Forum Discussion
authorization timeout when using CLI
I'm trying to use the 1password CLI to automate some password retrieval tasks etc, however, I'm noticing that after the first couple of auths I start receiving authorization timeout errors.
Debug mode output:
op vault list --debug
10:15AM | DEBUG | Session delegation enabled
10:15AM | DEBUG | NM request: NmRequestAccounts
10:15AM | DEBUG | NM response: Success
10:15AM | DEBUG | NM request: NmRequestAccounts
10:15AM | DEBUG | NM response: Success
10:15AM | DEBUG | account not signed in, filter= latest_signin_user=
10:15AM | DEBUG | NM request: NmRequestAccounts
10:15AM | DEBUG | NM response: Success
10:15AM | DEBUG | NM request: NmRequestAuthorization
[ERROR] 2025/07/11 10:16:41 authorization timeout
We use Okta SSO for authentication for 1password; when I first connect I get prompted to open the 1Password app, and auth as normal, and then the cli behaves ok. If I wait a few minutes after doing this and open a new terminal and try to run these commands again I get the authorization timeout.
Any ideas what the issue might be and next steps to troubleshoot?
3 Replies
- 1P_Phil
Moderator
Hi matt-darwin ,
Thanks for your patience.
This may take us a bit of time to reproduce, but in the interim, have you considered Service Accounts for this task? They are a bit easier to do automations (skips the Okta Auth step). Both the CLI and the SDKs support Service Accounts depending on your needs.
https://developer.1password.com/docs/service-accounts
Thanks,
Phil - 1P_Phil
Moderator
Hi matt-darwin ,
Thanks for sharing you debug. I'm looking into this with the team and will try to get back to you in a few days to see if there is anything we can share to help.
Thanks! Phil
- matt-darwinNew Contributor
Thanks for looking Phil. I'll take a look at the Service Accounts, and raise with my internal admin team for 1Password (unfortunately I don't get access to create them directly).
But it would be good to understand what's causing this (it's intermittent - though seems to always work ok on the first login, and for a period of time after that - so maybe some kind of refresh token that expires and then isn't re-requested?) as I also use them for things like personal demo automation and so on where I need to use my personal creds.