github-starred/android
2
0
Fork 0
mirror of https://github.com/bitwarden/android.git synced 2026-06-09 16:21:19 -05:00
Code Issues 2.2k Packages Projects Releases 127 Wiki Activity

2FA login into Bitwarden via authenticator TOTP fails #1981

New Issue
Closed
opened 2025-11-26 23:03:41 -06:00 by GiteaMirror · 12 comments
GiteaMirror commented 2025-11-26 23:03:41 -06:00
Owner
Copy Link

Originally created by @danielhass on GitHub (Aug 21, 2024).

Bitwarden Beta

  • I'm using the new native Bitwarden Beta app and I'm aware that legacy .NET app bugs should be reported in bitwarden/mobile

Steps To Reproduce

  1. On a freshly installed 2024.8.0 beta app, select self-hosted and enter server URL
  2. Login via master password (I already received a login warning via mail so this steps seem to work)
  3. Now the app presents you with the verification code screen where you should enter your TOTP as my account uses this method as 2FA
  4. After entering a valid TOTP (which I verified via a parallel successful login into the web password manager of my instance), the app presents you with a pop-up saying "invalid verificationcode" (I use the German version so this is only roughly translated)

Additional context: I haven't seen any failing HTTP request or similar on my instance during the TOTP 2FA attempt.

Result: I'm unable to login into the Bitwarden app.

Expected Result

As I verified my TOTP via the web-based password manager of my instance I expect the login to work on mobile as well.

Actual Result

Login into Bitwarden app on self-hosted with TOTP 2FA not possible.

Screenshots or Videos

No response

Additional Context

No response

Build Version

2024.8.0 | Server: 2024.7.4

Environment Details

  • Device: OnePlus 8T
  • OS: Android 14

Issue Tracking Info

  • I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
Originally created by @danielhass on GitHub (Aug 21, 2024). ### Bitwarden Beta - [X] I'm using the new native Bitwarden Beta app and I'm aware that legacy .NET app bugs should be reported in [bitwarden/mobile](https://github.com/bitwarden/mobile) ### Steps To Reproduce 1. On a freshly installed `2024.8.0` beta app, select self-hosted and enter server URL 2. Login via master password (I already received a login warning via mail so this steps seem to work) 3. Now the app presents you with the verification code screen where you should enter your TOTP as my account uses this method as 2FA 4. After entering a valid TOTP (which I verified via a parallel successful login into the web password manager of my instance), the app presents you with a pop-up saying "invalid verificationcode" (I use the German version so this is only roughly translated) Additional context: I haven't seen any failing HTTP request or similar on my instance during the TOTP 2FA attempt. Result: I'm unable to login into the Bitwarden app. ### Expected Result As I verified my TOTP via the web-based password manager of my instance I expect the login to work on mobile as well. ### Actual Result Login into Bitwarden app on self-hosted with TOTP 2FA not possible. ### Screenshots or Videos _No response_ ### Additional Context _No response_ ### Build Version 2024.8.0 | Server: 2024.7.4 ### Environment Details - Device: OnePlus 8T - OS: Android 14 ### Issue Tracking Info - [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.
GiteaMirror added the app:password-managerbug labels 2025-11-26 23:03:41 -06:00
GiteaMirror commented 2025-11-26 23:03:42 -06:00
Author
Owner
Copy Link

@bitwarden-bot commented on GitHub (Aug 21, 2024):

Thank you for your report! We've added this to our internal board for review.
ID: PM-11231

@bitwarden-bot commented on GitHub (Aug 21, 2024): Thank you for your report! We've added this to our internal board for review. ID: PM-11231
GiteaMirror commented 2025-11-26 23:03:42 -06:00
Author
Owner
Copy Link

@subhashay commented on GitHub (Aug 21, 2024):

This is seen not just in self hosted but also in bitwarden instance.

I had logged in with 2fa using previous version and updated to latest 2024.8.0.

No issues so far but upon clear data and then trying to login fails and 2fa verification .

@subhashay commented on GitHub (Aug 21, 2024): This is seen not just in self hosted but also in bitwarden instance. I had logged in with 2fa using previous version and updated to latest 2024.8.0. No issues so far but upon clear data and then trying to login fails and 2fa verification .
GiteaMirror commented 2025-11-26 23:03:42 -06:00
Author
Owner
Copy Link

@NovaSilentium commented on GitHub (Aug 21, 2024):

Hi there,

This has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

@NovaSilentium commented on GitHub (Aug 21, 2024): Hi there, This has been escalated for further investigation. If you have more information that can help us, please add it below. Thanks!
GiteaMirror commented 2025-11-26 23:03:43 -06:00
Author
Owner
Copy Link

@uaevuon commented on GitHub (Aug 21, 2024):

I also had same issue. But I found workaround.
If I tried login with other device, it accepts TOTP code. If I tried login with master password, it rejects.

@uaevuon commented on GitHub (Aug 21, 2024): I also had same issue. But I found workaround. If I tried login with other device, it accepts TOTP code. If I tried login with master password, it rejects.
GiteaMirror commented 2025-11-26 23:03:43 -06:00
Author
Owner
Copy Link

@ralob commented on GitHub (Aug 21, 2024):

I can confirm that 2FA login is also broke for me and am unable to independently login. The above workaround of approving the login from another device is the only way to access my vault on Android.

App version: 2024.8.0 (18985)
Android OS: 14

@ralob commented on GitHub (Aug 21, 2024): I can confirm that 2FA login is also broke for me and am unable to independently login. The above workaround of approving the login from another device is the only way to access my vault on Android. App version: 2024.8.0 (18985) Android OS: 14
GiteaMirror commented 2025-11-26 23:03:43 -06:00
Author
Owner
Copy Link

@david-noa commented on GitHub (Aug 22, 2024):

Can confirm the most recent beta release 2024.8.0 broke 2FA
Device: Samsung Galaxy S23 Ultra
Android version: 14 / One UI version: 6.1
2FA: Google Authenticator

Troubleshooting steps:

  • Removed and re-linked Google Auth after time syncing both devices
  • Re-installed Bitwarden Android App (beta)

"An error has occurred: Invalid verification code"

UPDATE:
I have some more info that may help in isolating the issue: I noticed that when I added 'Email' as a 2FA method, and used the 3-dots menu in the App to switch to 'Email' verification during the 2FA step, the code I was sent (after several failed attempts to send) also resulted in this same "An error has occurred: Invalid verification code" pop-up message.

This would indicate the issue is within the App itself and it not handling the verification of the 2FA code correctly, and not related to the specific 2FA method being used. This is an important distinction here as I also get an email notification for a new login when I enter the correct code. This means App is saying "bad" but auth server is saying "good."

@david-noa commented on GitHub (Aug 22, 2024): **Can confirm the most recent beta release 2024.8.0 broke 2FA** Device: Samsung Galaxy S23 Ultra Android version: 14 / One UI version: 6.1 2FA: Google Authenticator Troubleshooting steps: - Removed and re-linked Google Auth after time syncing both devices - Re-installed Bitwarden Android App (beta) "An error has occurred: Invalid verification code" UPDATE: I have some more info that may help in isolating the issue: I noticed that when I added 'Email' as a 2FA method, and used the 3-dots menu in the App to switch to 'Email' verification during the 2FA step, the code I was sent (after several failed attempts to send) also resulted in this same "An error has occurred: Invalid verification code" pop-up message. This would indicate the issue is within the App itself and it not handling the verification of the 2FA code correctly, and not related to the specific 2FA method being used. This is an important distinction here as I also get an email notification for a new login when I enter the correct code. This means App is saying "bad" but auth server is saying "good."
GiteaMirror commented 2025-11-26 23:03:43 -06:00
Author
Owner
Copy Link

@mtalexan commented on GitHub (Aug 29, 2024):

This also affects both the F-droid and non-F-droid beta builds equally.

@mtalexan commented on GitHub (Aug 29, 2024): This also affects both the F-droid and non-F-droid beta builds equally.
GiteaMirror commented 2025-11-26 23:03:44 -06:00
Author
Owner
Copy Link

@david-noa commented on GitHub (Sep 4, 2024):

This is my first time coming to Bitwarden Android's Github page for a bug, so I'm not familiar with typical turnaround times or prioritization here, but can we get any kind of update on this issue?

Are there any other specific logs or troubleshooting steps that would help aid in your investigation?

UPDATE: for anyone trying to rollback their Bitwarden app because this issue broke their app, here's what worked for me:

  1. Leave the Bitwarden beta program in the Google Play store
  2. Uninstall Bitwarden (Beta 2024.8.0) app
  3. IMPORTANT: Go into the App Info for the Google Play store app and choose Storage -> Clear cache (did not work for me without this step)
  4. Reinstall Bitwarden app from Google Play store and check the version in App Info and it should be the previous build 2024.7.1 that still works without this 2FA issue

UPDATE 2: It looks like this has finally been fixed in 2024.8.1-beta (19099)

@david-noa commented on GitHub (Sep 4, 2024): This is my first time coming to Bitwarden Android's Github page for a bug, so I'm not familiar with typical turnaround times or prioritization here, but can we get any kind of update on this issue? Are there any other specific logs or troubleshooting steps that would help aid in your investigation? UPDATE: for anyone trying to rollback their Bitwarden app because this issue broke their app, here's what worked for me: 1. Leave the Bitwarden beta program in the Google Play store 2. Uninstall Bitwarden (Beta 2024.8.0) app 3. **IMPORTANT**: Go into the App Info for the Google Play store app and choose Storage -> Clear cache (did not work for me without this step) 4. Reinstall Bitwarden app from Google Play store and check the version in App Info and it should be the previous build 2024.7.1 that still works without this 2FA issue UPDATE 2: It looks like this has finally been fixed in 2024.8.1-beta (19099)
GiteaMirror commented 2025-11-26 23:03:44 -06:00
Author
Owner
Copy Link

@ralob commented on GitHub (Sep 15, 2024):

UPDATE 2: It looks like this has finally been fixed in 2024.8.1-beta (19099)

I can confirm that this issue is also fixed for me on 2024.8.1-beta (19099).

@ralob commented on GitHub (Sep 15, 2024): > UPDATE 2: It looks like this has finally been fixed in 2024.8.1-beta (19099) I can confirm that this issue is also fixed for me on 2024.8.1-beta (19099).
GiteaMirror commented 2025-11-26 23:03:44 -06:00
Author
Owner
Copy Link

@closebot-bw commented on GitHub (Aug 12, 2025):

⚠️ Stale Issue Notice

This issue has been automatically marked as stale due to inactivity. It will be closed in 2 weeks (August 26, 2025) if no further activity occurs.

If this issue is still relevant and you would like to keep it open, please:

  • Comment on this issue to show continued interest
  • Provide any additional information or updates
  • Confirm that the issue still exists in the latest version

Thank you for your contribution to this project! 🙏

@closebot-bw commented on GitHub (Aug 12, 2025): ⚠️ **Stale Issue Notice** This issue has been automatically marked as stale due to inactivity. It will be closed in **2 weeks** (August 26, 2025) if no further activity occurs. If this issue is still relevant and you would like to keep it open, please: - Comment on this issue to show continued interest - Provide any additional information or updates - Confirm that the issue still exists in the latest version Thank you for your contribution to this project! 🙏
GiteaMirror commented 2025-11-26 23:03:44 -06:00
Author
Owner
Copy Link

@closebot-bw commented on GitHub (Aug 23, 2025):

🔔 Final Notice - Issue Will Be Closed Soon

This issue was previously marked as stale and will be automatically closed in 3 days (August 26, 2025) if no further activity occurs.

If you're still experiencing this issue or believe it should remain open, please comment below to prevent automatic closure.

We appreciate your understanding and contribution to keeping our issue tracker organized! 📋

@closebot-bw commented on GitHub (Aug 23, 2025): 🔔 **Final Notice - Issue Will Be Closed Soon** This issue was previously marked as stale and will be automatically closed in **3 days** (August 26, 2025) if no further activity occurs. If you're still experiencing this issue or believe it should remain open, please comment below to prevent automatic closure. We appreciate your understanding and contribution to keeping our issue tracker organized! 📋
GiteaMirror commented 2025-11-26 23:03:44 -06:00
Author
Owner
Copy Link

@closebot-bw commented on GitHub (Aug 26, 2025):

🔒 Issue Closed Due to Inactivity

This issue has been automatically closed due to lack of activity for an extended period. We periodically review and close inactive issues to help maintain our issue tracker and focus on current priorities.

If this issue is still relevant:

  • Please create a new issue with updated information
  • Include steps to reproduce the problem if it's a bug report
  • Mention if this issue still occurs in the latest version

Thank you for your contribution to this project. Your feedback helps us improve! 🙏

@closebot-bw commented on GitHub (Aug 26, 2025): 🔒 **Issue Closed Due to Inactivity** This issue has been automatically closed due to lack of activity for an extended period. We periodically review and close inactive issues to help maintain our issue tracker and focus on current priorities. **If this issue is still relevant:** - Please create a new issue with updated information - Include steps to reproduce the problem if it's a bug report - Mention if this issue still occurs in the latest version Thank you for your contribution to this project. Your feedback helps us improve! 🙏
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
app:authenticator
app:password-manager
bug
bug-passkey
customer-support
duplicate
enhancement
good first issue
help wanted
needs-reply
needs-response
pull-request
Mirrored from GitHub Pull Request
 question
No Label app:password-manager bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/android#1981
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?