Short answer: use an agent via the D‑Bus API. It does not have to be interactive. You can implement a tiny, non‑interactive agent that supplies the credentials your web UI collected, and ConnMan will determine the correct security (WEP vs WPA‑PSK vs EAP) from the scanned network.

Details and options:

• Provisioning file (config-format.txt)

  • Works well if you already know the security type.
  • If you specify Passphrase without Security, ConnMan assumes psk. It will not automatically pick wep in that case; for WEP you must set Security=wep.
  • Because you don’t want to ask the user about the security type, provisioning alone is not ideal.

• D‑Bus with an agent (manager-api.txt + agent-api.txt)

  • Recommended for your use case.
  • Flow:
    1. Enable Wi‑Fi and trigger a scan.
    2. List Services (Manager.GetServices), find the service whose Name matches the SSID the user entered. The service has a Security property (e.g. ["psk"], ["wep"], ["ieee8021x"], or []) derived from the AP’s capabilities.
    3. Call Service.Connect() on that service.
    4. If credentials are needed, ConnMan calls your Agent’s RequestInput with the appropriate fields for that service (e.g. Passphrase for WPA/WEP, Identity/Password for EAP).
    5. Your agent returns the values programmatically (look them up by SSID or service object path) and the connection completes. No user interaction required.
  • Your agent can be minimal: register via Manager.RegisterAgent, implement RequestInput to return a dictionary like { "Passphrase": "user_supplied_value" } and possibly Identity/Username/Password for enterprise networks. For WEP and WPA‑PSK you can just return Passphrase; ConnMan already knows which one is needed from the service’s Security list.

• Persistence/autoconnect

  • Once connected, ConnMan stores the credentials and will auto‑connect next time. You can also set AutoConnect on the service if needed.

• Hidden SSIDs

  • For hidden networks you can either provision with Hidden=true or handle the agent’s request for Name when connecting.

Bottom line: don’t rely on provisioning if you don’t know the security type. Implement a simple D‑Bus agent that feeds the credentials your web app collected. ConnMan will choose the correct security based on the scanned AP and invoke your agent for the right inputs.