky.py
@@ -28,7 +28,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the available BloomSky weather binary sensors."""
    bloomsky = hass.components.bloomsky
    # Default needed in case of discovery
@@ -36,7 +36,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):

    for device in bloomsky.BLOOMSKY.devices.values():
        for variable in sensors:
-            add_devices(
+            add_entities(
                [BloomSkySensor(bloomsky.BLOOMSKY, device, variable)], True)


--- a/homeassistant/components/binary_sensor/bmw_connected_drive.py
+++ b/homeassistant/components/binary_sensor/bmw_connected_drive.py
@@ -31,7 +31,7 @@ SENSOR_TYPES_ELEC = {
 SENSOR_TYPES_ELEC.update(SENSOR_TYPES)


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the BMW sensors."""
    accounts = hass.data[BMW_DOMAIN]
    _LOGGER.debug('Found BMW accounts: %s',
@@ -51,7 +51,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
                    device = BMWConnectedDriveSensor(account, vehicle, key,
                                                     value[0], value[1])
                    devices.append(device)
-    add_devices(devices, True)
+    add_entities(devices, True)


 class BMWConnectedDriveSensor(BinarySensorDevice):
@@ -71,7 +71,10 @@ class BMWConnectedDriveSensor(BinarySensorDevice):

    @property
    def should_poll(self) -> bool:
-        """Data update is triggered from BMWConnectedDriveEntity."""
+        """Return False.
+
+        Data update is triggered from BMWConnectedDriveEntity.
+        """
        return False

    @property
@@ -124,11 +127,11 @@ class BMWConnectedDriveSensor(BinarySensorDevice):
                result['check_control_messages'] = check_control_messages
        elif self._attribute == 'charging_status':
            result['charging_status'] = vehicle_state.charging_status.value
-            # pylint: disable=W0212
+            # pylint: disable=protected-access
            result['last_charging_end_result'] = \
                vehicle_state._attributes['lastChargingEndResult']
        if self._attribute == 'connection_status':
-            # pylint: disable=W0212
+            # pylint: disable=protected-access
            result['connection_status'] = \
                vehicle_state._attributes['connectionStatus']

@@ -166,7 +169,7 @@ class BMWConnectedDriveSensor(BinarySensorDevice):
        # device class plug: On means device is plugged in,
        #                    Off means device is unplugged
        if self._attribute == 'connection_status':
-            # pylint: disable=W0212
+            # pylint: disable=protected-access
            self._state = (vehicle_state._attributes['connectionStatus'] ==
                           'CONNECTED')

--- a/homeassistant/components/binary_sensor/command_line.py
+++ b/homeassistant/components/binary_sensor/command_line.py
@@ -25,6 +25,9 @@ DEFAULT_PAYLOAD_OFF = 'OFF'

 SCAN_INTERVAL = timedelta(seconds=60)

+CONF_COMMAND_TIMEOUT = 'command_timeout'
+DEFAULT_TIMEOUT = 15
+
 PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
    vol.Required(CONF_COMMAND): cv.string,
    vol.Optional(CONF_NAME, default=DEFAULT_NAME): cv.string,
@@ -32,10 +35,12 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
    vol.Optional(CONF_PAYLOAD_ON, default=DEFAULT_PAYLOAD_ON): cv.string,
    vol.Optional(CONF_DEVICE_CLASS): DEVICE_CLASSES_SCHEMA,
    vol.Optional(CONF_VALUE_TEMPLATE): cv.template,
+    vol.Optional(
+        CONF_COMMAND_TIMEOUT, default=DEFAULT_TIMEOUT): cv.positive_int,
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Command line Binary Sensor."""
    name = config.get(CONF_NAME)
    command = config.get(CONF_COMMAND)
@@ -43,11 +48,12 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
    payload_on = config.get(CONF_PAYLOAD_ON)
    device_class = config.get(CONF_DEVICE_CLASS)
    value_template = config.get(CONF_VALUE_TEMPLATE)
+    command_timeout = config.get(CONF_COMMAND_TIMEOUT)
    if value_template is not None:
        value_template.hass = hass
-    data = CommandSensorData(hass, command)
+    data = CommandSensorData(hass, command, command_timeout)

-    add_devices([CommandBinarySensor(
+    add_entities([CommandBinarySensor(
        hass, data, name, device_class, payload_on, payload_off,
        value_template)], True)

--- a/homeassistant/components/binary_sensor/concord232.py
+++ b/homeassistant/components/binary_sensor/concord232.py
@@ -42,7 +42,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Concord232 binary sensor platform."""
    from concord232 import client as concord232_client

@@ -79,7 +79,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
                )
            )

-        add_devices(sensors, True)
+        add_entities(sensors, True)


 def get_opening_type(zone):
--- a/homeassistant/components/binary_sensor/deconz.py
+++ b/homeassistant/components/binary_sensor/deconz.py
@@ -5,23 +5,24 @@ For more details about this component, please refer to the documentation at
 https://home-assistant.io/components/binary_sensor.deconz/
 """
 from homeassistant.components.binary_sensor import BinarySensorDevice
-from homeassistant.components.deconz import (
-    CONF_ALLOW_CLIP_SENSOR, DOMAIN as DATA_DECONZ, DATA_DECONZ_ID,
-    DATA_DECONZ_UNSUB)
+from homeassistant.components.deconz.const import (
+    ATTR_DARK, ATTR_ON, CONF_ALLOW_CLIP_SENSOR, DOMAIN as DATA_DECONZ,
+    DATA_DECONZ_ID, DATA_DECONZ_UNSUB, DECONZ_DOMAIN)
 from homeassistant.const import ATTR_BATTERY_LEVEL
 from homeassistant.core import callback
+from homeassistant.helpers.device_registry import CONNECTION_ZIGBEE
 from homeassistant.helpers.dispatcher import async_dispatcher_connect

 DEPENDENCIES = ['deconz']


-async def async_setup_platform(hass, config, async_add_devices,
+async def async_setup_platform(hass, config, async_add_entities,
                               discovery_info=None):
    """Old way of setting up deCONZ binary sensors."""
    pass


-async def async_setup_entry(hass, config_entry, async_add_devices):
+async def async_setup_entry(hass, config_entry, async_add_entities):
    """Set up the deCONZ binary sensor."""
    @callback
    def async_add_sensor(sensors):
@@ -33,7 +34,7 @@ async def async_setup_entry(hass, config_entry, async_add_devices):
            if sensor.type in DECONZ_BINARY_SENSOR and \
               not (not allow_clip_sensor and sensor.type.startswith('CLIP')):
                entities.append(DeconzBinarySensor(sensor))
-        async_add_devices(entities, True)
+        async_add_entities(entities, True)

    hass.data[DATA_DECONZ_UNSUB].append(
        async_dispatcher_connect(hass, 'deconz_new_sensor', async_add_sensor))
@@ -62,7 +63,8 @@ class DeconzBinarySensor(BinarySensorDevice):
        """
        if reason['state'] or \
           'reachable' in reason['attr'] or \
-           'battery' in reason['attr']:
+           'battery' in reason['attr'] or \
+           'on' in reason['attr']:
            self.async_schedule_update_ha_state()

    @property
@@ -107,6 +109,24 @@ class DeconzBinarySensor(BinarySensorDevice):
        attr = {}
        if self._sensor.battery:
            attr[ATTR_BATTERY_LEVEL] = self._sensor.battery
+        if self._sensor.on is not None:
+            attr[ATTR_ON] = self._sensor.on
        if self._sensor.type in PRESENCE and self._sensor.dark is not None:
-            attr['dark'] = self._sensor.dark
+            attr[ATTR_DARK] = self._sensor.dark
        return attr
+
+    @property
+    def device_info(self):
+        """Return a device description for device registry."""
+        if (self._sensor.uniqueid is None or
+                self._sensor.uniqueid.count(':') != 7):
+            return None
+        serial = self._sensor.uniqueid.split('-', 1)[0]
+        return {
+            'connections': {(CONNECTION_ZIGBEE, serial)},
+            'identifiers': {(DECONZ_DOMAIN, serial)},
+            'manufacturer': self._sensor.manufacturer,
+            'model': self._sensor.modelid,
+            'name': self._sensor.name,
+            'sw_version': self._sensor.swversion,
+        }
--- a/homeassistant/components/binary_sensor/demo.py
+++ b/homeassistant/components/binary_sensor/demo.py
@@ -7,9 +7,9 @@ https://home-assistant.io/components/demo/
 from homeassistant.components.binary_sensor import BinarySensorDevice


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Demo binary sensor platform."""
-    add_devices([
+    add_entities([
        DemoBinarySensor('Basement Floor Wet', False, 'moisture'),
        DemoBinarySensor('Movement Backyard', True, 'motion'),
    ])
--- a/homeassistant/components/binary_sensor/digital_ocean.py
+++ b/homeassistant/components/binary_sensor/digital_ocean.py
@@ -14,7 +14,8 @@ from homeassistant.components.binary_sensor import (
 from homeassistant.components.digital_ocean import (
    CONF_DROPLETS, ATTR_CREATED_AT, ATTR_DROPLET_ID, ATTR_DROPLET_NAME,
    ATTR_FEATURES, ATTR_IPV4_ADDRESS, ATTR_IPV6_ADDRESS, ATTR_MEMORY,
-    ATTR_REGION, ATTR_VCPUS, DATA_DIGITAL_OCEAN)
+    ATTR_REGION, ATTR_VCPUS, CONF_ATTRIBUTION, DATA_DIGITAL_OCEAN)
+from homeassistant.const import ATTR_ATTRIBUTION

 _LOGGER = logging.getLogger(__name__)

@@ -27,7 +28,7 @@ PLATFORM_SCHEMA = PLATFORM_SCHEMA.extend({
 })


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Digital Ocean droplet sensor."""
    digital = hass.data.get(DATA_DIGITAL_OCEAN)
    if not digital:
@@ -43,7 +44,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):
            return False
        dev.append(DigitalOceanBinarySensor(digital, droplet_id))

-    add_devices(dev, True)
+    add_entities(dev, True)


 class DigitalOceanBinarySensor(BinarySensorDevice):
@@ -75,6 +76,7 @@ class DigitalOceanBinarySensor(BinarySensorDevice):
    def device_state_attributes(self):
        """Return the state attributes of the Digital Ocean droplet."""
        return {
+            ATTR_ATTRIBUTION: CONF_ATTRIBUTION,
            ATTR_CREATED_AT: self.data.created_at,
            ATTR_DROPLET_ID: self.data.id,
            ATTR_DROPLET_NAME: self.data.name,
--- a/homeassistant/components/binary_sensor/ecobee.py
+++ b/homeassistant/components/binary_sensor/ecobee.py
@@ -12,7 +12,7 @@ DEPENDENCIES = ['ecobee']
 ECOBEE_CONFIG_FILE = 'ecobee.conf'


-def setup_platform(hass, config, add_devices, discovery_info=None):
+def setup_platform(hass, config, add_entities, discovery_info=None):
    """Set up the Ecobee sensors."""
    if discovery_info is None:
        return
@@ -26,7 +26,7 @@ def setup_platform(hass, config, add_devices, discovery_info=None):

                dev.append(EcobeeBinarySensor(sensor['name'], index))

-    add_devices(dev, True)
+    add_entities(dev, True)


 class EcobeeBinarySensor(BinarySensorDevice):
--- a/homeassistant/components/binary_sensor/egardia.py
+++ b/homeassistant/components/binary_sensor/egardia.py
@@ -19,7 +19,8 @@ EGARDIA_TYPE_TO_DEVICE_CLASS = {'IR Sensor': 'motion',


@asyncio.coroutine
-def async_setup_platform(hass, config, async_add_devices, discovery_info=None):
+def async_setup_platform(hass, config, async_add_entities,
+                         discovery_info=None):
    """Initialize the platform."""
    if (discovery_info is None or
            discovery_info[ATTR_DISCOVER_DEVICES] is None):
@@ -27,7 +28,7 @@ def async_setup_platform(hass, config, async_add_devices, discovery_info=None):

    disc_info = discovery_info[ATTR_DISCOVER_DEVICES]
    # multiple devices here!
-    async_add_devices(
+    async_add_entities(
        (
            EgardiaBinarySensor(
                sensor_id=disc_info[sensor]['id'],
@@ -58,7 +59,7 @@ class EgardiaBinarySensor(BinarySensorDevice):

    @property
    def name(self):
-        """The name of the device."""
+        """Return the name of the device."""
        return self._name

    @property
@@ -74,5 +75,5 @@ class EgardiaBinarySensor(BinarySensorDevice):

    @property
    def device_class(self):
-        """The device class."""
+        """Return the device class."""
        return self._device_class
--- a/homeassistant/components/binary_sensor/eight_sleep.py
+++ b/homeassistant/components/binary_sensor/eight_sleep.py
@@ -15,7 +15,7 @@ _LOGGER = logging.getLogger(__name__)
 DEPENDENCIES = ['eight_sleep']


-async def async_setup_platform(hass, config, async_add_devices,
+async def async_setup_platform(hass, config, async_add_entities,
                               discovery_info=None):
    """Set up the eight sleep binary sensor."""
    if discovery_info is None:
@@ -30,7 +30,7 @@ async def async_setup_platform(hass, config, async_add_devices,
    for sensor in sensors:
        all_sensors.append(EightHeatSensor(name, eight, sensor))

-    async_add_devices(all_sensors, True)
+    async_add_entities(all_sensors, True)


 class EightHeatSensor(EightSleepHeatEntity, BinarySensorDevice):
--- a/Show More
+++ b/Show More