[GH-ISSUE #7328] Bitwarden desktop client (flatpak) fails to complete login #30170

Closed
opened 2026-06-17 09:55:35 -05:00 by GiteaMirror · 3 comments
Owner

Originally created by @mstarongithub on GitHub (Jun 12, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7328

Prerequisites

Vaultwarden Support String

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.36.0
  • Web-vault version: v2026.4.1
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Alpine)
  • Database type: PostgreSQL
  • Database version: PostgreSQL 18.1 (Debian 18.1-1.pgdg13+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit
  • Uses config.json: false
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Websocket Check: true
  • HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_idle_timeout": 600,
  "database_max_conns": 10,
  "database_min_conns": 2,
  "database_timeout": 30,
  "database_url": "**********://*******************************************************************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "dns_prefer_ipv6": false,
  "domain": "*****://***************",
  "domain_origin": "*****://***************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "ssh-agent-v2,ssh-key-vault-item,mutual-tls",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "purge_incomplete_sso_auth": "0 20 0 * * *",
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "*********",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "******************************",
  "smtp_from_name": "***********",
  "smtp_host": "***************",
  "smtp_password": "***",
  "smtp_port": 465,
  "smtp_security": "force_tls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "******",
  "sso_allow_unknown_email_verification": false,
  "sso_audience_trusted": null,
  "sso_auth_only_not_session": false,
  "sso_authority": "",
  "sso_authorize_extra_params": "",
  "sso_callback_path": "*****://********************************************",
  "sso_client_cache_expiration": 0,
  "sso_client_id": "",
  "sso_client_secret": "***",
  "sso_debug_tokens": false,
  "sso_enabled": false,
  "sso_master_password_policy": null,
  "sso_only": false,
  "sso_pkce": true,
  "sso_scopes": "email profile",
  "sso_signups_match_email": true,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

v1.36.0

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Traefik 3.6.6

Host/Server Operating System

Linux

Operating System Version

Ubuntu 24.04 LTS

Clients

Desktop

Client Version

Deskop v2026.5.0

Steps To Reproduce

  1. Host Vaultwarden instance
  2. Attempt to log in to Bitwarden Desktop with instance

Expected Result

Login succeeds, vault access is granted

Actual Result

Login screen is stuck on the last authentication method (password, totp, webauthn), the completion button is grayed out

Logs

[2026-06-12 10:16:07.211][request][INFO] POST /identity/accounts/prelogin/password
[2026-06-12 10:16:07.216][response][INFO] (prelogin_password) POST /identity/accounts/prelogin/password => 200 OK
[2026-06-12 10:16:12.146][request][INFO] POST /identity/connect/token
[2026-06-12 10:16:12.309][error][ERROR] 2FA token not provided
[2026-06-12 10:16:12.309][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2026-06-12 10:16:29.387][request][INFO] POST /identity/connect/token
[2026-06-12 10:16:29.545][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2026-06-12 10:16:29 UTC IP: [Redacted]
[2026-06-12 10:16:29.545][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2026-06-12 10:16:40.809][request][INFO] POST /identity/connect/token
[2026-06-12 10:16:40.982][vaultwarden::api::identity][INFO] User [Redacted] logged in successfully. IP: [Redacted]
[2026-06-12 10:16:40.982][response][INFO] (login) POST /identity/connect/token => 200 OK

Screenshots or Videos

No response

Additional Context

The same login flow with Bitwarden (bitwarden.com) works as expected. I assume it's a bug with the client, but reporting here first since it's still using a Vaultwarden server

Originally created by @mstarongithub on GitHub (Jun 12, 2026). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7328 ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.36.0 * Web-vault version: v2026.4.1 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Alpine) * Database type: PostgreSQL * Database version: PostgreSQL 18.1 (Debian 18.1-1.pgdg13+2) on x86_64-pc-linux-gnu, compiled by gcc (Debian 14.2.0-19) 14.2.0, 64-bit * Uses config.json: false * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_idle_timeout": 600, "database_max_conns": 10, "database_min_conns": 2, "database_timeout": 30, "database_url": "**********://*******************************************************************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "dns_prefer_ipv6": false, "domain": "*****://***************", "domain_origin": "*****://***************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "ssh-agent-v2,ssh-key-vault-item,mutual-tls", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "purge_incomplete_sso_auth": "0 20 0 * * *", "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": true, "signups_domains_whitelist": "*********", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "******************************", "smtp_from_name": "***********", "smtp_host": "***************", "smtp_password": "***", "smtp_port": 465, "smtp_security": "force_tls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "******", "sso_allow_unknown_email_verification": false, "sso_audience_trusted": null, "sso_auth_only_not_session": false, "sso_authority": "", "sso_authorize_extra_params": "", "sso_callback_path": "*****://********************************************", "sso_client_cache_expiration": 0, "sso_client_id": "", "sso_client_secret": "***", "sso_debug_tokens": false, "sso_enabled": false, "sso_master_password_policy": null, "sso_only": false, "sso_pkce": true, "sso_scopes": "email profile", "sso_signups_match_email": true, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version v1.36.0 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy Traefik 3.6.6 ### Host/Server Operating System Linux ### Operating System Version Ubuntu 24.04 LTS ### Clients Desktop ### Client Version Deskop v2026.5.0 ### Steps To Reproduce 1. Host Vaultwarden instance 2. Attempt to log in to Bitwarden Desktop with instance ### Expected Result Login succeeds, vault access is granted ### Actual Result Login screen is stuck on the last authentication method (password, totp, webauthn), the completion button is grayed out ### Logs ```text [2026-06-12 10:16:07.211][request][INFO] POST /identity/accounts/prelogin/password [2026-06-12 10:16:07.216][response][INFO] (prelogin_password) POST /identity/accounts/prelogin/password => 200 OK [2026-06-12 10:16:12.146][request][INFO] POST /identity/connect/token [2026-06-12 10:16:12.309][error][ERROR] 2FA token not provided [2026-06-12 10:16:12.309][response][INFO] (login) POST /identity/connect/token => 400 Bad Request [2026-06-12 10:16:29.387][request][INFO] POST /identity/connect/token [2026-06-12 10:16:29.545][vaultwarden::api::core::two_factor::authenticator][ERROR] Invalid TOTP code! Server time: 2026-06-12 10:16:29 UTC IP: [Redacted] [2026-06-12 10:16:29.545][response][INFO] (login) POST /identity/connect/token => 400 Bad Request [2026-06-12 10:16:40.809][request][INFO] POST /identity/connect/token [2026-06-12 10:16:40.982][vaultwarden::api::identity][INFO] User [Redacted] logged in successfully. IP: [Redacted] [2026-06-12 10:16:40.982][response][INFO] (login) POST /identity/connect/token => 200 OK ``` ### Screenshots or Videos _No response_ ### Additional Context The same login flow with Bitwarden (bitwarden.com) works as expected. I assume it's a bug with the client, but reporting here first since it's still using a Vaultwarden server
GiteaMirror added the bug label 2026-06-17 09:55:35 -05:00
Author
Owner

@mstarongithub commented on GitHub (Jun 12, 2026):

Some more messing around in the client got me to a state where it thought I was logged in on my vaultwarden account, but failed to load the vault contents

<!-- gh-comment-id:4690292128 --> @mstarongithub commented on GitHub (Jun 12, 2026): Some more messing around in the client got me to a state where it thought I was logged in on my vaultwarden account, but failed to load the vault contents
Author
Owner

@niccrane commented on GitHub (Jun 13, 2026):

I'm am experiencing this with the normal packaged version of the client. I have tried extra/bitwarden 2026.2.1-1 and aur/bitwarden-bin 2026.5.0-1 but both experience the same issue. I'm on Arch Linux.

The login appears to succeed, I get an email saying a new login has occurred and the server logs suggest success but the client just sits there spinning.

Image

I have also deleted all local config and re-setup a fresh with no success.

MacOS, Android and web console clients appear unaffected.

<!-- gh-comment-id:4698269423 --> @niccrane commented on GitHub (Jun 13, 2026): I'm am experiencing this with the normal packaged version of the client. I have tried **extra/bitwarden 2026.2.1-1** and **aur/bitwarden-bin 2026.5.0-1** but both experience the same issue. I'm on Arch Linux. The login appears to succeed, I get an email saying a new login has occurred and the server logs suggest success but the client just sits there spinning. <img width="3200" height="1800" alt="Image" src="https://github.com/user-attachments/assets/7f9fc0c5-4986-43c2-a009-a7564e64ea99" /> I have also deleted all local config and re-setup a fresh with no success. MacOS, Android and web console clients appear unaffected.
Author
Owner

@BlackDex commented on GitHub (Jun 13, 2026):

I'm not seeing any errors in the Vaultwarden logs.

Also, locally i can not reproduce this using the Desktop AppImage version for example.
But also nothing strange using The Arch Linux version.

I would suggest to start the client via the command line so you can see the logs it generates, that might provide some more details.

<!-- gh-comment-id:4698489874 --> @BlackDex commented on GitHub (Jun 13, 2026): I'm not seeing any errors in the Vaultwarden logs. Also, locally i can not reproduce this using the Desktop AppImage version for example. But also nothing strange using The Arch Linux version. I would suggest to start the client via the command line so you can see the logs it generates, that might provide some more details.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#30170