[59] Feedback on unlocking process
This discussion was created from comments split from: Biometric unlock is here!.
Forum Discussion
4 Replies
Hi, first off, I love biometric unlock. However, I'm wondering if there's a way that biometric could act similarly to the standard authentication method? I use this CLI called chezmoi that integrates with 1Password however it's https://github.com/twpayne/chezmoi/blob/478537aeceae3071a3ae6363c642572731ef66fa/pkg/cmd/onepasswordtemplatefuncs.go#L241 breaks when the user has biometrics on. The app tries to cache the session token, but there is no session token with biometrics.
There's a handful of ways around this, of course; you could have the app force CLI auth, you could add a way to check if they're using biometric auth or not, or my preferred method would be to bring them in line with each other so the biometric method outputs a session token and the standard auth method gets triggered when running a command without being signed in rather than erroring.
Hi!
First of all, thank you for your sharing enthusiasm! We're glad you like the feature.
I can understand that the authorization prompt may feel like an unnecessary extra step. The reason we're doing this, is because if we don't, any process running on your system would be able to access your 1Password accounts. By asking for your permission first, we confirm that it is actually you who is using the CLI.
What could help you, is that you can always execute
op signinto trigger the authorization prompt. The authorization will be valid for 10 minutes (and that time will be extended if you keep using the CLI). So if you put that at the start of your script, you should only be prompted once, when you start the script. Would that help you in any way?Nice!
It would be even nicer if the 1Password GUI sign-in was shared with the CLI, so I would not have to unlock when invoking the CLI (when I already unlocked the GUI).
Reason: I want to use this in a script and don't want to wait for my user interaction (unlocking).
