A way to generate a 'Share Link' for items

hwilliamsoctopus commented 1 week ago

Use Case

Be able to programatically create a vault item, and generate a share link to this vault item with a set expiry, so this can be forwarded on to necessary parties without manual interaction through the 1password app.

Requirements and desired behavior

The items interface should expose an api to create_share_link which behaves almost identically to: https://developer.1password.com/docs/cli/reference/management-commands/item/#item-share

Additional information

No response

hculea commented 6 days ago

Hey @hwilliamsoctopus, thank you for your feature request! I think this would be a great addition for the SDKs.

To be able to log it in our internal tracker, can you give me a bit of context about your use-case, for using item sharing programatically?

Thanks!

hwilliamsoctopus commented 6 days ago

Sure thing @hculea!

So currently we have an onboarding platform which allows third parties to integrate with our product.

This platform has exclusive invite-only access, and when we create accounts for the third parties, a series of complex setup already needs to be done programmatically. This means that when one of our team members wants to create an invite, it is already done through a simple interface to hide the complexity and set things up correctly.

After the invite is created, we need to share with the third party a number of properties/credentials related to it so that they can get it set up. We also need to make some of these available to the wider team and therefore 1password is the ideal place for us to store these:

wider team members can view details specific to this account
we can share this link with the account holder

Therefore we already use the SDK now to save to 1password, however after using our interface, the person generating the link has to now:
- go to 1password app
- find it (amongst the numerous daily generated invites)
- create a share link which is set for a specific email to access for a set number of days.
- email the account owner
This last manual step is the bit I was hoping to to solve with this issue, meaning the interface could return the exact share link to be passed back to the 3rd party in an email immediately.

So as a rough flow our system is:

3rd Party wants Access
Team member triggers invite flow
Invite flow creates invite and associated properties
Properties are saved in 1password for tracking and wider team awareness
1password shared with 3rd party in an email with setup instructions and an expiry.

And it is the part between step 4-5 that would be solved here as it could be automated.

1Password / onepassword-sdk-python