op signin my-team.1password.com gives "has never been signed into", even with a valid session token

I have signed into my Team using op signin my-team.1password.com $MY_EMAIL $ACCOUNT_KEY and have successfully been able to op get a password out.

That's a lot of details to provide just to sign in, so I don't want to do that every time.

op signin --help promises that, after doing that once, I can sign in using just the team name:

Note:
  When logged into an account at least once, you can then use this shorthand
  syntax thereafter:
    op signin [your-account-name]
  or:
    eval $(op signin [your-account-name])

But if I then try to sign in using that shorthand, I get an error:

> op signin my-team.1password.com
[LOG] 2018/03/29 09:45:57 (ERROR)
  Account my-team.1password.com has never been signed into on this device,
  run 'op signin --help' to learn how to sign into an account for the first time

(Note: I added newlines in the error message to make it easier to read here.)

And yet, I can then go and run an op command and successfully fetch more data, so I have not only logged in once, but I am still logged in.

If I knew what means it's using to determine whether the account has ever been signed in, I likely could baby it along, but there's no info on mechanism here, just policy, so I can't un-wedge it. Perhaps you can help?

Configuration

> sw_vers
ProductName:    Mac OS X
ProductVersion: 10.12.6
BuildVersion:   16G1212

> op --version
0.3

> fish --version
fish, version 2.7.1

> env | grep OP_SESSION_ | wc -l
       1

1Password Version: 1Password Version 6.8.8 (688001) Mac App Store
Extension Version: N/A
OS Version: 10.12.6
Sync Type: Teams

Comments

  • rickfillionrickfillion Junior Member

    Team Member

    Hi @jeremywsherman,

    Sorry that this hasn't worked quite as well as you'd expect. If I assume that your example commands there are truly representative of what you're using, then I think the problem is that your sign in address contains a hyphen. Try op signin my_team instead where you replace the hyphen with an underscore. You can also manually set the shorthand for the account in ~/.op/config.

    Let me us know how that goes.

    Rick

  • @rickfillion Thank you, that did it! I can see in there that it created the shorthand with an underscore, even though the team name has a hyphen. For bonus confusion, the example in the --help output actually includes hyphens in the meta-variable name (op signin [your-account-name]) and suggests that it should be identical to your account name (which can contain hyphens), so this definitely came out of left field!

    RFE: When a shorthand is not found, list out the available shorthands, like "Previously signed in accounts: this_one, that_one, another_one". I would have oopsied my way to a solution with that prompting.

    RFE: Support op signin without explicit account name by using the latest_signin info already stored in that config file.

    RFE: Create the config folder under XDG_CONFIG_HOME (defaults to .config/) rather than in a ~/.op/ directory directly in HOME.

  • rickfillionrickfillion Junior Member

    Team Member

    Good to see that did the trick. :)

    When a shorthand is not found, list out the available shorthands,

    You're right we need to do more to help there. Filed as issue 400.

    Support op signin without explicit account name by using the latest_signin info already stored in that config file.

    I like that idea. Filed as issue 401.

    Create the config folder under XDG_CONFIG_HOME (defaults to .config/) rather than in a ~/.op/ directory directly in HOME.

    Hrm... XDG_CONFIG_HOME appears to be a Linux thing. That explains why I hadn't heard of it. It'd be nice to listen to platform conventions. I've filed that as issue 402.

    Rick

  • Awesome! Fixing those will make it easier for me to teach others on my team to use the 1Password CLI.

    I'm actually using op on macOS, but XDG_CONFIG_HOME is a nice convention to make config easy to discover and share across machines:

    • Less clutter in $HOME
    • Only .config is hidden, not the actual config files, so you aren't stuck looking at Vim swp files and other hidden crud while just trying to find config things.
    • You can version the directory, and then it's easy to find new changes.

    It's also pretty widely adopted at this point by CLI tools. On my Mac now, my ~/.config/ has:

    > ls ~/.config
    Fritzing               hub                    local.camper_van.plist stream-adventure       yarn
    configstore            inkscape               newsbeuter             ttrss-tool
    fish                   keybase                ranger                 wireshark
    
  • rickfillionrickfillion Junior Member

    Team Member

    Thanks for the lesson. Learn something new every day. :)

    Rick

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file