[GH-ISSUE #6857] Login with device generates duplicate notification #50608

New Issue

Open

opened 2026-05-01 13:47:53 -05:00 by GiteaMirror · 7 comments

GiteaMirror commented 2026-05-01 13:47:53 -05:00

Owner

Copy Link

Originally created by @BlackDex on GitHub (Apr 30, 2026).
Original GitHub issue: https://github.com/bitwarden/android/issues/6857

Steps To Reproduce

1. Have an Android device as a known device for a specific account
2. Using any browser, login by using Login with device for that same account
3. See a notification pop to confirm the login
4. Confirm this login
5. You are logged in on the web interface
6. Received a second notification to confirm the login

Expected Result

No duplicate login via device notification on the mobile device, just one.

Actual Result

Received a second notification to approve a login which was already approved, trying to click on approve again results in an error, because that approval is gone already.

Screenshots or Videos

No response

Additional Context

When using Bitwarden Cloud this doesn't happen, only one notification is received.
Looking at the flightrecorder logs it seems that the Cloud version doesn't send a notification to the push servers as there is no log line mentioning BitwardenFirebaseMessagingService – Push Notification Received: AUTH_REQUEST_RESPONSE

On Cloud it can happen also, but only in this situation.

1. Logout on the mobile device
2. Login again on the mobile device, but use Login with device now
3. Approve the request via the web interface
4. Also see two notifications, one to approve the login, which of course can't be done, but after that also the same notification to approve again.

It looks like the mobile client also shows a notification for the AUTH_REQUEST_RESPONSE, to approve a login, while it probably should just either act upon to finish the login, or ignore it, and not ask the user to approve the login. Maybe a notification that it was successful.

Build Version

2026.4.0 (21434)

What server are you connecting to?

US

Self-host Server Version

Bitwarden Self-Hosted 2026.3.1 AND Bitwarden Cloud 2026.4.0 @ US

Environment Details

Any android device

Issue Tracking Info

• I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

Originally created by @BlackDex on GitHub (Apr 30, 2026). Original GitHub issue: https://github.com/bitwarden/android/issues/6857 ### Steps To Reproduce 1. Have an Android device as a known device for a specific account 2. Using any browser, login by using `Login with device` for that same account 3. See a notification pop to confirm the login 4. Confirm this login 5. You are logged in on the web interface 6. Received a second notification to confirm the login ### Expected Result No duplicate login via device notification on the mobile device, just one. ### Actual Result Received a second notification to approve a login which was already approved, trying to click on approve again results in an error, because that approval is gone already. ### Screenshots or Videos _No response_ ### Additional Context When using Bitwarden Cloud this doesn't happen, only one notification is received. Looking at the flightrecorder logs it seems that the Cloud version doesn't send a notification to the push servers as there is no log line mentioning `BitwardenFirebaseMessagingService – Push Notification Received: AUTH_REQUEST_RESPONSE` On Cloud it can happen also, but only in this situation. 1. Logout on the mobile device 2. Login again on the mobile device, but use `Login with device` now 3. Approve the request via the web interface 4. Also see two notifications, one to approve the login, which of course can't be done, but after that also the same notification to approve again. It looks like the mobile client also shows a notification for the `AUTH_REQUEST_RESPONSE`, to approve a login, while it probably should just either act upon to finish the login, or ignore it, and not ask the user to approve the login. Maybe a notification that it was successful. ### Build Version 2026.4.0 (21434) ### What server are you connecting to? US ### Self-host Server Version Bitwarden Self-Hosted 2026.3.1 AND Bitwarden Cloud 2026.4.0 @ US ### Environment Details Any android device ### Issue Tracking Info - [x] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

GiteaMirror added the bugapp:password-manager labels 2026-05-01 13:47:53 -05:00

GiteaMirror commented 2026-05-01 13:47:55 -05:00

Author

Owner

Copy Link

@bitwarden-bot commented on GitHub (Apr 30, 2026):

Thank you for your report! We've added this to our internal board for review.
ID: PM-36175

<!-- gh-comment-id:4353694193 --> @bitwarden-bot commented on GitHub (Apr 30, 2026): Thank you for your report! We've added this to our internal board for review. ID: [PM-36175](https://bitwarden.atlassian.net/browse/PM-36175) [PM-36175]: https://bitwarden.atlassian.net/browse/PM-36175?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ

GiteaMirror commented 2026-05-01 13:47:56 -05:00

Author

Owner

Copy Link

@pamperer562580892423 commented on GitHub (Apr 30, 2026):

Regarding your title... "Device Unlock..." should probably be "Login with device..." ?! (PS: just asking for clarity - not meant as nitpicking)

<!-- gh-comment-id:4354604926 --> @pamperer562580892423 commented on GitHub (Apr 30, 2026): Regarding your title... "Device Unlock..." should probably be "Login with device..." ?! (PS: just asking for clarity - not meant as nitpicking)

GiteaMirror commented 2026-05-01 13:47:57 -05:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Apr 30, 2026):

Regarding your title... "Device Unlock..." should probably be "Login with device..." ?! (PS: just asking for clarity - not meant as nitpicking)

Good one!

<!-- gh-comment-id:4354617779 --> @BlackDex commented on GitHub (Apr 30, 2026): > Regarding your title... "Device Unlock..." should probably be "Login with device..." ?! (PS: just asking for clarity - not meant as nitpicking) Good one!

GiteaMirror commented 2026-05-01 13:47:57 -05:00

Author

Owner

Copy Link

@cbbit commented on GitHub (May 1, 2026):

Hi there,

I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

<!-- gh-comment-id:4360181327 --> @cbbit commented on GitHub (May 1, 2026): Hi there, I am unable to reproduce this issue, it has been escalated for further investigation. If you have more information that can help us, please add it below. Thanks!

GiteaMirror commented 2026-05-01 13:47:59 -05:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (May 1, 2026):

You also aren't able to reproduce this on vault.bitwarden.com?
And try to login on the mobile via login with device, and approve via the web interface?

<!-- gh-comment-id:4360193047 --> @BlackDex commented on GitHub (May 1, 2026): You also aren't able to reproduce this on vault.bitwarden.com? And try to login on the mobile via login with device, and approve via the web interface?

GiteaMirror commented 2026-05-01 13:47:59 -05:00

Author

Owner

Copy Link

@pamperer562580892423 commented on GitHub (May 1, 2026):

On Cloud it can happen also, but only in this situation.

1. Logout on the mobile device
2. Login again on the mobile device, but use Login with device now
3. Approve the request via the web interface
4. Also see two notifications, one to approve the login, which of course can't be done, but after that also the same notification to approve again.

It looks like the mobile client also shows a notification for the AUTH_REQUEST_RESPONSE, to approve a login, while it probably should just either act upon to finish the login, or ignore it, and not ask the user to approve the login. Maybe a notification that it was successful.

I think I could reproduce that on the BW EU cloud.

As I just initiated "Login with device" on the Android app (2026.4.0) and after I approved the login via the browser extension (2026.3.0) on my computer, I also got a notification on the Android app (!) which said "Login requested - Confirm login".

<!-- gh-comment-id:4360410168 --> @pamperer562580892423 commented on GitHub (May 1, 2026): > On Cloud it can happen also, but only in this situation. > > 1. Logout on the mobile device > 2. Login again on the mobile device, but use `Login with device` now > 3. Approve the request via the web interface > 4. Also see two notifications, one to approve the login, which of course can't be done, but after that also the same notification to approve again. > > It looks like the mobile client also shows a notification for the `AUTH_REQUEST_RESPONSE`, to approve a login, while it probably should just either act upon to finish the login, or ignore it, and not ask the user to approve the login. Maybe a notification that it was successful. I think I could reproduce that on the BW EU cloud. As I just initiated "Login with device" on the Android app (2026.4.0) and after I approved the login via the browser extension (2026.3.0) on my computer, I also got a notification on the Android app (!) which said "Login requested - Confirm login".

GiteaMirror commented 2026-05-01 13:48:00 -05:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (May 1, 2026):

@pamperer562580892423 , indeed that is the same i get, but for me at the US servers, and self hosted.

<!-- gh-comment-id:4360828088 --> @BlackDex commented on GitHub (May 1, 2026): @pamperer562580892423 , indeed that is the same i get, but for me at the US servers, and self hosted.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

new-item-types/PM-32810_bank-account-view

sdlc/sdk-update

new-item-types/PM-32810_bank-account

beta-for-qa

BWA-253/not-displaying-totp-coded-with-empty-key

target-sdk-37

vvolkgang/renovate-remove-group

pm-34038/card-scanner-qa-fixes

PM-33982/build-device-screen

PM-30625/filter-out-empty-totp-vault-count

vvolkgang/update-jira-release-notes

new-item-types/PM-34123_new-item-menu

new-item-types/PM-32806_passport

new-item-types/PM-32808_drivers-license

BWA-99/show-next-totp

BWA-99/add-preview-next-totp-code-setting

renovate/glidecompose

chore/improve-android-ui-verification-skill

sync-min-sdk

release/2026.4-rc51

fix/security-sast-22741894-bvwj

related-origin-passkey-creation

release/2026.4-rc50

platform/android-breaking-change-detection

innovation-sprint-2026-send-folder

release/2026.3-rc49

PM-34193-vault-lockout

android-collections

llm/add-resolving-sdk-updates-skill

QA-1523/sanity-test-saucelabs

release/2026.3-rc48

PM-26577-app-links-support

PM-26896-autofill-fix

release/2026.2-rc47

pr-6572

release/2026.2-rc46

release/2026.1-rc45

PM-30644/added-logs-for-debug

PM-30644/quicktile-nav-not-showing-migration

minor-gradle-updates

release/2026.1-rc42

release/2026.1-rc44

release/2026.1-rc43

PM-28834/set-landscape-on-horizonos-devices

PM-28468/validate-and-navigate-to-vault-migration

PM-20026/force-ltr-passwords-and-codes

release/2025.12-rc41

cmcg/testCoverage

PM-29014/talkback-support-for-passwords

release/2025.12-rc40

BRE-1305/publish_test

accept-user-certs

autofill-permissions

release/2025.11-rc39

PM-22479/check-all-certificates-validate-asset-links

release/2025.10-rc38

agalles/android-latest

retro-agent

PM-27001/skip-account-selection-only-one-exists-cxp

release/2025.10-rc37

agalles/test-1118

release/2025.10-rc36

PM-20593-token-refresh

QA-1126b/adding-native-sanity-test

release/2025.9-rc35

pm-25933/sdk-update-password

release/2025.9-rc34

release/2025.8-rc33

agalles/20250821-release

debug-release-issues

pm-24249-allow-automated-prs-for-sdk-updates

release/2025.8-rc32

release/WORKFLOW-TEST-2025.8-rc28

agalles/20250807release

release/2025.07-rc25

release/hotfix-v2025.7.0-bwa

pm-23311/export-vault-policy-bypass

release/2025.07-rc24

authenticator-pm-sync-flags-issue

release/hotfix-v2025.6.0-bwpm

release/2025.06-rc21

agalles/automate-android-fastlane-patch

release/2025.05-rc20

release/2025.04-rc19

languages/basque

release/2025.03-rc19

update-readme

qrcode/feature

innovation/archive/pm-19153-archive-items

qrcode/2-ui-fields

qrcode/1-page

hold-on-biometric-prompt-alternative

release-notes-process

release/2025.02-rc16

bwa-monorepo

PM-8223/new-device-verification-ux-improvements

pm-18451/exempt-from-policies

test-bwa

release/2025.01-rc15

release/2025.01-rc14

release/2024.12-rc13

pm-16670/sync-leave-notice

821

PM-16695/backport-lean-more-new-device-verification

release/hotfix-v2024.11.7

release/2024.11-rc1

pm-11304/collection-add-item-button

PM-14241/disabling-logs-app-crash

poc/offline-editing

new-version-calc

pm-11649/expired-link-services

pm-6702/add-feature-flag

pm-6702/email-verification-feature

pm-9933/marketing-copy-update

pm-6702/registration-flows

update-templates

pm-6701/email-verification-selfhost-registration

v2026.4.0-bwa

v2026.4.0-bwpm

v2026.3.1-bwa

v2026.3.1-bwpm

v2026.3.0-bwpm

v2026.3.0-bwa

v2026.2.1-bwpm

v2026.2.1-bwa

v2026.2.0-bwpm

v2026.2.0-bwa

v2026.1.1-bwa

v2026.1.1-bwpm

temp-test

v2026.1.0-bwpm

v2026.1.0-bwa

v2025.12.1-bwa

v2025.12.1-bwpm

v2025.12.0-bwa

v2025.12.0-bwpm

v2025.11.1-bwpm

v2025.11.1-bwa

v2025.11.0-bwpm

v2025.11.0-bwa

v2025.10.1-bwa

v2025.10.1-bwpm

v2025.10.0-bwa

v2025.10.0-bwpm

v2025.9.1-bwa

v2025.9.1-bwpm

v2025.9.0-bwa

v2025.9.0-bwpm

v2025.8.1-bwa

v2025.8.1-bwpm

v2025.8.0-bwa

v2025.8.0-bwpm

v2025.7.2-bwa

v2025.7.2-bwpm

v2025.7.1-bwa

v2025.7.1-bwpm

v2025.7.0-bwa

v2025.7.0-bwpm

v2025.6.1-bwpm

v2025.6.0-bwa

v2025.6.0-bwpm

v2025.1.0-bwa

v2025.5.0-bwa

v2025.5.0-bwpm

v2025.5.999

2025.4.0

v2025.4.0

untagged-4731eaadac73f3dfbbb8

v2025.3.0

v2025.2.0

untagged-815a165c5d70ffe75bc7

v2025.1.2

v2025.1.1

v2025.1.0

v2024.12.0

untagged-5a76b6392a4c8998c63a

v2024.11.7

v2024.11.6

v2024.11.5

v2024.11.4

v2024.11.3

v2024.11.2

v2024.11.1

v2024.11.0

v2024.10.2

v2024.10.1

v2024.10.0

v2024.9.0

v2024.8.1

v2024.8.0

v2024.7.3

v2024.7.2

v2024.7.1

v2024.7.0

v2024.6.1

v2024.6.0

v2024.5.1

v2024.4.1

v2024.4.2

v2024.4.0

v2024.3.3

v2024.3.1

v2024.3.0

v2024.2.1

v2024.2.0

v2024.1.1

v2024.1.0

v2023.12.0

v2023.10.0

v2023.9.2

maui-single-project-android

v2023.9.1

v2023.9.0

v2023.8.0

v2023.7.0

v2023.5.0

v2023.4.0

v2023.3.2

v2023.3.1

v2023.3.0

v2023.2.0

v2023.1.0

v2022.11.0

v2022.10.0

v2022.9.1

v2022.9.0

v2022.8.0

v2022.6.2

v2022.6.1

v2022.6.0

v2022.05.0

v2.18.0

v2.17.0

v2.16.4

v2.16.3

v2.16.2

v2.16.1

v2.15.0

v2.14.2

v2.14.1

v2.14.0

v2.13.0

v2.12.0

v2.11.3

v2.11.2

v2.11.1

v2.11.0

v2.10.0

v2.9.1

v2.9.0

v2.8.2

v2.8.1

v2.8.0

v2.7.2

v2.7.0

v2.6.1

v2.6.0

v2.5.6

v.2.5.5

v2.5.5

v2.5.4

v2.5.3

v2.5.2

v2.5.1

v2.5.0

v2.4.3

v2.4.2

v2.4.1

v2.4.0

v2.3.1

v2.3.0

v2.2.8

v2.2.7

v2.2.6

v2.2.2

v2.2.1

v2.2.0

v2.1.2

v2.1.0

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.22.1

v1.22.0

v1.21.0

v1.20.0

v1.19.0

v1.18.1

v1.18.0

v1.17.0

v1.16.0

v1.15.2

v1.15.1

v1.15.0

v1.14.4

v1.14.1

v1.14.0

v1.13.0

v1.12.2

v1.12.1

v1.12.0

v1.11.1

v1.11.0

v1.10.0

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.5

v1.6.1

v1.6.0

v1.5.1

v1.5.0

v1.4.4

v1.4.3

v1.4.0

v1.3.0

v1.2.1

v1.2.0

v1.1.0

v1.0.0

v0.0.6

v0.0.5

v0.0.4

v0.0.3

v0.0.2

v0.0.1

Labels

Clear labels

app:authenticator

app:password-manager

bug

bug-passkey

customer-support

duplicate

enhancement

good first issue

help wanted

needs-reply

needs-response

pull-request

Mirrored from GitHub Pull Request

question

No Label app:password-manager bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/android#50608