Advanced URL matching?

124

Comments

  • julsssark
    julsssark
    Community Member

    +1. This is sorely needed for using 1Password in a corporate environment.

  • Thanks for your feedback, folks. We understand that this would be a valuable addition for you and have been working on it. We'll hope to have more to share with you soon!

  • kylepantall
    kylepantall
    Community Member

    +1 to this feature. For local development this would be really useful. Urls are unpredictable and prone to crazy transformations (1Password dev team know this) so allowing a more advanced matching algorithm is super useful.

  • sonicflight
    sonicflight
    Community Member

    I'm migrating from LP which has URL blocking, matching and advanced handling. I imagine there is some stuff on known sites going on under the hood but would like this very much in 1password.

  • kimballa
    kimballa
    Community Member

    I am a long-time LastPass user, but this latest vulnerability disclosure has me ready to switch to something else. My wife uses 1P, so I'm really trying to like it. But the fact that this feature is missing seriously gives me pause, for two reasons.

    First, because there are a number of places where I have separate accounts on app1.example.com, app2.example.com, and so on; and it's very cluttered to see all the different login suggestions at once. (Do none of the 1P devs live in California? Do you interact with the DMV, the FTB, and so on? I have four different accounts that match a host within ca.gov! God help you if you want to apply for a new job and have to create separate accounts at {every-company-ever}.myworkdayjobs.com.)

    And second, because this is basic UX that your users have been asking about for years. There's a lot of complexity you could engineer into a solution. But honestly, a checkbox for "match exact hostname" you could apply per-entry would probably handle 95% of the use-cases people here are asking about. If you're not even willing to add that affordance for usability, it says a lot about how much you actually value the user experience of your system.

  • 1passmatt
    1passmatt
    Community Member

    @PeterG_1P that's great to hear. My company uses servername.companyname.com/clientname with separate logins and passwords for each. I'd love to be able to separately store credentials for
    demo.acme.com/crateandbarrel &
    production.acme.com/crateandbarrel &
    production.acme.com/ashleyfurniture
    and I look forward to you releasing this feature!

  • PeterG_1P
    edited January 2023

    Hey folks, we have some happy news for you 😄

    An advanced domain matching feature has made it to our Nightly and Beta releases. If you're interested to try it now, you can do so! And for folks who would prefer to stay on the more tested Production release channel, we of course plan to bring this feature there as well, pending the requisite gauntlet of testing.

    If you'd like a sneak peek at what it looks like, one of our founders @roustem has posted a screenshot on Twitter.

    Thanks for letting us know that this was an important one. We're excited to bring this to you!

  • Bobtb
    Bobtb
    Community Member

    Good to see this is finally getting worked on!
    I'm testing it in the beta build now and I have 2 improvement suggestions for it so far:
    1) When selecting "Only fill on this exact domain", I don't see the port as part of the match. Since it's quite common (for me) to have multiple services on a single server, having the format <host.domain.net:8442> would be really welcome.
    2) Would it be possible to match the complete URI as another option? So including the full path after the host(:port)/ part?

    Besides that though, this change is already a huge improvement. Thanks for listening to your customers!

  • TravelSD
    TravelSD
    Community Member

    I turned on Improved Autofill Suggestions, and found two issues when using with my Synology which has several services on the same IP but different port numbers:

    1. Autofill suggestions contain two entries that are in my "archive". Seems like a bug.
    2. Autofill has a duplicate entry for the 'right' items (and that item is only in my 1P once)
  • DenalB
    DenalB
    Community Member

    Hey @TravelSD !

    Your findings are already known. Devs are working on a fix for this. 😉
    https://1password.community/discussion/comment/667451/#Comment_667451

  • ArturV
    ArturV
    Community Member
    edited February 2023

    Adding +1 to @Bobtb comment. Our company uses Amazon Cognito functionality and it would be really useful to be able to use more than just a full domain match - include other part of the url.

    For example, url of the login page is https://companyname.auth.us-east-1.amazoncognito.com/login?client_id=CLIENT_ID_A&redirect_uri=https...
    there are several apps and their respective login pages can be uniquely identified by specifying CLIENT_ID_A, CLIENT_ID_B etc

    Thanks!

  • tomstock
    tomstock
    Community Member

    Glad to see this being worked on, I installed the Beta, and I am loving what I am seeing. I would like to see RegEx support for advanced URL processing.

    Can we also have icons next to the websites, that have a custom config, so that we know that some websites are excluded or not?

  • tomstock
    tomstock
    Community Member
    edited February 2023

    An example for requiring Regex:

    I have 14 servers in one of our test environments, each serving their own web applications.
    The following regex would account for all of them:
    https://regex101.com/r/0YvvLF/1

    Only these urls should have a particular password display:
    https://apps-xe1-test.its.domain.edu/
    https://apps-xe2-test.its.domain.edu/
    https://apps-xe3-test.its.domain.edu/

    With what is in the Beta channel, I would need to enter every URL for the respective password.

  • tomstock
    tomstock
    Community Member

    I'm also curious how stacked URL lists would work. Does the URL matching go until the first match, and then end?

    I have www.university.edu as the first item on the list, with "Fill anywhere on this website". After this, I have passwordstate.it.university.edu set to "Never Fill for this website", and 1Password is filling on the website. So it doesn't appear to evaluate all of the rules, just the first rule that matches.

  • filmjbrandon
    filmjbrandon
    Community Member

    Will this be made available in the CLI?

    Coming from LP, all my passwords would need to use the new custom Autofill behavior, and manually setting each out would be very painful. If not CLI, is there another way to bulk edit?

  • nukmicah
    nukmicah
    Community Member

    I have www.university.edu as the first item on the list, with "Fill anywhere on this website". After this, I have passwordstate.it.university.edu set to "Never Fill for this website", and 1Password is filling on the website. So it doesn't appear to evaluate all of the rules, just the first rule that matches.

    Yes I have the same issue. I have three logins for various sites accessible at my work website. In general, I want all three to appear for anything with mycompany.com in it. BUT there are a few domains where only one of the logins will work, so I'd like to block the two extra logins from appearing there.

    So at shop.mycompany.com, inside.mycompany.com, hr.mycompany.com, etc., all three logins should appear. But at sso.mycompany.com, only one of the logins should appear.

    I tried adding "Never fill on this website" with sso.mycompany.com to the two logins which shouldn't appear, but they still appear.

  • zackpyle
    zackpyle
    Community Member
    edited April 2023

    @PeterG_1P This advanced autofill behavior is great but I'm still missing a bit of functionality here. I'm sure this has been said before in this forum, but here is my vote for a global rules for this. In Lastpass, in the global settings, there is a list of domains that you can set it to "exact host match"

    Here's the use case on my end. I'm a web developer and one of the hosting companies I use is WP Engine. All of the staging sites are *.wpengine.com and I have unique passwords for each domain. So every time I add a domain with a new password, I have to go into 1password and mark it. If we had global settings, I could say all wpengine.com domains require exact host match.

  • PeterG_1P
    edited April 2023

    Hi @zackpyle, thanks for the thoughtful feedback here. We'll get this to our Product team post-haste, and if any additional detail is required I'll be back to chat a bit more. Thanks for the documentation reference as well!

    ref: PB-32487763

  • jon123
    jon123
    Community Member

    Just wanted to add my +1 for @Bobtb 's note. I have to access multiple applications on the same domain that have different logins, ie. domain.com/app1, domain.com/app2, etc. The new url matching is a great addition, it just needs one more push.

  • FredericC
    FredericC
    Community Member

    +1
    I'm also using www.domain/site1 www.domain/site2 or multiple localhosts… and there is still no way to limit login suggestions to this cases.

  • Dragonbait
    Dragonbait
    Community Member
    edited June 2023

    Any update on this? The issue we have as a business is the software our customers are using uses a fixed domain, then an identifier that changes depending on the server they connected to, and then a fixed code for the client:
    https://mysoftwareservice.com/temporaryID/CustomersPermanentID
    https://mysoftwareservice.com/web110/9092c5ebdc3bb4196b295fce2651e28c6
    so we really need to be able to either be able to just search on CustomersPermanentID (eg 909335ebdc3f4196b295fce2651e28c6)
    or be able to add wildcards (https://mysoftwareservice.com/*/9092c5ebdc3bbf4196b295fce2651e28c6) and have it look at the whole string and not just the domain name.
    That said just being able to limit the search to the whole string would be better than now where we have hundreds of matches even if we enter the entire string.

  • Hey @jon123:

    I'm also using www.domain/site1 www.domain/site2 or multiple localhosts… and there is still no way to limit login suggestions to this cases.

    As an additional match option, would something like "Only fill on this exact address" help you with this use case?

  • jon123
    jon123
    Community Member

    Hey @Mitch

    Not sure if you referenced the wrong person when you quoted, but I'll respond anyway :)

    would something like "Only fill on this exact address" help you with this use case?

    This would definitely be an improvement.

    My concern is that when clicking into these, sometimes it's not to an exact address, some examples:

    • domain.com/app1/functiona/view/242
    • domain.com/app5/idk/what/this/is
    • domainx.local/what/ev/er
    • domaina.local/newfeaturex

    So it needs to be something like a substring or pattern match, even if it's just a wildcard?

    Website
    domain.com/app1/*
    [x] Strict (* wildcard allowed)

  • TravelSD
    TravelSD
    Community Member
    edited July 2023

    I have an issue with 1Password "exact" matching. I have an application (Home assistant) that opens different iFrames that contain a web login to other services that already exist with their full URL in 1password (e.g https://grafana.mydomain.com). These iFrames have unique /xxx addresses but the FQDN and port are all the same.

    1Password is unable to distinguish between the /xxx in the URL. So on each of the web pages below 1password shows a list of credentials for grafana, proxmox, and home assistant itself. Ideally each unique URL would only show ONE set of credentials.

    https://ha.mydomain.com:8123/grafana
    https://ha.mydomain.com:8123/proxmox1
    https://ha.mydomain.com:8123

  • lejc
    lejc
    Community Member

    @Mitch

    As an additional match option, would something like "Only fill on this exact address" help you with this use case?

    Just joined to comment. I'm currently evaluating 1password as a replacement for Bitwarden, since the linux support looks to be a bit better.

    Pattern matching would be great. Also, the option "Only fill for this exact domain" should also cover the port number in my mind. A bit similar to the way Bitwarden handles the "Host" option.

    Maybe match beginning, for example if I have an address in 1password that is https://domain.com/service1, it would also match https://domain.com/serve1?anything-that-goes-after.
    But it wouldn't match https://domain.com/serve2.
    That way, we could simply edit the address to cut out the part we don't need and it would be much simpler than regex.

  • XIII
    XIII
    Community Member

    Pattern matching would be great.

    Indeed.

    (Regular expressions for power users?!)

  • ag_tommy
    edited August 2023

    Thanks folks. I've let the product team know you'd like to see another option such as pattern matching.

    ref: PB-34952504

  • leecybellum
    leecybellum
    Community Member

    I want to add another usecase fir such a feature

    test environments that are being generated on the fly - they are all being generated with the same credentials, accessible on a temporary domain/ip
    the credentials are shared across the organization and are periodically changed
    the test environments are being switched over on a daily basis
    so using 1password for them is a bit of an hack (you have to go through copy and paste instead of let 1password fill them in)

  • RickardE
    RickardE
    Community Member

    I am really waiting on the feature where you can include a part of the path in the URL matching. Right now I have to scroll through tons of suggestions:
    mydomain.com/customer_A/login
    mydomain.com/customer_B/login
    mydomain.com/customer_C/login