Volkswagen Shuts Down Home Assistant Integration With New ‘Client Assertion’ Requirements
Table of Contents
The Wall Around the Dashboard
For years, the Home Assistant community has relied on a delicate, unofficial bridge to bring Volkswagen’s vehicle data into the smart home ecosystem. By leveraging the homeassistant-volkswagencarnet custom component, users could monitor fuel levels, track charging states of ID-series EVs, and manage climate control without leaving their living room. However, that bridge has effectively collapsed.
Reports surfacing from the GitHub community and Home Assistant forums indicate that Volkswagen has implemented a new authentication layer—specifically requiring “client assertion”—that prevents third-party scripts from successfully logging into the VWid system. The result is a sudden, widespread failure of the integration for users globally, leaving many staring at “Authentication Expired” messages and failed login attempts.
What is Client Assertion, and Why Now?
At its core, this isn’t a simple password change. Client assertion is a more secure method of authentication where the client (in this case, the Home Assistant plugin) must prove its identity using a cryptographically signed token, rather than just providing a username and password. Essentially, Volkswagen is moving from a model where any application with your credentials could access your car to one where only approved applications (like the official Volkswagen Connect app) are permitted.
This shift is part of a broader trend across the automotive industry. As cars become “software-defined vehicles,” manufacturers like Tesla, BMW, and GM are increasingly locking down their APIs. The motivation is twofold: security and monetization. By restricting API access, manufacturers can reduce the attack surface for hackers and ensure that any “premium” connectivity features remain behind a corporate paywall rather than being freely accessible via open-source tools.
The ‘Official App’ Paradox
The frustration among users is amplified by the fact that the official Android and iOS apps continue to function perfectly. This confirms that the issue isn’t with the user’s account or the car’s connectivity, but specifically with the method of access. When a user attempts to re-authenticate within Home Assistant, the system returns a generic error: “Anmeldung bei Volkswagen Connect nicht möglich” (Login to Volkswagen Connect not possible).
For the developer community, this creates a significant hurdle. To bypass client assertion, developers would either need to reverse-engineer the official app’s signing process—a cat-and-mouse game that often leads to account bans—or Volkswagen would need to open an official API for third-party developers, something the company has shown little interest in doing.
A Pattern of Digital Enclosure
This move mirrors similar disruptions seen in the wider tech ecosystem. We’ve seen this with the “walled gardens” of mobile operating systems and the recent trend of companies killing off legacy APIs in favor of proprietary SDKs. By cutting off Home Assistant, Volkswagen is effectively asserting total control over the user’s data, transforming the vehicle from a tool the owner controls into a service the manufacturer manages.
For the thousands of users who integrated their ID.4 or Golf into their home automation—setting up alerts for when the car finishes charging or triggering home lights when the vehicle arrives in the driveway—the loss is more than just a convenience. It represents a shrinking of the open web and a move toward a more restrictive, corporate-managed digital experience.
As of now, there is no official workaround. The homeassistant-volkswagencarnet maintainers are analyzing the new authentication flow, but without a cooperative API from Volkswagen, the future of the integration remains uncertain.
