github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-05-23 16:42:18 -05:00
Code Issues 307 Packages Projects Releases 83 Wiki Activity

[GH-ISSUE #7092] 2FA broken on Android after upgrade 1.35.5->1.35.6 #11421

New Issue
Closed
opened 2026-04-20 15:02:07 -05:00 by GiteaMirror · 5 comments
GiteaMirror commented 2026-04-20 15:02:07 -05:00
Owner
Copy Link

Originally created by @UnixxSH on GitHub (Apr 13, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7092

Prerequisites

Vaultwarden Support String

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.35.6
  • Web-vault version: v2026.2.0
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Alpine)
  • Database type: PostgreSQL
  • Database version: PostgreSQL 18.3 on x86_64-pc-linux-musl, compiled by gcc (Alpine 14.2.0) 14.2.0, 64-bit
  • Uses config.json: false
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Websocket Check: true
  • HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_idle_timeout": 600,
  "database_max_conns": 4,
  "database_min_conns": 2,
  "database_timeout": 30,
  "database_url": "**********://*****************************************************************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "dns_prefer_ipv6": false,
  "domain": "*****://***************",
  "domain_origin": "*****://***************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": false,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "mutual-tls,ssh-key-vault-item,ssh-agent",
  "extended_logging": true,
  "helo_name": "***********",
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "KOFEE",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "debug",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "*******************",
  "org_events_enabled": true,
  "org_groups_enabled": true,
  "password_hints_allowed": false,
  "password_iterations": 600000,
  "purge_incomplete_sso_auth": "0 20 0 * * *",
  "push_enabled": true,
  "push_identity_uri": "https://identity.bitwarden.eu",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://api.bitwarden.eu",
  "reload_templates": false,
  "require_device_email": true,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "**************,*****",
  "signups_verify": true,
  "signups_verify_resend_limit": 3,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*************",
  "smtp_from_name": "***********",
  "smtp_host": "************************************",
  "smtp_password": null,
  "smtp_port": 25,
  "smtp_security": "off",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": null,
  "sso_allow_unknown_email_verification": false,
  "sso_audience_trusted": null,
  "sso_auth_only_not_session": false,
  "sso_authority": "",
  "sso_authorize_extra_params": "",
  "sso_callback_path": "*****://********************************************",
  "sso_client_cache_expiration": 0,
  "sso_client_id": "",
  "sso_client_secret": "***",
  "sso_debug_tokens": false,
  "sso_enabled": false,
  "sso_master_password_policy": null,
  "sso_only": false,
  "sso_pkce": true,
  "sso_scopes": "email profile",
  "sso_signups_match_email": true,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": "***",
  "yubico_secret_key": "***",
  "yubico_server": null
}

Vaultwarden Build Version

1.35.6

Deployment method

Official Container Image

Custom deployment method

Deployed via custom deployments on Kubernetes, configured with ConfigMaps/Secrets; no PVC.

Reverse Proxy

traefik v3.6.9

Host/Server Operating System

Linux

Operating System Version

Talos Linux 1.12.4

Clients

Android

Client Version

2026.3.1 (21415)

Steps To Reproduce

  • Fresh bitwarden installation from play store, on an Android device
  • Set self-hosted server url to custom one
  • Type mail and password
  • Get the Android error "An error has occured. We were unable to process your request. Please try again or contact us". Note that the password check is working, as I get the bad password error when trying.
  • Wait for some minutes and get an incomplete 2FA notification via smtp if defined

Expected Result

Android application should redirect to 2FA page (Yubikey in my case, or SMTP), then validate and connect. This was working fine before 1.35.6.

Actual Result

2FA page is never shown, the error "An error has occured. We were unable to process your request. Please try again or contact us" is shown."

Logs

Those are the only logs I can find related to the device while attempting connection.

[2026-04-13 15:33:04.741][request][INFO] POST /identity/accounts/prelogin
[2026-04-13 15:33:04.746][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
[2026-04-13 15:33:05.277][request][INFO] POST /identity/connect/token
[2026-04-13 15:33:05.642][error][ERROR] 2FA token not provided
[2026-04-13 15:33:05.642][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2026-04-13 15:33:30.866][vaultwarden::api::core::two_factor][DEBUG] Sending notifications for incomplete 2FA logins
[2026-04-13 15:33:30.866][vaultwarden::api::core::accounts][DEBUG] Purging auth requests
[2026-04-13 15:33:30.867][vaultwarden::api::core::two_factor::duo_oidc][DEBUG] Purging Duo authentication contexts

Screenshots or Videos

No response

Additional Context

No response

Originally created by @UnixxSH on GitHub (Apr 13, 2026). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7092 ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.35.6 * Web-vault version: v2026.2.0 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Alpine) * Database type: PostgreSQL * Database version: PostgreSQL 18.3 on x86_64-pc-linux-musl, compiled by gcc (Alpine 14.2.0) 14.2.0, 64-bit * Uses config.json: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_idle_timeout": 600, "database_max_conns": 4, "database_min_conns": 2, "database_timeout": 30, "database_url": "**********://*****************************************************************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "dns_prefer_ipv6": false, "domain": "*****://***************", "domain_origin": "*****://***************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": false, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "mutual-tls,ssh-key-vault-item,ssh-agent", "extended_logging": true, "helo_name": "***********", "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "KOFEE", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "debug", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "*******************", "org_events_enabled": true, "org_groups_enabled": true, "password_hints_allowed": false, "password_iterations": 600000, "purge_incomplete_sso_auth": "0 20 0 * * *", "push_enabled": true, "push_identity_uri": "https://identity.bitwarden.eu", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://api.bitwarden.eu", "reload_templates": false, "require_device_email": true, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "**************,*****", "signups_verify": true, "signups_verify_resend_limit": 3, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*************", "smtp_from_name": "***********", "smtp_host": "************************************", "smtp_password": null, "smtp_port": 25, "smtp_security": "off", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": null, "sso_allow_unknown_email_verification": false, "sso_audience_trusted": null, "sso_auth_only_not_session": false, "sso_authority": "", "sso_authorize_extra_params": "", "sso_callback_path": "*****://********************************************", "sso_client_cache_expiration": 0, "sso_client_id": "", "sso_client_secret": "***", "sso_debug_tokens": false, "sso_enabled": false, "sso_master_password_policy": null, "sso_only": false, "sso_pkce": true, "sso_scopes": "email profile", "sso_signups_match_email": true, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": "***", "yubico_secret_key": "***", "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.35.6 ### Deployment method Official Container Image ### Custom deployment method Deployed via custom deployments on Kubernetes, configured with ConfigMaps/Secrets; no PVC. ### Reverse Proxy traefik v3.6.9 ### Host/Server Operating System Linux ### Operating System Version Talos Linux 1.12.4 ### Clients Android ### Client Version 2026.3.1 (21415) ### Steps To Reproduce - Fresh bitwarden installation from play store, on an Android device - Set self-hosted server url to custom one - Type mail and password - Get the Android error "An error has occured. We were unable to process your request. Please try again or contact us". Note that the password check is working, as I get the bad password error when trying. - Wait for some minutes and get an incomplete 2FA notification via smtp if defined ### Expected Result Android application should redirect to 2FA page (Yubikey in my case, or SMTP), then validate and connect. This was working fine before 1.35.6. ### Actual Result 2FA page is never shown, the error "An error has occured. We were unable to process your request. Please try again or contact us" is shown." ### Logs Those are the only logs I can find related to the device while attempting connection. ```text [2026-04-13 15:33:04.741][request][INFO] POST /identity/accounts/prelogin [2026-04-13 15:33:04.746][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK [2026-04-13 15:33:05.277][request][INFO] POST /identity/connect/token [2026-04-13 15:33:05.642][error][ERROR] 2FA token not provided [2026-04-13 15:33:05.642][response][INFO] (login) POST /identity/connect/token => 400 Bad Request [2026-04-13 15:33:30.866][vaultwarden::api::core::two_factor][DEBUG] Sending notifications for incomplete 2FA logins [2026-04-13 15:33:30.866][vaultwarden::api::core::accounts][DEBUG] Purging auth requests [2026-04-13 15:33:30.867][vaultwarden::api::core::two_factor::duo_oidc][DEBUG] Purging Duo authentication contexts ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_
GiteaMirror added the bug label 2026-04-20 15:02:07 -05:00
GiteaMirror commented 2026-04-20 15:02:11 -05:00
Author
Owner
Copy Link

@madpat1998 commented on GitHub (Apr 13, 2026):

Same happened today with my NothingPhone 4a.
I can login with browser on all devices, even on that phone but inside the android app, it does not ask me about 2FA.

<!-- gh-comment-id:4238081602 --> @madpat1998 commented on GitHub (Apr 13, 2026): Same happened today with my NothingPhone 4a. I can login with browser on all devices, even on that phone but inside the android app, it does not ask me about 2FA.
GiteaMirror commented 2026-04-20 15:02:12 -05:00
Author
Owner
Copy Link

@maximilian1001 commented on GitHub (Apr 13, 2026):

I'm having the same problem and have been waiting all day to see if anyone would post about it here, because I haven't been able to figure out what the issue is yet :D

There are no issues on iOS, and browser plugins work fine too—it really seems to be an Android issue (2026.3.1 - 21415). I’m not being asked for 2FA (TOTP or email are configured). The error pops up right away :(

<!-- gh-comment-id:4238190031 --> @maximilian1001 commented on GitHub (Apr 13, 2026): I'm having the same problem and have been waiting all day to see if anyone would post about it here, because I haven't been able to figure out what the issue is yet :D There are no issues on iOS, and browser plugins work fine too—it really seems to be an Android issue (2026.3.1 - 21415). I’m not being asked for 2FA (TOTP or email are configured). The error pops up right away :(
GiteaMirror commented 2026-04-20 15:02:13 -05:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Apr 13, 2026):

I can confirm this too. I'll try to look at it later. But others can too of course.

<!-- gh-comment-id:4238297849 --> @BlackDex commented on GitHub (Apr 13, 2026): I can confirm this too. I'll try to look at it later. But others can too of course.
GiteaMirror commented 2026-04-20 15:02:14 -05:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Apr 13, 2026):

Found the issue, going to fix it.

<!-- gh-comment-id:4238948612 --> @BlackDex commented on GitHub (Apr 13, 2026): Found the issue, going to fix it.
GiteaMirror commented 2026-04-20 15:02:16 -05:00
Author
Owner
Copy Link

@maximilian1001 commented on GitHub (Apr 13, 2026):

Thank you very much for fixing it and releasing a new docker image so fast! Amazing work! 🎉

<!-- gh-comment-id:4239859164 --> @maximilian1001 commented on GitHub (Apr 13, 2026): Thank you very much for fixing it and releasing a new docker image so fast! Amazing work! 🎉
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#11421
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?