[GH-ISSUE #7249] Login with 2FA isn't working #30150

Closed
opened 2026-06-17 09:54:12 -05:00 by GiteaMirror · 0 comments
Owner

Originally created by @loubexos on GitHub (May 24, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7249

Prerequisites

Vaultwarden Support String

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.36.0
  • Web-vault version: v2026.4.1
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Debian)
  • Database type: SQLite
  • Database version: 3.51.3
  • Uses config.json: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • TZ environment: Europe/Berlin
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Websocket Check: true
  • HTTP Response Checks: false

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN

Failed HTTP Checks:

HTTP error responses:
Response to: 404 (Not Found) HTML is invalid
Response to: 404 (Not Found) JSON is invalid
Response to: 400 (Bad Request) is invalid
Response to: 401 (Unauthorized) is invalid
Response to: 403 (Forbidden) is invalid

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_idle_timeout": 600,
  "database_max_conns": 10,
  "database_min_conns": 2,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": true,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "dns_prefer_ipv6": false,
  "domain": "*****://******************",
  "domain_origin": "*****://******************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%d-%m-%Y %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "purge_incomplete_sso_auth": "0 20 0 * * *",
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "************",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Plain",
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "********************",
  "smtp_from_name": "********",
  "smtp_host": "************",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_security": "force_tls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "********************",
  "sso_allow_unknown_email_verification": false,
  "sso_audience_trusted": null,
  "sso_auth_only_not_session": false,
  "sso_authority": "",
  "sso_authorize_extra_params": "",
  "sso_callback_path": "*****://***********************************************",
  "sso_client_cache_expiration": 0,
  "sso_client_id": "",
  "sso_client_secret": "***",
  "sso_debug_tokens": false,
  "sso_enabled": false,
  "sso_master_password_policy": null,
  "sso_only": false,
  "sso_pkce": true,
  "sso_scopes": "email profile",
  "sso_signups_match_email": true,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

1.36.0

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Newtv 1.12.5 (Traefik)

Host/Server Operating System

Linux

Operating System Version

Debian 12

Clients

Android, Browser Extension, Web Vault

Client Version

Firefox Extension: 2026.4.0, Android: 2026.4.2 (21562)

Steps To Reproduce

  1. Download Official Vaultwarden Server
  2. Create User and Use 2fa
  3. Try to log in

Expected Result

Login is not working

Actual Result

Login is not working

Logs

2026-05-24T15:44:50.603946941Z  /--------------------------------------------------------------------\
2026-05-24T15:44:50.756057074Z  |                        Starting Vaultwarden                        |
2026-05-24T15:44:50.756100783Z  |                           Version 1.36.0                           |
2026-05-24T15:44:50.756113668Z  |--------------------------------------------------------------------|
2026-05-24T15:44:50.756122754Z  | This is an *unofficial* Bitwarden implementation, DO NOT use the   |
2026-05-24T15:44:50.756130547Z  | official channels to report bugs/features, regardless of client.   |
2026-05-24T15:44:50.756139238Z  | Send usage/configuration questions or feature requests to:         |
2026-05-24T15:44:50.756146880Z  |   https://github.com/dani-garcia/vaultwarden/discussions or        |
2026-05-24T15:44:50.756154853Z  |   https://vaultwarden.discourse.group/                             |
2026-05-24T15:44:50.756162059Z  | Report suspected bugs/issues in the software itself at:            |
2026-05-24T15:44:50.756169176Z  |   https://github.com/dani-garcia/vaultwarden/issues/new            |
2026-05-24T15:44:50.756176437Z  \--------------------------------------------------------------------/
2026-05-24T15:44:50.756183978Z  
2026-05-24T15:44:57.314176107Z  [INFO] Using saved config from `data/config.json` for configuration.
2026-05-24T15:44:57.314226179Z  
2026-05-24T15:44:57.577739387Z  [WARNING] The following environment variables are being overridden by the config.json file.
2026-05-24T15:44:57.577765655Z  [WARNING] Please use the admin panel to make changes to them:
2026-05-24T15:44:57.577769876Z  [WARNING] DOMAIN
2026-05-24T15:44:57.577772939Z  
2026-05-24T15:45:07.256681547Z  [24-05-2026 17:45:06.857][start][INFO] Rocket has launched from http://0.0.0.0:80
2026-05-24T15:45:31.584098904Z  [24-05-2026 17:45:31.583][request][INFO] GET /notifications/hub?access_token=<token>
2026-05-24T15:45:31.693661842Z  [24-05-2026 17:45:31.693][vaultwarden::api::notifications][INFO] Accepting Rocket WS connection from <ip>
2026-05-24T15:45:31.730626417Z  [24-05-2026 17:45:31.730][response][INFO] (websockets_hub) GET /notifications/hub?<data..> => 200 OK
2026-05-24T15:45:38.766428734Z  [24-05-2026 17:45:38.766][request][INFO] GET /api/devices/knowndevice
2026-05-24T15:45:38.891513340Z  [24-05-2026 17:45:38.891][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
2026-05-24T15:45:41.233442947Z  [24-05-2026 17:45:41.233][request][INFO] POST /identity/accounts/prelogin/password
2026-05-24T15:45:41.250057780Z  [24-05-2026 17:45:41.249][request][INFO] GET /api/devices/knowndevice
2026-05-24T15:45:41.250705977Z  [24-05-2026 17:45:41.250][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
2026-05-24T15:45:41.323257274Z  [24-05-2026 17:45:41.323][response][INFO] (prelogin_password) POST /identity/accounts/prelogin/password => 200 OK
2026-05-24T15:45:48.796717312Z  [24-05-2026 17:45:48.796][request][INFO] POST /identity/connect/token
2026-05-24T15:45:50.297092431Z  [24-05-2026 17:45:50.296][error][ERROR] 2FA token not provided
2026-05-24T15:45:50.297118360Z  [24-05-2026 17:45:50.297][response][INFO] (login) POST /identity/connect/token => 400 Bad Request

Screenshots or Videos

No response

Additional Context

No response

Originally created by @loubexos on GitHub (May 24, 2026). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7249 ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.36.0 * Web-vault version: v2026.4.1 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: SQLite * Database version: 3.51.3 * Uses config.json: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * TZ environment: Europe/Berlin * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: false ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN **Failed HTTP Checks:** ```yaml HTTP error responses: Response to: 404 (Not Found) HTML is invalid Response to: 404 (Not Found) JSON is invalid Response to: 400 (Bad Request) is invalid Response to: 401 (Unauthorized) is invalid Response to: 403 (Forbidden) is invalid ``` **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_idle_timeout": 600, "database_max_conns": 10, "database_min_conns": 2, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": true, "disable_admin_token": false, "disable_icon_download": false, "dns_prefer_ipv6": false, "domain": "*****://******************", "domain_origin": "*****://******************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%d-%m-%Y %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "purge_incomplete_sso_auth": "0 20 0 * * *", "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": true, "signups_domains_whitelist": "************", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": "Plain", "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "********************", "smtp_from_name": "********", "smtp_host": "************", "smtp_password": "***", "smtp_port": 465, "smtp_security": "force_tls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "********************", "sso_allow_unknown_email_verification": false, "sso_audience_trusted": null, "sso_auth_only_not_session": false, "sso_authority": "", "sso_authorize_extra_params": "", "sso_callback_path": "*****://***********************************************", "sso_client_cache_expiration": 0, "sso_client_id": "", "sso_client_secret": "***", "sso_debug_tokens": false, "sso_enabled": false, "sso_master_password_policy": null, "sso_only": false, "sso_pkce": true, "sso_scopes": "email profile", "sso_signups_match_email": true, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.36.0 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy Newtv 1.12.5 (Traefik) ### Host/Server Operating System Linux ### Operating System Version Debian 12 ### Clients Android, Browser Extension, Web Vault ### Client Version Firefox Extension: 2026.4.0, Android: 2026.4.2 (21562) ### Steps To Reproduce 1. Download Official Vaultwarden Server 2. Create User and Use 2fa 3. Try to log in ### Expected Result Login is not working ### Actual Result Login is not working ### Logs ```text 2026-05-24T15:44:50.603946941Z /--------------------------------------------------------------------\ 2026-05-24T15:44:50.756057074Z | Starting Vaultwarden | 2026-05-24T15:44:50.756100783Z | Version 1.36.0 | 2026-05-24T15:44:50.756113668Z |--------------------------------------------------------------------| 2026-05-24T15:44:50.756122754Z | This is an *unofficial* Bitwarden implementation, DO NOT use the | 2026-05-24T15:44:50.756130547Z | official channels to report bugs/features, regardless of client. | 2026-05-24T15:44:50.756139238Z | Send usage/configuration questions or feature requests to: | 2026-05-24T15:44:50.756146880Z | https://github.com/dani-garcia/vaultwarden/discussions or | 2026-05-24T15:44:50.756154853Z | https://vaultwarden.discourse.group/ | 2026-05-24T15:44:50.756162059Z | Report suspected bugs/issues in the software itself at: | 2026-05-24T15:44:50.756169176Z | https://github.com/dani-garcia/vaultwarden/issues/new | 2026-05-24T15:44:50.756176437Z \--------------------------------------------------------------------/ 2026-05-24T15:44:50.756183978Z 2026-05-24T15:44:57.314176107Z [INFO] Using saved config from `data/config.json` for configuration. 2026-05-24T15:44:57.314226179Z 2026-05-24T15:44:57.577739387Z [WARNING] The following environment variables are being overridden by the config.json file. 2026-05-24T15:44:57.577765655Z [WARNING] Please use the admin panel to make changes to them: 2026-05-24T15:44:57.577769876Z [WARNING] DOMAIN 2026-05-24T15:44:57.577772939Z 2026-05-24T15:45:07.256681547Z [24-05-2026 17:45:06.857][start][INFO] Rocket has launched from http://0.0.0.0:80 2026-05-24T15:45:31.584098904Z [24-05-2026 17:45:31.583][request][INFO] GET /notifications/hub?access_token=<token> 2026-05-24T15:45:31.693661842Z [24-05-2026 17:45:31.693][vaultwarden::api::notifications][INFO] Accepting Rocket WS connection from <ip> 2026-05-24T15:45:31.730626417Z [24-05-2026 17:45:31.730][response][INFO] (websockets_hub) GET /notifications/hub?<data..> => 200 OK 2026-05-24T15:45:38.766428734Z [24-05-2026 17:45:38.766][request][INFO] GET /api/devices/knowndevice 2026-05-24T15:45:38.891513340Z [24-05-2026 17:45:38.891][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK 2026-05-24T15:45:41.233442947Z [24-05-2026 17:45:41.233][request][INFO] POST /identity/accounts/prelogin/password 2026-05-24T15:45:41.250057780Z [24-05-2026 17:45:41.249][request][INFO] GET /api/devices/knowndevice 2026-05-24T15:45:41.250705977Z [24-05-2026 17:45:41.250][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK 2026-05-24T15:45:41.323257274Z [24-05-2026 17:45:41.323][response][INFO] (prelogin_password) POST /identity/accounts/prelogin/password => 200 OK 2026-05-24T15:45:48.796717312Z [24-05-2026 17:45:48.796][request][INFO] POST /identity/connect/token 2026-05-24T15:45:50.297092431Z [24-05-2026 17:45:50.296][error][ERROR] 2FA token not provided 2026-05-24T15:45:50.297118360Z [24-05-2026 17:45:50.297][response][INFO] (login) POST /identity/connect/token => 400 Bad Request ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_
GiteaMirror added the bug label 2026-06-17 09:54:12 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#30150