github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-11 17:41:29 -05:00
Code Issues 79 Packages Projects Releases 78 Wiki Activity

Webauthn security key results in Can't recover login challenge #4714

New Issue
Closed
opened 2026-03-07 19:58:32 -06:00 by GiteaMirror · 24 comments
GiteaMirror commented 2026-03-07 19:58:32 -06:00
Owner
Copy Link

Originally created by @assid2 on GitHub (Jul 6, 2021).

Subject of the issue

Webauthn does not work

Deployment environment

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.22.1
  • Web-vault version: v2.20.4b
  • Running within Docker: true
  • Environment settings overridden: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: PostgreSQL
  • Database version: PostgreSQL 12.7 (Ubuntu 12.7-0ubuntu0.20.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, 64-bit
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY, SMTP_HOST, SMTP_SSL, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "**********://***********:************@***.**.***.**:****/***********",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****.*****.***",
  "domain_origin": "*****://*****.*****.***",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "invitation_org_name": "VaultWarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/bitwarden.log",
  "log_level": "warn",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "******@*****.***,*********@*****.***",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": true,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "*********@*****.***",
  "smtp_from_name": "Bitwarden",
  "smtp_host": "****.*****.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "*********@*****.***",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": "56265",
  "yubico_secret_key": "***",
  "yubico_server": null
}
  • Other relevant details:

Steps to reproduce

Use a registered yubikey to login to your account,

Expected behaviour

Authentication module should verify the key

Actual behaviour

Received error : Can't recover login challenge

Troubleshooting data

[2021-07-06 04:43:55.913][error][ERROR] 2FA token not provided
[2021-07-06 04:44:05.146][error][ERROR] Webauthn.
[CAUSE] UserNotVerified
[2021-07-06 04:44:07.259][vaultwarden::api::core::two_factor::webauthn][ERROR] Can't recover login challenge

Originally created by @assid2 on GitHub (Jul 6, 2021). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> Webauthn does not work ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.22.1 * Web-vault version: v2.20.4b * Running within Docker: true * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: PostgreSQL * Database version: PostgreSQL 12.7 (Ubuntu 12.7-0ubuntu0.20.04.1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, 64-bit * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** DOMAIN, SIGNUPS_ALLOWED, ADMIN_TOKEN, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY, SMTP_HOST, SMTP_SSL, SMTP_PORT, SMTP_FROM, SMTP_USERNAME, SMTP_PASSWORD ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "**********://***********:************@***.**.***.**:****/***********", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.*****.***", "domain_origin": "*****://*****.*****.***", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "invitation_org_name": "VaultWarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/data/bitwarden.log", "log_level": "warn", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "******@*****.***,*********@*****.***", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": true, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "*********@*****.***", "smtp_from_name": "Bitwarden", "smtp_host": "****.*****.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "*********@*****.***", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": "56265", "yubico_secret_key": "***", "yubico_server": null } ``` </details> * Other relevant details: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> Use a registered yubikey to login to your account, ### Expected behaviour <!-- Tell us what you expected to happen --> Authentication module should verify the key ### Actual behaviour <!-- Tell us what actually happened --> Received error : Can't recover login challenge ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data --> [2021-07-06 04:43:55.913][error][ERROR] 2FA token not provided [2021-07-06 04:44:05.146][error][ERROR] Webauthn. [CAUSE] UserNotVerified [2021-07-06 04:44:07.259][vaultwarden::api::core::two_factor::webauthn][ERROR] Can't recover login challenge
GiteaMirror commented 2026-03-07 19:58:33 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jul 7, 2021):

I think i know where the issue is.
3968bc8016/src/db/models/two_factor.rs (L200)

The only thing i do not know is what will happen if we set that to true and what implication it could have.
Does the token you use has any special User Verification capabilities?

@dani-garcia do you know if we can just change that value to true without any issues?

@BlackDex commented on GitHub (Jul 7, 2021): I think i know where the issue is. https://github.com/dani-garcia/vaultwarden/blob/3968bc8016611cdf9a84db68990f27624ab17889/src/db/models/two_factor.rs#L200 The only thing i do not know is what will happen if we set that to true and what implication it could have. Does the token you use has any special User Verification capabilities? @dani-garcia do you know if we can just change that value to true without any issues?
GiteaMirror commented 2026-03-07 19:58:33 -06:00
Author
Owner
Copy Link

@dani-garcia commented on GitHub (Jul 7, 2021):

Setting that value to true will enforce that the client is setting the user_verified flag when authenticating, setting it to false would disable the check instead, so if anything, using false would be the more compatible option.

This is where the check is being done, the only thing I can think of is that the client is setting the UserVerificationPolicy to required but not setting the user_verified flag?
02a99f5341/src/core.rs (L635-L652)

It would help to know which security key and which browser or client is causing the problem.

@dani-garcia commented on GitHub (Jul 7, 2021): Setting that value to true will enforce that the client is setting the user_verified flag when authenticating, setting it to false would disable the check instead, so if anything, using false would be the more compatible option. This is where the check is being done, the only thing I can think of is that the client is setting the UserVerificationPolicy to required but not setting the user_verified flag? https://github.com/kanidm/webauthn-rs/blob/02a99f534127b30c6f4df7f2d42bc24f76dc4211/src/core.rs#L635-L652 It would help to know which security key and which browser or client is causing the problem.
GiteaMirror commented 2026-03-07 19:58:34 -06:00
Author
Owner
Copy Link

@sehraf commented on GitHub (Jul 7, 2021):

It would help to know which security key and which browser or client is causing the problem.

NitroKey FIDO2 + Chrome WebUI
NitroKey FIDO2 + Chrome Browser Extension
YubiKey 4 + Chrome WebUI

Both sticks don't work anymore

@sehraf commented on GitHub (Jul 7, 2021): > It would help to know which security key and which browser or client is causing the problem. NitroKey FIDO2 + Chrome WebUI NitroKey FIDO2 + Chrome Browser Extension YubiKey 4 + Chrome WebUI Both sticks don't work anymore
GiteaMirror commented 2026-03-07 19:58:34 -06:00
Author
Owner
Copy Link

@assid2 commented on GitHub (Jul 7, 2021):

I tried this on Yubikey 5NFC on both Firefox and Chrome.

@assid2 commented on GitHub (Jul 7, 2021): I tried this on Yubikey 5NFC on both Firefox and Chrome.
GiteaMirror commented 2026-03-07 19:58:34 -06:00
Author
Owner
Copy Link

@techsolo12 commented on GitHub (Jul 10, 2021):

I have this error with Yubikey 5C and 5 NFC on Firefox Desktop and Firefox and Chrome mobile Android.

For me the error came after i add a new key. The older ones which are migrated from FIDO works.

@techsolo12 commented on GitHub (Jul 10, 2021): I have this error with Yubikey 5C and 5 NFC on Firefox Desktop and Firefox and Chrome mobile Android. For me the error came after i add a new key. The older ones which are migrated from FIDO works.
GiteaMirror commented 2026-03-07 19:58:35 -06:00
Author
Owner
Copy Link

@mr-kek commented on GitHub (Jul 10, 2021):

Having the same issue.
Yubikey 5 HFC, Yubikey 5c NFC, Yubikey 5Ci NFC.
I'm on macOS using Safari.
Safari Web extension also has a problem with WebAuthn, works fine with touchid set as WebAuthn
Also tried with Chrome, same problem.

1st login, just says Error, WebAuthn, second login attempt give Error, Can't recover login challenge.

I can confirm that using touch id WebAuthn on safari to log in works, which is nice.

I can use the Yubikey's with the normal Yubikey OTP, but really want WebAuthn working. It hasn't worked for me at all with any version. I just upgraded to the latest vault warden, and I can't remember the error I got before, but now I get the same error as the OP.

@mr-kek commented on GitHub (Jul 10, 2021): Having the same issue. Yubikey 5 HFC, Yubikey 5c NFC, Yubikey 5Ci NFC. I'm on macOS using Safari. Safari Web extension also has a problem with WebAuthn, works fine with touchid set as WebAuthn Also tried with Chrome, same problem. 1st login, just says Error, WebAuthn, second login attempt give Error, Can't recover login challenge. I can confirm that using touch id WebAuthn on safari to log in works, which is nice. I can use the Yubikey's with the normal Yubikey OTP, but really want WebAuthn working. It hasn't worked for me at all with any version. I just upgraded to the latest vault warden, and I can't remember the error I got before, but now I get the same error as the OP.
GiteaMirror commented 2026-03-07 19:58:35 -06:00
Author
Owner
Copy Link

@tars-mistaike commented on GitHub (Jul 12, 2021):

+1 I have this issue on Safari and Chrome with Solokey. TouchID does indeed work, though if you delete and recreate TouchID you have to give it a different name in Vaultwarden. Reusing breaks it.

FaceID also works if you log into the web on the iPhone, which is cool.

@tars-mistaike commented on GitHub (Jul 12, 2021): +1 I have this issue on Safari and Chrome with Solokey. TouchID does indeed work, though if you delete and recreate TouchID you have to give it a different name in Vaultwarden. Reusing breaks it. FaceID also works if you log into the web on the iPhone, which is cool.
GiteaMirror commented 2026-03-07 19:58:35 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jul 14, 2021):

@assid2, have you tried yet to name the keys something with some gibberish name? And see if that solves it?

@BlackDex commented on GitHub (Jul 14, 2021): @assid2, have you tried yet to name the keys something with some gibberish name? And see if that solves it?
GiteaMirror commented 2026-03-07 19:58:36 -06:00
Author
Owner
Copy Link

@coalfield commented on GitHub (Jul 14, 2021):

+1 same issue with a similar synology docker setup, they key itself adds in fine but when logging in it fails. Using Yubikey Nano 5. Noticed I am getting UserNotVerified too?

[error][ERROR] 2FA token not provided
[error][ERROR] Webauthn.
[CAUSE] UserNotVerified
[vaultwarden::api::core::two_factor::webauthn][ERROR] Can't recover login challenge
@coalfield commented on GitHub (Jul 14, 2021): +1 same issue with a similar synology docker setup, they key itself adds in fine but when logging in it fails. Using Yubikey Nano 5. Noticed I am getting UserNotVerified too? ``` [error][ERROR] 2FA token not provided [error][ERROR] Webauthn. [CAUSE] UserNotVerified [vaultwarden::api::core::two_factor::webauthn][ERROR] Can't recover login challenge ```
GiteaMirror commented 2026-03-07 19:58:36 -06:00
Author
Owner
Copy Link

@coalfield commented on GitHub (Jul 14, 2021):

So after playing around with some of the config, this is miraculously is now working. At first I removed all the WebAuth keys, then added a gibberish name as @BlackDex suggested, and it worked. Then removed again and called it Nano 5 and that's also now working. Not sure if its linked or fluke. Of note I am still getting this (and only this) on the log:

[error][ERROR] 2FA token not provided

@coalfield commented on GitHub (Jul 14, 2021): So after playing around with some of the config, this is miraculously is now working. At first I removed all the WebAuth keys, then added a gibberish name as @BlackDex suggested, and it worked. Then removed again and called it Nano 5 and that's also now working. Not sure if its linked or fluke. Of note I am still getting this (and only this) on the log: `[error][ERROR] 2FA token not provided`
GiteaMirror commented 2026-03-07 19:58:37 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jul 15, 2021):

Ok, good to know. It could be that there is something within the cache which is causing this somehow. Not sure. But @assid2, if you could test this too that would be great.

@coalfield that message is normal during first login if I'm correct.
Nothing to worry about.

@BlackDex commented on GitHub (Jul 15, 2021): Ok, good to know. It could be that there is something within the cache which is causing this somehow. Not sure. But @assid2, if you could test this too that would be great. @coalfield that message is normal during first login if I'm correct. Nothing to worry about.
GiteaMirror commented 2026-03-07 19:58:37 -06:00
Author
Owner
Copy Link

@mr-kek commented on GitHub (Jul 15, 2021):

I tried gibberish, and same problem for me. Still doesn't work

@mr-kek commented on GitHub (Jul 15, 2021): I tried gibberish, and same problem for me. Still doesn't work
GiteaMirror commented 2026-03-07 19:58:38 -06:00
Author
Owner
Copy Link

@coalfield commented on GitHub (Jul 15, 2021):

I tried gibberish, and same problem for me. Still doesn't work

Does it pop up and ask for a pin even? As mine was not doing that when it was not working. Are you running on Synology by chance? If so can try to remember the changes I made prior to it fixing itself on config

@coalfield commented on GitHub (Jul 15, 2021): > I tried gibberish, and same problem for me. Still doesn't work Does it pop up and ask for a pin even? As mine was not doing that when it was not working. Are you running on Synology by chance? If so can try to remember the changes I made prior to it fixing itself on config
GiteaMirror commented 2026-03-07 19:58:38 -06:00
Author
Owner
Copy Link

@mr-kek commented on GitHub (Jul 15, 2021):

I tried gibberish, and same problem for me. Still doesn't work

Does it pop up and ask for a pin even? As mine was not doing that when it was not working. Are you running on Synology by chance? If so can try to remember the changes I made prior to it fixing itself on config

yes, running on a Synology, and yes it's asking for a pin every time.

@mr-kek commented on GitHub (Jul 15, 2021): > > I tried gibberish, and same problem for me. Still doesn't work > > Does it pop up and ask for a pin even? As mine was not doing that when it was not working. Are you running on Synology by chance? If so can try to remember the changes I made prior to it fixing itself on config yes, running on a Synology, and yes it's asking for a pin every time.
GiteaMirror commented 2026-03-07 19:58:38 -06:00
Author
Owner
Copy Link

@assid2 commented on GitHub (Jul 15, 2021):

Ok here is something I tried, (background info - i had reset my fido pin but shouldn't have any effect here)

  1. I disabled all webauthn keys
  2. re-registered 1 key, named yubi keychain
  3. I logged in with firefox (private browsing), during webauthn it asks for pin , it automatically accepts ONLY 4 characters and auto submits. [ this seems off since pin codes can be longer than 4 characters ].
  • Firefox does login now, ( couldnt before since i had more than 4 character long pin ).
  1. Tried to login with chrome (private browsing), this doesnt work.
@assid2 commented on GitHub (Jul 15, 2021): Ok here is something I tried, (background info - i had reset my fido pin but shouldn't have any effect here) 1. I disabled all webauthn keys 2. re-registered 1 key, named yubi keychain 3. I logged in with firefox (private browsing), during webauthn it asks for pin , it automatically accepts ONLY 4 characters and auto submits. [ this seems off since pin codes can be longer than 4 characters ]. * Firefox does login now, ( couldnt before since i had more than 4 character long pin ). 4. Tried to login with chrome (private browsing), this doesnt work.
GiteaMirror commented 2026-03-07 19:58:39 -06:00
Author
Owner
Copy Link

@coalfield commented on GitHub (Jul 16, 2021):

@coalfield that message is normal during first login if I'm correct.

Good to know. Not sure the reason for it... not liking seeing [error] in the logs :(

@coalfield commented on GitHub (Jul 16, 2021): > @coalfield that message is normal during first login if I'm correct. Good to know. Not sure the reason for it... not liking seeing [error] in the logs :(
GiteaMirror commented 2026-03-07 19:58:39 -06:00
Author
Owner
Copy Link

@szorlowski commented on GitHub (Jul 20, 2021):

Ok guys. I've got a same issue and I couldn't solve that BUT for me the issue occurs only on windows.
I've tried that on 3 machines with linux (mint20) and it worked well.

I tried to disable antivirus and firewall but it didn't help. Maybe that info may help with solving the issue

EDIT: vaultwarden hosted on raspberry pi. Windows and linuxes were clients.

Summary: all logins on windows were blocked - web, desktop. On linux every login passed

@szorlowski commented on GitHub (Jul 20, 2021): Ok guys. I've got a same issue and I couldn't solve that BUT for me the issue occurs only on windows. I've tried that on 3 machines with linux (mint20) and it worked well. I tried to disable antivirus and firewall but it didn't help. Maybe that info may help with solving the issue EDIT: vaultwarden hosted on raspberry pi. Windows and linuxes were clients. Summary: all logins on windows were blocked - web, desktop. On linux every login passed
GiteaMirror commented 2026-03-07 19:58:39 -06:00
Author
Owner
Copy Link

@coalfield commented on GitHub (Jul 20, 2021):

Ok guys. I've got a same issue and I couldn't solve that BUT for me the issue occurs only on windows.
I've tried that on 3 machines with linux (mint20) and it worked well.

I tried to disable antivirus and firewall but it didn't help. Maybe that info may help with solving the issue

EDIT: vaultwarden hosted on raspberry pi. Windows and linuxes were clients.

Summary: all logins on windows were blocked - web, desktop. On linux every login passed

So with mine the pin Prompt never came up which is windows linked so it does make sense. Have a try removing and adding windows hello with the key. This means removing the pin code and re-adding it. This was definitely one of the things I did between getting the error and the error fixing itself

@coalfield commented on GitHub (Jul 20, 2021): > Ok guys. I've got a same issue and I couldn't solve that BUT for me the issue occurs only on windows. > I've tried that on 3 machines with linux (mint20) and it worked well. > > I tried to disable antivirus and firewall but it didn't help. Maybe that info may help with solving the issue > > EDIT: vaultwarden hosted on raspberry pi. Windows and linuxes were clients. > > Summary: all logins on windows were blocked - web, desktop. On linux every login passed So with mine the pin Prompt never came up which is windows linked so it does make sense. Have a try removing and adding windows hello with the key. This means removing the pin code and re-adding it. This was definitely one of the things I did between getting the error and the error fixing itself
GiteaMirror commented 2026-03-07 19:58:40 -06:00
Author
Owner
Copy Link

@szorlowski commented on GitHub (Jul 22, 2021):

Unfortunately that ⬆️ didn't help but to be honest I was not hoping to. I found very interesting thing. I can log in on windows but with different machine. So there must be an issue with my home windows10 configuration or network config within it.

IMPORTANT: on this 'broken' machine webauthn is working in bitwarden (official). It does not work only on self hosted vaultwarden. I think something somehow is blocking my custom domain but its only a guess

Still checking it and I will inform you guys when I found solution to it

UPDATE: It stopped working everywhere. I have no idea why...

@szorlowski commented on GitHub (Jul 22, 2021): Unfortunately that ⬆️ didn't help but to be honest I was not hoping to. I found very interesting thing. I can log in on windows but with different machine. So there must be an issue with my home windows10 configuration or network config within it. IMPORTANT: on this 'broken' machine webauthn is working in bitwarden (official). It does not work only on self hosted vaultwarden. I think something somehow is blocking my custom domain but its only a guess Still checking it and I will inform you guys when I found solution to it UPDATE: It stopped working everywhere. I have no idea why...
GiteaMirror commented 2026-03-07 19:58:40 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jul 25, 2021):

With some help from @assid2, i think i have fixed this issue. See the linked PR.

@BlackDex commented on GitHub (Jul 25, 2021): With some help from @assid2, i think i have fixed this issue. See the linked PR.
GiteaMirror commented 2026-03-07 19:58:40 -06:00
Author
Owner
Copy Link

@sehraf commented on GitHub (Jul 27, 2021):

I still can't add my NitroKey again, getting the same webauthn error.
Is there anything more to do then updating to 1.22.2?

@sehraf commented on GitHub (Jul 27, 2021): I still can't add my NitroKey again, getting the same webauthn error. Is there anything more to do then updating to 1.22.2?
GiteaMirror commented 2026-03-07 19:58:41 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Jul 28, 2021):

@sehraf could you enable debug logging and provide the logs from during the key registration and login attempt using that key?

@BlackDex commented on GitHub (Jul 28, 2021): @sehraf could you enable debug logging and provide the logs from during the key registration and login attempt using that key?
GiteaMirror commented 2026-03-07 19:58:41 -06:00
Author
Owner
Copy Link

@mr-kek commented on GitHub (Jul 28, 2021):

Can confirm I'm all good now with the new version ((1.22.2). Web Auth all working on macOS in safari with both yubikey and Touch ID.
Very happy. Thanks :)

@mr-kek commented on GitHub (Jul 28, 2021): Can confirm I'm all good now with the new version ((1.22.2). Web Auth all working on macOS in safari with both yubikey and Touch ID. Very happy. Thanks :)
GiteaMirror commented 2026-03-07 19:58:43 -06:00
Author
Owner
Copy Link

@sehraf commented on GitHub (Jul 28, 2021):

I found the error while collecting the logs:

Jul 28 17:12:13 <user> vaultwarden[50946]: [2021-07-28 17:12:13.562][webauthn_rs::core][DEBUG] https://<domain> != https://<domain>/

Apparently i just had to remove the trailing / from my domain environment entry. Now it works!

@sehraf commented on GitHub (Jul 28, 2021): I found the error while collecting the logs: > Jul 28 17:12:13 \<user\> vaultwarden[50946]: [2021-07-28 17:12:13.562][webauthn_rs::core][DEBUG] https://\<domain\> != https://\<domain\>/ Apparently i just had to remove the trailing `/` from my domain environment entry. Now it works!
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#4714
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?