op forget and op signout --forget don't seem to actually forget

zcutlip
zcutlip
Community Member

Maybe I'm getting mixed up on what "forget" is or how to use it, but I can't actually get it to forget my account details.

If I've signed in like:

op signin <account address> <account email> --shorthand foobar

Then when I try to forget the account, I'm told I should sign out first:

❱ op forget foobar
[ERROR] 2020/06/05 12:43:30 You are currently logged in to the account you are trying to forget. Use `op signout --account foobar --forget` instead.

If I do the command suggested, I get no output, and successful exit status. But then a subsequent "forget" tells me I'm still signed in:

❱ op signout --account foobar --forget
❱ op forget foobar
[ERROR] 2020/06/05 12:47:52 You are currently logged in to the account you are trying to forget. Use `op signout --account foobar --forget` instead.

Same if I just do op signout followed by op forget; I'm told I'm still signed in.

In any case no amount of signing out and forgetting makes my account details disappear from ~/.op/config.

Thanks!
Zach

Comments

  • SvenS1P
    edited June 2020

    Hey @zcutlip, just a small change is needed to the commands you're running. op signin returns a script that your shell needs to run to set the environment variable with your session token. You can see the command you need to run on your system when using op signin as you've done. For example, if you're using bash then you'll need to run this command to sign-in:

    eval $(op signin foobar)
    

    If you'd prefer to handle the storage of the session token yourself (for example, if you're calling op from a script), you can use this command to get the session token only without the script to set the environment variable:

    op signin <account address> --raw
    

    Then when you later want to run a command that needs authentication, you can use --session <token>. For example:

    op list vaults --session <token>
    
  • zcutlip
    zcutlip
    Community Member
    edited June 2020

    Yes, I stand corrected, I forgot to set the session key. Once I do that, then:

    op signout --account <account> --forget
    

    ...does in fact work as expected:

    ❱ cat ~/.op/config
    {
        "latest_signin": "",
        "accounts": []
    }
    

    But can someone walk me through a use of the plain "forget" command (as opposed to the --forget argument to signout): op forget? I can't seem to get that to work in any case. It always tells me I'm signed in even if I'm not.

  • felix_1p
    felix_1p
    1Password Alumni

    But can someone walk me through a use of the plain "forget" command (as opposed to the --forget argument to signout): op forget? I can't seem to get that to work in any case. It always tells me I'm signed in even if I'm not.

    This is very strange indeed. Running op forget on an account that I definitely haven't logged into in a while worked. But we also recently changed something about session files and I wonder whether op forget was accidentally affected by this. I will do some more digging and report back.

  • zcutlip
    zcutlip
    Community Member

    I will do some more digging and report back.

    Awesome; thank you. Let me know if I can share any console output or other diagnostic artifacts.

    Cheers,
    Zach

  • adinin
    adinin
    Community Member

    Hi, I've encountered the same problem.

    It seems that op signout --account foobar --forget does not actually "forget" in case $OP_SESSION_foobar is not set.

    You should be able to op signout --account foobar --forget and op forget foobar without having $OP_SESSION_foobar set.

  • felix_1p
    felix_1p
    1Password Alumni

    @adinin op signout only works when you have an existing session. And unless you are specifying a session token via --session, an existing session is found by looking for an environment variable. So in your above example it would be expected that op signout fails, not matter the arguments you pass to it. There is an argument to be made that adding --forget could still remove the account from the config, but that's really what op forget is for.

    I'm not able to reproduce the issue regarding op forget <account> not working, in any "normal" scenario.

    At this point I have to assume that there is in fact an existing running session for that account, which is why op forget would error. It is possible to have multiple sessions open at the same time for a single account. op forget will only work if there is no such session open even if there are sessions that are not used anymore (but have not expired yet).

    I'm happy to look more into there are indeed other reasons that cause this issue, but I would need more information about how to reach that state.

This discussion has been closed.