op - Allow Access Modal prevents me from unlocking

iamnoah
iamnoah
Community Member
edited October 2022 in CLI

I have some scripts that pull an OTP via the op CLI tool. This results in an "Allow Access" modal which is good, but the modal tells me I need to unlock 1PW, while it blocks the 1PW UI, which is bad.

A second issue that makes it incredibly aggravating: the same application may attempt to lookup an OTP several times (e.g., overnight) so I will come back to many many modals that are demanding I allow access, but that can't be satisfied until I unlock by entering my password. I can't unlock until the modals go away! This can leave 1PW completely unusable for a few minutes while I close out all the modals.

Please coordinate this stuff. I should only have to allow access once per app in a day. If an app requests access while it has a request pending, don't create another modal! That's just lazy coding. And most of all, don't tell me I need to unlock while you are using a modal window that prevents me from unlocking. Modals are just lazy design, period. You don't need to prevent me from doing other things because you want an answer to a question.


1Password Version: 8
Extension Version: Not Provided
OS Version: mac
Browser:_ Not Provided

Comments

  • Hi @iamnoah , thanks for your feedback! I am having trouble reproducing your use case here. The modals you are talking about are biometric unlock modals right? You could check this by going to Preferences> Developer > CLI2 and see if Biometric Unlock is ticked. Usually this should ask for your fingerprint (if your device supports reading fingerprints, otherwise it falls back to manual input of the system password) and once unlocked it should unlock both your CLI and your desktop app. If you were to disable biometric unlock, then each command that would require authorisation through a modal in the past, would now fail telling you to sign in. Would this be a more desirable use case for you?

    All in all, even if we assume that the modal and 1Password desktop app do not go into this partial deadlock you described, the modal would have to appear for every command that spawns after 10 minutes since the last command executed, because this is the documented length of an auth session (when using biometric unlock, it is 30 minutes when biometric unlock is off). The only way you could overcome this is to use a Connect Server or wait for the release of our Service Accounts beta feature, which both allow for persistent authentication via environment variables.

    Hope this helps a bit and looking forwards to your answer,
    Andi

This discussion has been closed.