github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-03-15 06:59:05 -05:00
Code Issues 144 Packages Projects Releases 116 Wiki Activity

Cannot Change 2FA Method when logging in on a non-google Android device, therefore cannot log in to Bitwarden #1580

New Issue
Closed
opened 2025-11-26 22:52:53 -06:00 by GiteaMirror · 7 comments
GiteaMirror commented 2025-11-26 22:52:53 -06:00
Owner
Copy Link

Originally created by @nep2ner on GitHub (Jan 31, 2023).

Steps To Reproduce

  1. Enable TOTP as a 2FA method on your Bitwarden account via the web vault
  2. Add a FIDO2 hardware security key as an additional 2FA method on your Bitwarden account via the web vault
  3. Download Bitwarden Android app
  4. Launch app
  5. Type in valid username and submit
  6. Type in valid password and submit
  7. Observe bug (see screenshot below)

Expected Result

I would expect to be able to switch my 2FA method to TOTP, type in my TOTP code, and be signed in.

Actual Result

A "validating" modal appears and stays until the app is quit. This modal blocks the ability to click the hamburger dot in the top right, therefore blocking the ability to swap over to a different 2FA method.

Screenshots or Videos

screenshot
(sorry for the poor quality, I had to take a picture of the screen with a different camera because Bitwarden blocks screenshots)

Additional Context

This bug is occurring on GrapheneOS with no Google Play Services installed.

Because there are no Google Play Services installed, and Bitwarden doesn't support FIDO2 hardware keys without depending on Google Play Services, I cannot use my FIDO2 hardware key as a 2FA method. However, because of this bug, I cannot switch to using any other 2FA method either (in this case, TOTP), meaning that I can't log into the app at all unless I remove my FIDO2 hardware key as a 2FA method, which downgrades my security.

Operating System

Android

Operating System Version

GrapheneOS Android 13 (No Google Play Services Installed)

Device

Pixel 5a

Build Version

2023.1.0 (5786)

Beta

  • Using a pre-release version of the application.
Originally created by @nep2ner on GitHub (Jan 31, 2023). ### Steps To Reproduce 1. Enable TOTP as a 2FA method on your Bitwarden account via the web vault 2. Add a FIDO2 hardware security key as an additional 2FA method on your Bitwarden account via the web vault 3. Download Bitwarden Android app 4. Launch app 5. Type in valid username and submit 6. Type in valid password and submit 7. Observe bug (see screenshot below) ### Expected Result I would expect to be able to switch my 2FA method to TOTP, type in my TOTP code, and be signed in. ### Actual Result A "validating" modal appears and stays until the app is quit. This modal blocks the ability to click the hamburger dot in the top right, therefore blocking the ability to swap over to a different 2FA method. ### Screenshots or Videos ![screenshot](https://user-images.githubusercontent.com/86129988/215656816-74dae866-bee9-4e39-8197-2e45328e6816.jpg) (sorry for the poor quality, I had to take a picture of the screen with a different camera because Bitwarden blocks screenshots) ### Additional Context This bug is occurring on GrapheneOS with no Google Play Services installed. ~Because there are no Google Play Services installed, and Bitwarden doesn't support FIDO2 hardware keys without depending on Google Play Services,~ I cannot use my FIDO2 hardware key as a 2FA method. However, because of this bug, I cannot switch to using any other 2FA method either (in this case, TOTP), meaning that I can't log into the app at all unless I remove my FIDO2 hardware key as a 2FA method, which downgrades my security. ### Operating System Android ### Operating System Version GrapheneOS Android 13 (No Google Play Services Installed) ### Device Pixel 5a ### Build Version 2023.1.0 (5786) ### Beta - [ ] Using a pre-release version of the application.
GiteaMirror added the bug label 2025-11-26 22:52:53 -06:00
GiteaMirror commented 2025-11-26 22:52:54 -06:00
Author
Owner
Copy Link

@nep2ner commented on GitHub (Jan 31, 2023):

I did some more poking around here in this repo, and unless things have changed since #1519, Bitwarden doesn't need Google Play Services for FIDO2 support. So I actually have no idea why Bitwarden gets stuck at this "Validating" modal to begin with.

@nep2ner commented on GitHub (Jan 31, 2023): I did some more poking around here in this repo, and unless things have changed since #1519, Bitwarden doesn't need Google Play Services for FIDO2 support. So I actually have no idea why Bitwarden gets stuck at this "Validating" modal to begin with.
GiteaMirror commented 2025-11-26 22:52:54 -06:00
Author
Owner
Copy Link

@mpbw2 commented on GitHub (Jan 31, 2023):

I did some more poking around here in this repo, and unless things have changed since #1519, Bitwarden doesn't need Google Play Services for FIDO2 support.

That's correct, we expect the FIDO2 auth flow to be handled by the default browser for exactly this situation. That said, I'm not sure why your browser isn't launching...

@mpbw2 commented on GitHub (Jan 31, 2023): > I did some more poking around here in this repo, and unless things have changed since #1519, Bitwarden doesn't need Google Play Services for FIDO2 support. That's correct, we expect the FIDO2 auth flow to be handled by the default browser for exactly this situation. That said, I'm not sure why your browser isn't launching...
GiteaMirror commented 2025-11-26 22:52:54 -06:00
Author
Owner
Copy Link

@glindstr commented on GitHub (Feb 2, 2023):

+1. I request the bitwarden app on android allows the user to select other 2FA methods when logging in when webauth is setup on the account.

@glindstr commented on GitHub (Feb 2, 2023): +1. I request the bitwarden app on android allows the user to select other 2FA methods when logging in when webauth is setup on the account.
GiteaMirror commented 2025-11-26 22:52:54 -06:00
Author
Owner
Copy Link

@nep2ner commented on GitHub (May 19, 2023):

I did some more poking around here in this repo, and unless things have changed since #1519, Bitwarden doesn't need Google Play Services for FIDO2 support.

That's correct, we expect the FIDO2 auth flow to be handled by the default browser for exactly this situation. That said, I'm not sure why your browser isn't launching...

The default browser & WebView provider on GrapheneOS is Vanadium, which probably doesn't implement WebAuthN. I do think the user should be able to chose between TOTP and FIDO2 when signing in though if they are both enabled. This bug currently prevents me from adding a FIDO2 hardware key as a 2FA option, because I'll never be able to sign in on mobile.

@nep2ner commented on GitHub (May 19, 2023): > > I did some more poking around here in this repo, and unless things have changed since #1519, Bitwarden doesn't need Google Play Services for FIDO2 support. > > That's correct, we expect the FIDO2 auth flow to be handled by the default browser for exactly this situation. That said, I'm not sure why your browser isn't launching... The default browser & WebView provider on GrapheneOS is Vanadium, which probably doesn't implement WebAuthN. I do think the user should be able to chose between TOTP and FIDO2 when signing in though if they are both enabled. This bug currently prevents me from adding a FIDO2 hardware key as a 2FA option, because I'll never be able to sign in on mobile.
GiteaMirror commented 2025-11-26 22:52:55 -06:00
Author
Owner
Copy Link

@AAGaming00 commented on GitHub (Jun 28, 2023):

The same occurs with the LineageOS Browser. Additionally, this makes it completely impossible to log in on a phone if another phone is used as a security key.

@AAGaming00 commented on GitHub (Jun 28, 2023): The same occurs with the LineageOS Browser. Additionally, this makes it completely impossible to log in on a phone if another phone is used as a security key.
GiteaMirror commented 2025-11-26 22:52:55 -06:00
Author
Owner
Copy Link

@nep2ner commented on GitHub (Jun 28, 2023):

Exactly.. this bug is preventing me from using a FIDO2 hardware key on my Bitwarden account at all. Could we get the option to choose which 2FA method to use when signing in on mobile? I think this is pretty standard behavior when it comes to signing in with 2FA.

@nep2ner commented on GitHub (Jun 28, 2023): Exactly.. this bug is preventing me from using a FIDO2 hardware key on my Bitwarden account at all. Could we get the option to choose which 2FA method to use when signing in on mobile? I think this is pretty standard behavior when it comes to signing in with 2FA.
GiteaMirror commented 2025-11-26 22:52:55 -06:00
Author
Owner
Copy Link

@vvolkgang commented on GitHub (Jun 20, 2024):

Issue migrated to https://github.com/bitwarden/mobile/issues/2334

@vvolkgang commented on GitHub (Jun 20, 2024): Issue migrated to https://github.com/bitwarden/mobile/issues/2334
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#1580
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?