"error initializing client" with multiple CLI calls

nate886
nate886
Community Member

I've written a PowerShell script to grab credentials from 1Password for authenticating with a service. The script has been working great for months, but recently started throwing errors. I think I've isolated it to some sort of race condition.

Here's the simplest version of the script that consistently replicates the issue with some minor redactions:

$1p_item = '[ITEM UID - REDACTED]'
$1p_cli_exe = 'C:\some\path\here\op.exe'

Write-Output "Grabbing login info from 1Password..."

Write-Output "Username:"
$1p_item_username = & "$1p_cli_exe" read op://myVault/$1p_item/username
Write-Output $1p_item_username

Write-Output "Password:"
$1p_item_password = & "$1p_cli_exe" read op://myVault/$1p_item/password
Write-Output $1p_item_password

Write-Output "Done"
Start-Sleep -Seconds 60

Output:

Grabbing login info from 1Password...
Username:
[MY USERNAME - REDACTED]
Password:
[ERROR] 2023/04/03 12:48:39 could not read secret op://myVault/[ITEM UID - REDACTED]/password: error initializing client: connecting to desktop app: cannot connect to 1Password app, make sure it is running
Done

I'm getting prompted to authenticate via Windows Hello and you can see it's successfully grabbing the username, so the error doesn't make any sense to me. Annoyingly, it's inconsistent, but does seem to get worse as more calls to read info from 1Password are made.

It could be changes to PowerShell or something in the Windows 11 22H2 update, but I haven't managed to find anything.

Has anyone else encountered this? I'm open to suggestions on how to restructure the script if there's a better way to accomplish the same thing.

I would use the CLI inject option instead, but I need an OTP (not included in the code sample above). Also worth noting, I'm unable to alter my machine's PATH variable, which is why I'm calling the executable with a hard coded path.


1Password Version: 1Password for Windows 8.10.3 (81003012)
Extension Version: CLI v. 2.16.1
OS Version: Windows 11 22H2
Browser:_ N/A

Comments

  • nate886
    nate886
    Community Member

    I upgraded to CLI 2.17.0 and still see the error/problem pretty consistently. I added a 1-second sleep in between the lookups and that seems to a reasonable workaround for now, though far from ideal.

  • Hey @nate886 , thank you for bringing this to our attention!

    I am going to escalate this with my team and look into possible solutions.
    For now, I'm going to open an internal ticket in our tracking system, and we'll let you know about any developments around this.

    Thank you for your patience, and please do let us know if we can help with anything else in the meantime!

    Best,
    Horia

  • nate886
    nate886
    Community Member

    @Horia.Culea_1P - I've since upgraded to CLI 2.18.0 and 1P Windows 8.10.6. I reverted the sleep workaround this morning and I'm not seeing the race condition anymore.

    I am, however, seeing a similar problem earlier in the flow. After 1Password has been untouched for some time (unclear if it's my computer getting locked/sleeping, if it's the Auto-Lock timeout in the app, or something else), the script fails to connect to the app. I have to launch the app first, and when I do, it is not "hard locked" - meaning I am able to use Windows Hello to authenticate. Once opened, the script will run as expected. To be clear - this isn't a "cold start" problem - the 1Password app is running in the background (I can see it in my system tray).

    Happy to send over logs, hop on a Teams call with someone, or anything else that might be helpful for the team.

  • nate886
    nate886
    Community Member
    edited May 2023

    @Horia.Culea_1P - A few updates / corrections to what I said last week:

    1- The error seems to occur any time my computer has been locked. Notably, I don't need to launch the app to get it working again. Running and failing once seems to be enough to "wake it up" for the second attempt. Also, the error under these conditions is slightly different than the one I originally reported:

    [ERROR] 2023/05/30 09:15:58 could not read secret op://myVault/[ITEM UID - REDACTED]/username: error initializing client: RequestDelegatedSession: received unexpected response from 1Password app. Please make sure 1Password CLI and the 1Password app are up-to-date.

    2- I need to retract my statement about the race condition. I am spuriously seeing that again, usually on the third call.

  • tristan957
    tristan957
    Community Member

    I am seeing the same issue on Fedora 38 and can reproduce it 100% of the time. The following operation is from an op read.

    12:35AM | DEBUG | Session delegation enabled
    12:35AM | DEBUG | NM request: NmRequestAccounts
    12:35AM | DEBUG | NM response: Success
    12:35AM | DEBUG | NM request: NmRequestAccounts
    12:35AM | DEBUG | NM response: Success
    12:35AM | DEBUG | account not signed in, filter= latest_signin_user=SYSNYVFBMRB57IQYUFNLKSHSDM
    12:35AM | DEBUG | NM request: NmRequestAccounts
    12:35AM | DEBUG | NM response: Success
    12:35AM | DEBUG | NM request: NmRequestAuthorization
    12:35AM | DEBUG | NM response: Success
    12:35AM | DEBUG | NM request: NmRequestAccounts
    12:35AM | DEBUG | NM response: Success
    12:35AM | DEBUG | NM request: NmRequestDelegatedSession
    12:35AM | DEBUG | NM response: Notification
    12:35AM | WARN | Cannot unmarshal into NmhResponse: unexpected end of JSON input
    [ERROR] 2023/06/07 00:35:26 could not read secret op://Private/aerc/password: error initializing client: RequestDelegatedSession: received unexpected response from 1Password app. Please make sure 1Password CLI and the 1Password app are up-to-date.
    
  • nate886
    nate886
    Community Member

    Unchanged with the Windows Desktop app v. 8.10.7.

  • msxtj
    msxtj
    Community Member

    Any news on this issue?

    Using latest: CLI 2.18.0 (build #2180001)
    1P-W: 1Password for Windows 8.10.7 (81007041)

  • rpaulson
    rpaulson
    Community Member
    edited December 2023

    Same Problem here with 1Password 8.10.20 (81020036) on macOS Mojave 12.7.1.

    If I first unlock 1Password "op read" works fine. Whenever I use "op read" in a new terminal window while 1Password is locked, I always get "error initializing client: authorization timeout" after successfully unlocking 1Password via the authorisation pop-up. The next CLI call works fine as 1Password is still unlocked.

This discussion has been closed.