[GH-ISSUE #7208] When using 'Log in with device' two notifications are sent to the device (phone) #35595

Closed
opened 2026-07-13 20:25:42 -05:00 by GiteaMirror · 1 comment
Owner

Originally created by @Bartype on GitHub (May 12, 2026).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7208

Prerequisites

Vaultwarden Support String

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.36.0
  • Web-vault version: v2026.4.1
  • OS/Arch: linux/x86_64
  • Running within a container: true (Base: Debian)
  • Database type: SQLite
  • Database version: 3.51.3
  • Uses config.json: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • TZ environment: Europe/Amsterdam
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Websocket Check: true
  • HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Environment settings which are overridden: DOMAIN, ADMIN_TOKEN

Config:

{
  "_duo_akey": null,
  "_enable_duo": true,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "***:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 10,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_idle_timeout": 600,
  "database_max_conns": 10,
  "database_min_conns": 2,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "dns_prefer_ipv6": false,
  "domain": "*****://*********************",
  "domain_origin": "*****://*********************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 600000,
  "purge_incomplete_sso_auth": "0 20 0 * * *",
  "push_enabled": true,
  "push_identity_uri": "https://identity.bitwarden.eu",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://api.bitwarden.eu",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Plain",
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "*******************",
  "smtp_from_name": "***********",
  "smtp_host": "***************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "********",
  "sso_allow_unknown_email_verification": false,
  "sso_audience_trusted": null,
  "sso_auth_only_not_session": false,
  "sso_authority": "*****://*******************",
  "sso_authorize_extra_params": "",
  "sso_callback_path": "*****://**************************************************",
  "sso_client_cache_expiration": 0,
  "sso_client_id": "***********",
  "sso_client_secret": "***",
  "sso_debug_tokens": false,
  "sso_enabled": true,
  "sso_master_password_policy": null,
  "sso_only": false,
  "sso_pkce": true,
  "sso_scopes": "email profile offline_access vaultwarden",
  "sso_signups_match_email": true,
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Vaultwarden Build Version

v1.36.0

Deployment method

Official Container Image

Custom deployment method

vaultwarden "log in with a device" notification is sent two times to mobile device, the second one always immediately after the first one is confirmed, with the same fingerprint phase as the first one. When i deny the notification, there is no second notification.

When i used this option with bitwarden there was just one notification.

Reverse Proxy

NPMplus 2026-04-21-r2

Host/Server Operating System

NAS/SAN

Operating System Version

Qnap QuTS hero h5.2.9.3410 (2026-02-14)

Clients

Android

Client Version

Samsun Galaxy S21, Android 15

Steps To Reproduce

  1. log out web client or browser extension completely
  2. enter e-mail addres into email field
  3. click [Continue]
  4. click [Log in with device]
  5. on mobile device: [Approve login]
  6. The login is approved on the browser extension or web client, that works, but on the mobile device there is a second notification immediatley after the approve of the first one.

Expected Result

Only one notification is needed.

Actual Result

There are always two notifications send. The second one immidiatley after the first one is approved. When i deny the first notification, there is NO second notification.

When i deny the second notification, the mobile app just displays an error. The already approved session stays approved despite this error.

Logs

[2026-05-12 09:18:00.967][request][INFO] POST /api/auth-requests/
[2026-05-12 09:18:00.968][response][INFO] (post_auth_request) POST /api/auth-requests => 200 OK
[2026-05-12 09:18:00.983][request][INFO] GET /notifications/anonymous-hub?Token=123 
[2026-05-12 09:18:00.984][vaultwarden::api::notifications][INFO] Accepting Anonymous Rocket WS connection from 192.168.1.65 
[2026-05-12 09:18:00.984][response][INFO] (anonymous_websockets_hub) GET /notifications/anonymous-hub?<token..> => 200 OK
[2026-05-12 09:18:13.187][request][INFO] GET /api/auth-requests/123 
[2026-05-12 09:18:13.189][response][INFO] (get_auth_request) GET /api/auth-requests/<auth_request_id> => 200 OK
[2026-05-12 09:18:17.679][request][INFO] PUT /api/auth-requests/123 
[2026-05-12 09:18:17.680][response][INFO] (put_auth_request) PUT /api/auth-requests/<auth_request_id> => 200 OK
[2026-05-12 09:18:17.745][request][INFO] GET /api/auth-requests/123/response?code=456
[2026-05-12 09:18:17.745][response][INFO] (get_auth_request_response) GET /api/auth-requests/<auth_request_id>/response?<code> => 200 OK
[2026-05-12 09:18:17.785][request][INFO] POST /identity/connect/token
[2026-05-12 09:18:17.790][vaultwarden::api::identity][INFO] User Ik logged in successfully. IP: 192.168.1.65 
[2026-05-12 09:18:17.790][response][INFO] (login) POST /identity/connect/token => 200 OK
[2026-05-12 09:18:17.852][request][INFO] GET /api/config
[2026-05-12 09:18:17.852][response][INFO] (config) GET /api/config => 200 OK
[2026-05-12 09:18:17.876][request][INFO] GET /notifications/hub?access_token=789 
[2026-05-12 09:18:17.876][vaultwarden::api::notifications][INFO] Accepting Rocket WS connection from 192.168.1.65 
[2026-05-12 09:18:17.876][response][INFO] (websockets_hub) GET /notifications/hub?<data..> => 200 OK
[2026-05-12 09:18:17.889][request][INFO] GET /api/sync
[2026-05-12 09:18:17.947][response][INFO] (sync) GET /api/sync?<data..> => 200 OK
[2026-05-12 09:18:18.451][request][INFO] GET /api/tasks
[2026-05-12 09:18:18.451][response][INFO] (get_tasks) GET /api/tasks => 200 OK
[2026-05-12 09:18:18.953][vaultwarden::api::notifications][INFO] Closing WS connection from 192.168.1.65 
[2026-05-12 09:18:19.016][request][INFO] GET /api/tasks
[2026-05-12 09:18:19.016][response][INFO] (get_tasks) GET /api/tasks => 200 OK
[2026-05-12 09:18:19.094][request][INFO] GET /api/accounts/profile
[2026-05-12 09:18:19.095][response][INFO] (profile) GET /api/accounts/profile => 200 OK
[2026-05-12 09:18:19.098][request][INFO] GET /api/accounts/profile
[2026-05-12 09:18:19.099][response][INFO] (profile) GET /api/accounts/profile => 200 OK

Screenshots or Videos

No response

Additional Context

No response

Originally created by @Bartype on GitHub (May 12, 2026). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/7208 ### Prerequisites - [x] I have searched the existing **Closed _AND_ Open** [Issues](https://github.com/dani-garcia/vaultwarden/issues?q=is%3Aissue%20) **_AND_** [Discussions](https://github.com/dani-garcia/vaultwarden/discussions?discussions_q=) - [x] I have searched and read the [documentation](https://github.com/dani-garcia/vaultwarden/wiki/) ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.36.0 * Web-vault version: v2026.4.1 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: SQLite * Database version: 3.51.3 * Uses config.json: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * TZ environment: Europe/Amsterdam * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Environment settings which are overridden:** DOMAIN, ADMIN_TOKEN **Config:** ```json { "_duo_akey": null, "_enable_duo": true, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "***:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 10, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_idle_timeout": 600, "database_max_conns": 10, "database_min_conns": 2, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "dns_prefer_ipv6": false, "domain": "*****://*********************", "domain_origin": "*****://*********************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 600000, "purge_incomplete_sso_auth": "0 20 0 * * *", "push_enabled": true, "push_identity_uri": "https://identity.bitwarden.eu", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://api.bitwarden.eu", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": "Plain", "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "*******************", "smtp_from_name": "***********", "smtp_host": "***************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "********", "sso_allow_unknown_email_verification": false, "sso_audience_trusted": null, "sso_auth_only_not_session": false, "sso_authority": "*****://*******************", "sso_authorize_extra_params": "", "sso_callback_path": "*****://**************************************************", "sso_client_cache_expiration": 0, "sso_client_id": "***********", "sso_client_secret": "***", "sso_debug_tokens": false, "sso_enabled": true, "sso_master_password_policy": null, "sso_only": false, "sso_pkce": true, "sso_scopes": "email profile offline_access vaultwarden", "sso_signups_match_email": true, "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Vaultwarden Build Version v1.36.0 ### Deployment method Official Container Image ### Custom deployment method vaultwarden "log in with a device" notification is sent two times to mobile device, the second one always immediately after the first one is confirmed, with the same fingerprint phase as the first one. When i deny the notification, there is no second notification. When i used this option with bitwarden there was just one notification. ### Reverse Proxy NPMplus 2026-04-21-r2 ### Host/Server Operating System NAS/SAN ### Operating System Version Qnap QuTS hero h5.2.9.3410 (2026-02-14) ### Clients Android ### Client Version Samsun Galaxy S21, Android 15 ### Steps To Reproduce 1. log out web client or browser extension completely 2. enter e-mail addres into email field 3. click [Continue] 4. click [Log in with device] 5. on mobile device: [Approve login] 6. The login is approved on the browser extension or web client, that works, but on the mobile device there is a second notification immediatley after the approve of the first one. ### Expected Result Only one notification is needed. ### Actual Result There are always two notifications send. The second one immidiatley after the first one is approved. When i deny the first notification, there is NO second notification. When i deny the second notification, the mobile app just displays an error. The already approved session stays approved despite this error. ### Logs ```text [2026-05-12 09:18:00.967][request][INFO] POST /api/auth-requests/ [2026-05-12 09:18:00.968][response][INFO] (post_auth_request) POST /api/auth-requests => 200 OK [2026-05-12 09:18:00.983][request][INFO] GET /notifications/anonymous-hub?Token=123 [2026-05-12 09:18:00.984][vaultwarden::api::notifications][INFO] Accepting Anonymous Rocket WS connection from 192.168.1.65 [2026-05-12 09:18:00.984][response][INFO] (anonymous_websockets_hub) GET /notifications/anonymous-hub?<token..> => 200 OK [2026-05-12 09:18:13.187][request][INFO] GET /api/auth-requests/123 [2026-05-12 09:18:13.189][response][INFO] (get_auth_request) GET /api/auth-requests/<auth_request_id> => 200 OK [2026-05-12 09:18:17.679][request][INFO] PUT /api/auth-requests/123 [2026-05-12 09:18:17.680][response][INFO] (put_auth_request) PUT /api/auth-requests/<auth_request_id> => 200 OK [2026-05-12 09:18:17.745][request][INFO] GET /api/auth-requests/123/response?code=456 [2026-05-12 09:18:17.745][response][INFO] (get_auth_request_response) GET /api/auth-requests/<auth_request_id>/response?<code> => 200 OK [2026-05-12 09:18:17.785][request][INFO] POST /identity/connect/token [2026-05-12 09:18:17.790][vaultwarden::api::identity][INFO] User Ik logged in successfully. IP: 192.168.1.65 [2026-05-12 09:18:17.790][response][INFO] (login) POST /identity/connect/token => 200 OK [2026-05-12 09:18:17.852][request][INFO] GET /api/config [2026-05-12 09:18:17.852][response][INFO] (config) GET /api/config => 200 OK [2026-05-12 09:18:17.876][request][INFO] GET /notifications/hub?access_token=789 [2026-05-12 09:18:17.876][vaultwarden::api::notifications][INFO] Accepting Rocket WS connection from 192.168.1.65 [2026-05-12 09:18:17.876][response][INFO] (websockets_hub) GET /notifications/hub?<data..> => 200 OK [2026-05-12 09:18:17.889][request][INFO] GET /api/sync [2026-05-12 09:18:17.947][response][INFO] (sync) GET /api/sync?<data..> => 200 OK [2026-05-12 09:18:18.451][request][INFO] GET /api/tasks [2026-05-12 09:18:18.451][response][INFO] (get_tasks) GET /api/tasks => 200 OK [2026-05-12 09:18:18.953][vaultwarden::api::notifications][INFO] Closing WS connection from 192.168.1.65 [2026-05-12 09:18:19.016][request][INFO] GET /api/tasks [2026-05-12 09:18:19.016][response][INFO] (get_tasks) GET /api/tasks => 200 OK [2026-05-12 09:18:19.094][request][INFO] GET /api/accounts/profile [2026-05-12 09:18:19.095][response][INFO] (profile) GET /api/accounts/profile => 200 OK [2026-05-12 09:18:19.098][request][INFO] GET /api/accounts/profile [2026-05-12 09:18:19.099][response][INFO] (profile) GET /api/accounts/profile => 200 OK ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_
GiteaMirror added the bug label 2026-07-13 20:25:42 -05:00
Author
Owner

@BlackDex commented on GitHub (May 12, 2026):

Closing this as a duplicate of #6788

The problem is the clients which seem to think they need to handle the auth success response too.

<!-- gh-comment-id:4428699286 --> @BlackDex commented on GitHub (May 12, 2026): Closing this as a duplicate of #6788 The problem is the clients which seem to think they need to handle the auth success response too.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#35595