[Feature]: Externally shared album to non-users (collaborative / non-collaborative) #112

New Issue

Closed

opened 2026-02-04 17:43:06 +03:00 by OVERLORD · 13 comments

OVERLORD commented 2026-02-04 17:43:06 +03:00

Owner

Copy Link

Originally created by @hugo-laestander on GitHub (Jun 25, 2022).

Originally assigned to: @alextran1502 on GitHub.

Feature detail

Often when a group of friends has done something together, they will have taken photos that the other people in the group would like to have. People want a quick and easy way to share the photos (without destroying the quality).

I think this would be a great feature for Immich to have, and as I see it, two options could be had:

1. a combined shared album where everyone can contribute (collaborative),
2. an album for only viewing and download (non-collaborative)

This might be the only shared album they will ever have access to. And neither me nor they want to make an account.

Therefore, I think it would be very good if they did not have to make accounts. The shared album could be done with a link and optionally a password.

Platform

Web

Originally created by @hugo-laestander on GitHub (Jun 25, 2022). Originally assigned to: @alextran1502 on GitHub. ### Feature detail Often when a group of friends has done something together, they will have taken photos that the other people in the group would like to have. People want a quick and easy way to share the photos (without destroying the quality). I think this would be a great feature for Immich to have, and as I see it, two options could be had: 1. a combined shared album where everyone can contribute (collaborative), 2. an album for only viewing and download (non-collaborative) This might be the only shared album they will ever have access to. And neither me nor they want to make an account. Therefore, I think it would be very good if they did not have to make accounts. The shared album could be done with a link and optionally a password. ### Platform Web

OVERLORD closed this issue 2026-02-04 17:43:08 +03:00

OVERLORD commented 2026-02-04 17:43:20 +03:00

Author

Owner

Copy Link

@alextran1502 commented on GitHub (Jun 25, 2022):

I think the album feature on the mobile app is serving what you are looking for, correct?

If so, it is just not being implemented on the web yet but the plan is in place.

@alextran1502 commented on GitHub (Jun 25, 2022): I think the album feature on the mobile app is serving what you are looking for, correct? If so, it is just not being implemented on the web yet but the plan is in place.

OVERLORD commented 2026-02-04 17:43:33 +03:00

Author

Owner

Copy Link

@alextran1502 commented on GitHub (Jun 25, 2022):

Ah I apologize, I misread the title. This is to share the album externally.

@alextran1502 commented on GitHub (Jun 25, 2022): Ah I apologize, I misread the title. This is to share the album externally.

OVERLORD commented 2026-02-04 17:43:38 +03:00

Author

Owner

Copy Link

@bo0tzz commented on GitHub (Jul 5, 2022):

On this feature, it might be nice if sharing links could be set to expire after a certain time, and to have a button to expire/revoke them manually.

@bo0tzz commented on GitHub (Jul 5, 2022): On this feature, it might be nice if sharing links could be set to expire after a certain time, and to have a button to expire/revoke them manually.

OVERLORD commented 2026-02-04 17:43:46 +03:00

Author

Owner

Copy Link

@danielyrovas commented on GitHub (Jul 30, 2022):

Also would love this feature. One less thing to use slow and clunky Nextcloud for.

@danielyrovas commented on GitHub (Jul 30, 2022): Also would love this feature. One less thing to use slow and clunky Nextcloud for.

OVERLORD commented 2026-02-04 17:44:02 +03:00

Author

Owner

Copy Link

@axgd-code commented on GitHub (Aug 12, 2022):

This could be a killer feature!

@axgd-code commented on GitHub (Aug 12, 2022): This could be a killer feature!

OVERLORD commented 2026-02-04 17:44:14 +03:00

Author

Owner

Copy Link

@matthinc commented on GitHub (Aug 13, 2022):

I really like the idea. We just briefly discussed this topic and decided to start by collecting requirements that will help us to choose an appropriate architecture as this feature will require major changes to Immich.
Please feel free to share your ideas as well, I will add them to the list.

• As a logged in user, I want to share albums with users that don't have their own account.
• As a logged in user, I want to set an expiration date to publicly shared albums
• As the owner of a shared album, I want to add password protection to publicly shared albums to protect them from unintended access
• As an external user viewing a publicly shared album, I want to upload my own assets to the album
• As the owner of a shared album I want to revoke public access from shared albums
• As an external user, I want to download assets from shared albums
• As a logged in user, I want to track activity on my shared albums
• As the owner of a shared album, I want to create multiple sharing links with different expiration dates
• As the owner of a shared album, I want to review assets that were uploaded by external users before they appear publicly
• As the owner of a shared album, I want to control the permissions of external users on this album (uploading, viewing, deleting)
• As an external user, I want to be able to view a shared album on my mobile devices (responsive design)

As a first source of inspiration, I added a screenshot below that shows the sharing menu of a Nextcloud instance. I think they executed it rather well.

@matthinc commented on GitHub (Aug 13, 2022): I really like the idea. We just briefly discussed this topic and decided to start by collecting requirements that will help us to choose an appropriate architecture as this feature will require major changes to Immich. Please feel free to share your ideas as well, I will add them to the list. - **As a logged in user, I want to share albums with users that don't have their own account.** - **As a logged in user, I want to set an expiration date to publicly shared albums** - As the owner of a shared album, I want to add password protection to publicly shared albums to protect them from unintended access - As an external user viewing a publicly shared album, I want to upload my own assets to the album - **As the owner of a shared album I want to revoke public access from shared albums** - **As an external user, I want to download assets from shared albums** - As a logged in user, I want to track activity on my shared albums - As the owner of a shared album, I want to create multiple sharing links with different expiration dates - As the owner of a shared album, I want to review assets that were uploaded by external users before they appear publicly - As the owner of a shared album, I want to control the permissions of external users on this album (uploading, viewing, deleting) - As an external user, I want to be able to view a shared album on my mobile devices (responsive design) As a first source of inspiration, I added a screenshot below that shows the sharing menu of a Nextcloud instance. I think they executed it rather well. 

OVERLORD commented 2026-02-04 17:44:18 +03:00

Author

Owner

Copy Link

@axgd-code commented on GitHub (Sep 7, 2022):

Another way to allow people to add some pictures is a public page just for the upload.
I prefer the implementation of Nextcloud because you specify the sharing in the album but I think that Synology's way is easier to manage : you have a datagrid of all "sharing links".

@axgd-code commented on GitHub (Sep 7, 2022): Another way to allow people to add some pictures is a public page just for the upload. I prefer the implementation of Nextcloud because you specify the sharing in the album but I think that Synology's way is easier to manage : you have a datagrid of all "sharing links".    

OVERLORD commented 2026-02-04 17:44:23 +03:00

Author

Owner

Copy Link

@puregreen59 commented on GitHub (Sep 13, 2022):

agreed! would Love this

@puregreen59 commented on GitHub (Sep 13, 2022): agreed! would Love this

OVERLORD commented 2026-02-04 17:44:28 +03:00

Author

Owner

Copy Link

@jrasm91 commented on GitHub (Nov 4, 2022):

I'll just add that the google photos sharing solution works well for me, and doesn't seem overly complicated.

1. Share urls are long random strings, and don't require passwords. I'm not sure exactly what pros/cons there are to this vs passwords, but it is easier to share IMO.

2. Users can view without an account, but adding assets requires logging in.

I'm on board for multiple, expirable links too though.

@jrasm91 commented on GitHub (Nov 4, 2022): I'll just add that the google photos sharing solution works well for me, and doesn't seem overly complicated. 1. Share urls are long random strings, and don't require passwords. I'm not sure exactly what pros/cons there are to this vs passwords, but it is easier to share IMO. 2. Users can view without an account, but adding assets requires logging in. I'm on board for multiple, expirable links too though.

OVERLORD commented 2026-02-04 17:44:32 +03:00

Author

Owner

Copy Link

@bmachek commented on GitHub (Dec 25, 2022):

+1

@bmachek commented on GitHub (Dec 25, 2022): +1

OVERLORD commented 2026-02-04 17:44:50 +03:00

Author

Owner

Copy Link

@Cat-Ion commented on GitHub (Dec 28, 2022):

If possible, I would also love to have public shares of singular images, without having to create an album first. Should I create a separate issue for that?

@Cat-Ion commented on GitHub (Dec 28, 2022): If possible, I would also love to have public shares of singular images, without having to create an album first. Should I create a separate issue for that?

OVERLORD commented 2026-02-04 17:44:53 +03:00

Author

Owner

Copy Link

@Mortein commented on GitHub (Jan 7, 2023):

Can there be a separate password/secret from the album/asset being shared? The secret doesn't need to be customisable, just something random that isn't easily brute forceable which isn't related to the album.

Using just an identifier as a public share link is security through obscurity, and it scares me. Google does it wrong for both YouTube (unlisted videos) and Google Photos (share with link). The UUID RFC recommends against it, too.

Something like: /share/[asset-id]/[secret]

Only when both the asset identifier (photo/video/album/whatever) and secret are correct should the user gain access, in all other cases they should be told something generic (otherwise they know the ID is in use).

@Mortein commented on GitHub (Jan 7, 2023): Can there be a separate password/secret from the album/asset being shared? The secret doesn't need to be customisable, just something random that isn't easily brute forceable which isn't related to the album. Using just an identifier as a public share link is security through obscurity, and it scares me. Google does it wrong for both YouTube (unlisted videos) and Google Photos (share with link). The UUID RFC [recommends against it](https://www.rfc-editor.org/rfc/rfc4122#section-6), too. Something like: `/share/[asset-id]/[secret]` Only when both the asset identifier (photo/video/album/whatever) and secret are correct should the user gain access, in all other cases they should be told something generic (otherwise they know the ID is in use).

OVERLORD commented 2026-02-04 17:44:59 +03:00

Author

Owner

Copy Link

@jrasm91 commented on GitHub (Jan 7, 2023):

Alex has started working on this and we aren't using a uuid in the url but randomly generated bytes using node's crypto library.

The url looks like this: /share/[secret]. If the secret is secure (not guessable through brute force) then we should be good from a security perspective.

The secret only grants access to a specific list of assets or album.

@jrasm91 commented on GitHub (Jan 7, 2023): Alex has started working on this and we aren't using a uuid in the url but randomly generated bytes using node's crypto library. The url looks like this: /share/[secret]. If the secret is secure (not guessable through brute force) then we should be good from a security perspective. The secret only grants access to a specific list of assets or album.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/asset-file-apis

chore/translations

fix/web-switch-label-clickable

fix/web-people-hidden-state

renovate/typescript-projects

release/next

fix/timezones

fix/time-zone-upserts

midzelis/wip

push-zpwsovysllvn

push-nwxlpmyzkyrl

push-nvnkszuqwppm

renovate/github-actions

push-smstsuupsowp

refactor/adaptive_image

push-olwpzvrxnomt

push-lmxsupnmxspl

renovate/machine-learning

feat/web-chromecast-video-looping

feat/use-native-clients

renovate/flutter

fix/create-face-edited

fix/mobile-ios-mtls

docs/contributing

docs/mise-mobile

renovate/grafana-monorepo

feature/bottom-buttons-order

feat/immich-mobile-ui-showcase

refactor/consolidate-image-requests

renovate/connectivity_plus-7.x

renovate/major-vitest-monorepo

renovate/pypi-python-multipart-vulnerability

fix/mobile-people-query

sqlite_thumbs

feat/html-text

chore/no-macro-validation

refactor/purchase-store

uhthomas/mobile-fix-app-bar-fade

uhthomas/mobile-fix-asset-jump

feat/pano-ocr

feat/shared-link-login

fix/database-backup-db-names

fix-keep-correct-ios-shared-album-asset

fix-memory-generation-and-display

feat/verify-permissions

refactor/album-service-small-tests

fix/ml-rocm-build

fix/flipped-dimensions-mobile

push-vpxwmwwxwnvw

fix-migration-width-height

refactor/more-queries

revert/prettier-translations

refactor/asset-service-queries

fix/locale-settings-desc

chore/add-debug-log

feat/edit-filters

shared-deep-link-handler

feat/mobile-editing

feat/thumbnail-native-clients

feat/platform-clients

feat/integrity-checks-izzy

fix/foreground-cloud-sync

feat/dynamic-layout

filter-by-person

feat/csp

refactor/sidebar

fix/disable-editing

fix/view-timeline-deeplink

image-zoom-on-slow-connection

fix-consider-dar-for-video-dimension

fix/merged-edited-assets

perf/optimize-album-sort

open-api-fix

feat/create-job-with-dto

use-toast-primary

feat/vitest-4

feat/ios-fastlane-match

match-signing

fix-update-time-update-timeline

chore/translation-keys

feat/modal-routes

feat/panorama-tiles

feature/mobile-view-asset-owner

feat/system-settings

feature/show-activity-count

better-info-in-asset-viewer

fix/all-people-count

feat/location-favorites

feature/rearrange-buttons-2

fix/download-storage-template

feat/kb-shortcuts-mobile

fix/people-count

push-qolzzzzxrvvn

chore/originals-in-asset-files

feat/asset-size-columns

ben/tree-a11y

new-search-filter-ui

refactor/expectSelectedReadonly

refactor/mobile-grdb

push-qvuktpxmkknu

feat/mobile-native-local-sync

refactor/timeline_ops

fix/scrubber_end

feat/version.txt

feat/context-menus

feat/server-chunked-uploads

refactor/virtualsegment

refactor/rename_daymonth_groups

fix/restrict-android-bg-worker

feat/android-periodic-worker

fix-remote-sync-clean-up

refactor/timeline_move_ops

renovate/mapbox-mapbox-gl-rtl-text-0.x

fix/timeline_split_selectable

feat/keyboard_actions_help_modal

feat/static_frontend

feat/notification-warnign-android

feat/plugins2

feat/plugins

test/create-workflow-token-action

fix/docs-force

debug/search-result-similarity

debug/cf-chunked-uploads

feat/eslint_rule

feat/search-filter-album/web

refactor/timeline_photostream

refactor/timelineasset_asset

feat/session-permissions

feat/timeline_photostream_assetnav

feat/timeline_minor_optimize

feat/timeline_perf_nocomp

feat/timeline_search_results_actions

feat/timeline_search_results_page

fix/timeline_padding

fix/timeline_search_reactivity_warnings

feat/timeline_scrollbar

feat/timeline_stream_withviewer

fix/timeline_back_forth_nav

refactor/timeline_photostream_component

fix/generated-files-checks

fix/locate-button-local

chore/base-image-mimalloc

refactor/timeline_assetlayout

refactor/timeline_selectable

refactor/timeline_aware_actions

refactor/timeline_monthsegment

feat/remove-old-pages

chore/deps-gradle

tmp_photostream

tmp/lcms

feat/mobile-dynamic-thumbnails

fix/mobile-finer-thumbnail-concurrency

refactor/timeline1

refactor/extract_photostream

refactor/rename_load_api

refactor/timeline2

refactor/timeline3

feat/multi-select-asset-viewer

feat-no-thumbhash-cache

refactor/asset_grid

feat/faster-access-checks

fix/18991

fix/19543

chore/temp-remove

fix/21419

feat/mobile-hdr-images

chore/update-mise-lockfile

feat/mise-server-checks

feat/mise-ci

feat/windows-2025

feat/dev_cli

refactor/mobile-migrate-clients

fix/map-theme

fix/require-checkbox

chore/use_swc

feat/efficient-thumbnail-decoding

refactor/mobile-thumbhash

refactor/mobile-thumbhash-new

fix/mobile-uncached-zoom

feat/beta-background-upload

fix/beta-timeline-memories-setting

fix/failed-uploads-not-removed

feat/mobile-shared-album

feat/groups

drift-map-page

drift-auth-user-sync

fix/disable-memory

feat/add-to-album-action

edit-date-time-action

drift-people-page

sqlite-remove-isIn

feat/inline-storage-columns

chore/required-reviewers

refact/asset-manager

fix/folder-sort

pnpm

feat/widget-multiple-server-urls

chore/medium-tests-dbname

fix/web-no-iterator-find

fix/map-pan-interruption

track-livephotos

timeline_events

chore/oxlint-migration

feat/maintenance-worker

feat/dav

chore/demo-snapshot

refactor/server-side-dedupe

feat/integrity-checks

dev/recognition-eval

lighter_buckets_test

perf/postgres-queue

postgres-queue

focus_rings

refactor/web-stores-1

refactor/add-to-taken

feat/sort-places

feat/sidecar-asset-file

vet

tmp/demo-snapshot-preview

fix/server-migration-file-extension

refactor/mobile-v2

fix/asset-update-race-condition

rknn-toolkit-lite2

refactor/mobile-split-up-search-page

feature/Add-rocm-support-for-machine-learning

feat/rocm

chore/async-hash-file

feat/shared-link-view-count

feat/rotation

feat/graphql

feat/job-ids

feat/ignore-library-permission-error

feat/docker-compose-builder

feat/kysely-typeorm

mobile/onboarding

no-video-player

fix/server-qsv-output-format

chore/server-geodata-tweaks

mobile/native-video-player-no-hero

feat/xxhash

fix/docs-concurrency

feat/preload-ml-textual-model

feat/local-tileserver

refactor/exif-orientation

original-path-infix

refactor/mobile/login-form-1

feat/server-editor-endpoints

fix/server-qsv-vbr

fix-mobile-db-problems

feat/ml-armnn-conversion

feat/mobile/backup-with-album-info

feat/fast-initial-sync-1

chore/handle-output_dims

feat/server-more-robust-generation

feat/unassign-faces

feat/shortcuts-on-asset-grid

feat/background-upload

feat/capacitor-mobile-app-poc

feat/server-nvenc-hw-decoding

release/v1.105

fix/mobile-fetch-non-archive

feat/fine-grained-access-controls

web/automation-ui

feat/mobile-server-endpoint-save-dropdown

feat/blurhash-thumbnail

object-storage

feat/memories-animations

dev/metrics

ml/tflite

feat/ml-export-cli

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.3

v2.2.2

v2.2.1

v2.2.0

v2.1.0

v2.0.1

v2.0.0

v1.144.1

v1.144.0

v1.143.1

v1.143.0

v1.142.1

v1.142.0

v1.141.1

v1.141.0

v1.140.1

v1.140.0

v1.139.4

v1.139.3

v1.139.2

v1.139.1

v1.139.0

v1.138.1

v1.138.0

v1.137.3

v1.137.2

v1.137.1

v1.137.0

v1.136.0

v1.135.3

v1.135.2

v1.135.1

v1.135.0

v1.134.0

v1.133.1

v1.133.0

v1.132.3

v1.132.2

v1.132.1

v1.132.0

v1.131.3

v1.131.2

v1.131.1

v1.131.0

v1.130.3

v1.130.2

v1.130.1

v1.130.0

v1.129.0

v1.128.0

v1.127.0

v1.126.1

v1.126.0

v1.125.7

v1.125.6

v1.125.5

v1.125.4

v1.125.3

v1.125.2

v1.125.1

v1.125.0

v1.124.2

v1.124.1

v1.124.0

v1.123.0

v1.122.3

v1.122.2

v1.122.1

v1.122.0

v1.121.0

v1.120.2

v1.120.1

v1.120.0

v1.119.1

v1.119.0

v1.118.2

v1.118.1

v1.118.0

v1.117.0

v1.116.2

v1.116.1

v1.116.0

v1.115.0

v1.114.0

v1.113.1

v1.113.0

v1.112.1

v1.112.0

v1.111.0

v1.110.0

v1.109.2

v1.109.1

v1.109.0

v1.108.0

v1.107.2

v1.107.1

v1.107.0

v1.106.4

v1.106.3

v1.106.2

v1.106.1

v1.106.0

v1.105.1

v1.105.0

v1.104.0

v1.103.1

v1.103.0

v1.102.3

v1.102.2

v1.102.1

v1.102.0

v1.101.0

v1.100.0

v1.99.0

v1.98.2

v1.98.1

v1.98.0

v1.97.0

v1.96.0

v1.95.1

v1.95.0

v1.94.1

v1.94.0

v1.93.3

v1.93.2

v1.93.1

v1.93.0

v1.92.1

v1.92.0

v1.91.4

v1.91.3

v1.91.2

v1.91.1

v1.91.0

v1.90.2

v1.90.1

v1.90.0

v1.89.0

v1.88.2

v1.88.1

v1.88.0

v1.87.0

v1.86.0

v1.85.0

v1.84.0

v1.83.0

v1.82.1

v1.82.0

v1.81.1

v1.81.0

v1.80.0

v1.79.1

v1.79.0

v1.78.1

v1.78.0

v1.77.0

v1.76.1

v1.76.0

v1.75.2

v1.75.1

v1.75.0

v1.74.0

v1.73.0

v1.72.2

v1.72.1

v1.72.0

v1.71.0

v1.70.0

v1.69.0

v1.68.0

v1.67.2

v1.67.1

v1.67.0

v1.66.1

v1.66.0

v1.65.0

v1.64.0

v1.63.2

v1.63.1

v1.63.0

v1.62.1

v1.62.0

v1.61.0

v1.60.0

v1.59.1

v1.59.0

v1.58.0

v1.57.1

v1.57.0

v1.56.2

v1.56.1

v1.56.0

v1.55.1

v1.55.0

v1.54.1

v1.54.0

v1.53.0

v1.52.1

v1.52.0

v1.51.2

v1.51.1

v1.51.0

v1.50.1

v1.50.0

v1.49.0

v1.48.1

v1.48.0

v1.47.3

v1.47.2

v1.47.1

v1.47.0

v1.46.1

v1.46.0

v1.45.0

v1.44.0

v1.43.1

v1.43.0

v1.42.0_65-dev

v1.41.1_64-dev

v1.41.0_64-dev

v1.40.1_63-dev

v1.40.0_63-dev

v1.39.0_61-dev

v1.38.2_60-dev

v1.38.1_60-dev

v1.38.0_60-dev

v1.37.0_58-dev

v1.36.2_56-dev

v1.36.1_55-dev

v1.36.0_55-dev

v1.35.0_54-dev

v1.34.0_53-dev

v1.33.1_52-dev

v1.33.0_52-dev

v1.32.1_51-dev

v1.32.0_50-dev

v1.31.1_49-dev

v1.31.0_49-dev

v1.30.2_48-dev

v1.30.0_46-dev

v1.29.6_45-dev

v1.29.6_44-dev

v1.29.5_44-dev

v1.29.4_44-dev

v1.29.3_43-dev

v1.29.2_43-dev

v1.29.1_43-dev

v1.29.0_42-dev

v1.28.4_41-dev

v1.28.4_42-dev

v1.28.3_41-dev

v1.28.2_40-dev

v1.28.1_39-dev

v1.28.0_38-dev

v1.27.0_37-dev

v1.26.0_36-dev

v1.25.0_35-dev

v1.24.0_34-dev

v1.23.0_33-dev

v1.22.0_32-dev

v1.21.1_31-dev

v1.21.0_31-dev

v1.20.3_30-dev

v1.20.2_30-dev

v1.20.1_30-dev

v1.20.0_30-dev

v1.19.1_29-dev

v1.19.0_29-dev

v1.18.0_27-dev

v1.17.0_25-dev

v1.16.0_23-dev

v1.15.1_21-dev

v1.15.0_21-dev

v1.14.0_21-dev

v1.13.0_20-dev

v1.12.0_18-dev

v1.11.0_17-dev

v1.10.0_15-dev

v1.9.1_14-dev

v1.9.0_13-dev

v1.8.0_12-dev

v1.7.0_11-dev

v1.6.0_10-dev

v1.5.1+9-dev

v1.5.0+8-dev

v1.4.0+7-dev

v1.4.0+6-dev

v1.4.0-dev

v1.3.0-dev

v1.3.1-dev

v0.6-dev

v0.5-dev

v0.4-dev

v0.3-dev

v0.2-dev

first-android-release

Labels

Clear labels

accessibility

changelog:enhancement

changelog:security

changelog:translation

cli

date-time

documentation

external-library

format

good first issue

needs-answer

nice to have

sharing

tech-debt

📱mobile

🖥️web

🗄️server

🧠machine-learning

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: immich-app/immich#112