[Feature] Restrict access to shared links using email auth

[itskagee]

I have searched the existing feature requests to make sure this is not a duplicate request.

• Yes

The feature

Hi,

Currently, the process of restricting public access to shared albums is via a password.
I was wondering, would it be possible to implement access restrictions using email authorization?

So the current process goes something like this:

• Me and my friends go on a trip.
• I don't want my friends to be users on my Immich instance, so I create a shared album for all of us to combine our photos in.
• Since I don't want this without some type of authentication, I put a password on it.
• I share the link and the password, and we all put our shared photos in.

Now, sometime later, my friends could want to view the photos of our trip again, and they would either have to dig the password out of the chats, or ask me what it was.

This could get unwieldy real fast with lots of shared albums, among other things (requirement of manual intervention, possibility of link and password being seen / accessed by malicious actors etc).

If there was a way for me to restrict the shared link to specific email addresses, and only those email addresses could log in via their email provider and gain access to the album, then this would solve this problem in my opinion.

The new flow would probably go something like this:

• I create a shared album and specify which email addresses should be able to access it.
• I send the link to my friends, and they see a 'Login using your email provider' button (e.g. Login using Google, Login using Apple etc).
• Once they log in, and the authorization is successful, they proceed with the upload / view,
• If their email was not in the allow list, they see an access denied message.

Is something like this already possible in the current implementation?
And if not, does it sound good / feasible enough to be implemented?

Platform

• Server
• Web
• Mobile

[vishwa5854]

I want this exact feature too. But I think it is very complicated to have an allow list without having users on your server.
For Google Photos this is very simple since they just have one server with all the users and most people have a google account.

[itskagee]

Yeah I agree. This integration wouldn't be the most seamless now that I think about it.

Another way I was thinking of how this could be approached was, that these users could become a special subset of users on immich which only have access to specific albums which were shared with them.

These users won't have access to their private immich space, just the shared albums. That way, they can login, view, upload and download to those specific albums (as permitted), but since they won't have access to all immich capabilities, they won't be able to upload media in their private space.

[vishwa5854]

If I can have a user with very less storage allocated like 1Gb, I am okay with creating users I guess
One potential flow I thought of is

1. I share the URL with someone
2. They try to open it but ends up on a page that asks to login with google (since most of my friends have google accounts)
3. Once logged in they are presented with a page that says request access for this album
4. Once I approve access they can access the album

This assumes that your OAuth config allows auto signup with 1gb limit option set. But again this is not ideal similar to password sharing scenario

[bo0tzz]

with very less storage allocated like 1Gb

You can, there's a quota setting for users and you can also set that from an oauth claim.

[vishwa5854]

But once they sign up and get redirected, they don't land on the original album they were trying to see and even if they manually put the URL of the album they don't see an option to request for access.

Maybe in the oauth callback we can add the link that the user was trying to access as the redirect URI for the first problem, but for request access we need to develop a new page/workflow I guess

[itskagee]

The problem with setting a storage limit is that there is no way to ensure what size the uploaded media would be from those users into a shared album. If it is more than 1gb, then their uploads would fail (unless I'm wrong? Are shared album uploads counted using the user's quota or the owner's?).

I made this comment above:

Yeah I agree. This integration wouldn't be the most seamless now that I think about it.

Another way I was thinking of how this could be approached was, that these users could become a special subset of users on immich which only have access to specific albums which were shared with them.

These users won't have access to their private immich space, just the shared albums. That way, they can login, view, upload and download to those specific albums (as permitted), but since they won't have access to all immich capabilities, they won't be able to upload media in their private space.

In my opinion, with this, we could do unlimited quota for shared albums upload like it is now, while getting the capability we want.

However, if the shared album's quota is deducted from the owner's limit, then this point is moot and the only remaining hurdle would be what vishwa mentioned above.

[smailpouri]

I agree the current implementation is a bit limiting.

Friends and family keeps asking me for the link and the password all the time.

They can't even download the Immich app and access the link from the app.

If they add the bookmark to the home screen from Safari for easy access, It links to the main domain, not the shared link.