github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-03-12 01:45:56 -05:00
Code Issues 79 Packages Projects Releases 78 Wiki Activity

Login with device not working #5317

New Issue
Closed
opened 2026-03-07 20:19:30 -06:00 by GiteaMirror · 16 comments
GiteaMirror commented 2026-03-07 20:19:30 -06:00
Owner
Copy Link

Originally created by @martinjgrunwald on GitHub (Aug 31, 2023).

Originally assigned to: @BlackDex on GitHub.

Subject of the issue

I have some questions regarding logging in with another device

Deployment environment

Your environment (Generated via diagnostics page)

  • Vaultwarden version: v1.29.2
  • Web-vault version: v2023.7.1
  • OS/Arch: linux/x86_64
  • Running within Docker: true (Base: Debian)
  • Environment settings overridden: true
  • Uses a reverse proxy: true
  • IP Header check: true (X-Real-IP)
  • Internet access: true
  • Internet access via a proxy: false
  • DNS Check: true
  • Browser/Server Time Check: true
  • Server/NTP Time Check: true
  • Domain Configuration Check: true
  • HTTPS Check: true
  • Database type: MySQL
  • Database version: 10.11.5-MariaDB-1:10.11.5+maria~ubu2204
  • Clients used:
  • Reverse proxy and version:
  • Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: ADMIN_TOKEN

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "*****://*******************************************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://******************",
  "domain_origin": "*****://******************",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": "***",
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "push_enabled": false,
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": true,
  "smtp_accept_invalid_hostnames": true,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "******************",
  "smtp_from_name": "BitWarden",
  "smtp_host": "**********",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "***************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

Steps to reproduce

Opening the login page of my vaultwarden instance and typing in my mail address

Expected behaviour

Clicking on login with device, accepting the request and successfully logging in

Actual behaviour

I can only initiate logging in with another device out of a non-incognito Chrome tab. Neither an incognito-tab on Chrome nor any other browser (incognito or not) show me this option.
When I manage to send out a notification I receive this notification on my iPhone or on the Desktop App. I can accept the request but I am not logged in after accepting it.

Originally created by @martinjgrunwald on GitHub (Aug 31, 2023). Originally assigned to: @BlackDex on GitHub. ### Subject of the issue I have some questions regarding logging in with another device ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.29.2 * Web-vault version: v2023.7.1 * OS/Arch: linux/x86_64 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: MySQL * Database version: 10.11.5-MariaDB-1:10.11.5+maria~ubu2204 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ADMIN_TOKEN ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "*****://*******************************************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://******************", "domain_origin": "*****://******************", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "extended_logging": true, "helo_name": null, "hibp_api_key": "***", "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 100000, "push_enabled": false, "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": true, "smtp_accept_invalid_hostnames": true, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "******************", "smtp_from_name": "BitWarden", "smtp_host": "**********", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "***************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> ### Steps to reproduce Opening the login page of my vaultwarden instance and typing in my mail address ### Expected behaviour Clicking on login with device, accepting the request and successfully logging in ### Actual behaviour I can only initiate logging in with another device out of a non-incognito Chrome tab. Neither an incognito-tab on Chrome nor any other browser (incognito or not) show me this option. When I manage to send out a notification I receive this notification on my iPhone or on the Desktop App. I can accept the request but I am not logged in after accepting it.
GiteaMirror added the enhancementbug labels 2026-03-07 20:19:30 -06:00
GiteaMirror commented 2026-03-07 20:19:31 -06:00
Author
Owner
Copy Link

@hydroxycarbamide commented on GitHub (Sep 1, 2023):

I have the same problem. I get the notification and try to accept but I get "We were unable to process your request. Please try again or contact us".

However, it only seems to fail when I use biometrics for unlocking on my Android client.
It seems to work every time I use my master password.

I have deleted my app data and reconnected my account before enabling Approve login requests as recommended in the wiki.

@martinjgrunwald Does it work if you use your master password to unlock your vault on your iPhone before accepting the authentication request?

@hydroxycarbamide commented on GitHub (Sep 1, 2023): I have the same problem. I get the notification and try to accept but I get "We were unable to process your request. Please try again or contact us". However, it only seems to fail when I use biometrics for unlocking on my Android client. It seems to work every time I use my master password. I have deleted my app data and reconnected my account before enabling *Approve login requests* as recommended in the [wiki](https://github.com/dani-garcia/vaultwarden/wiki/Enabling-Mobile-Client-push-notification). @martinjgrunwald Does it work if you use your master password to unlock your vault on your iPhone before accepting the authentication request?
GiteaMirror commented 2026-03-07 20:19:31 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Sep 1, 2023):

First, login with device will only work with a known device. So any incognito, never used before browser will not show that button. You first need to login using a password (and 2fa) before that button will be shown.

Second, it looks like that they made some changes in the new clients. So we need to see what that is, and make changes to support that.

@BlackDex commented on GitHub (Sep 1, 2023): First, login with device will only work with a known device. So any incognito, never used before browser will not show that button. You first need to login using a password (and 2fa) before that button will be shown. Second, it looks like that they made some changes in the new clients. So we need to see what that is, and make changes to support that.
GiteaMirror commented 2026-03-07 20:19:31 -06:00
Author
Owner
Copy Link

@mrwulf commented on GitHub (Sep 1, 2023):

Try fully logging out of the mobile app, log back into the mobile app, and go back into options to use the mobile app to approve login requests. A clean login to the mobile app and now I can approve web and desktop logins from mobile. I'm on android

@mrwulf commented on GitHub (Sep 1, 2023): Try fully logging out of the mobile app, log back into the mobile app, and go back into options to use the mobile app to approve login requests. A clean login to the mobile app and now I can approve web and desktop logins from mobile. I'm on android
GiteaMirror commented 2026-03-07 20:19:31 -06:00
Author
Owner
Copy Link

@stefan0xC commented on GitHub (Sep 1, 2023):

@BlackDex not sure what happens client side but I can at least provide the additional info that we get an empty MasterPasswordHash from the client when using PIN or Biometrics to unlock a mobile app. To recreate the conditions you also need to reboot the device after connecting your app.

I.e. if we turn this String into an Option<String> we could at least return a nicer error
5ab7010c37/src/api/core/accounts.rs (L1093)

@stefan0xC commented on GitHub (Sep 1, 2023): @BlackDex not sure what happens client side but I can at least provide the additional info that we get an empty `MasterPasswordHash` from the client when using PIN or Biometrics to unlock a mobile app. To recreate the conditions you also need to reboot the device after connecting your app. I.e. if we turn this `String` into an `Option<String>` we could at least return a nicer error https://github.com/dani-garcia/vaultwarden/blob/5ab7010c37c6db61d12d10efc8ad38c7266eb920/src/api/core/accounts.rs#L1093
GiteaMirror commented 2026-03-07 20:19:32 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Sep 1, 2023):

Strange that it did worked before. Or, i never tested with biometrics.
It also defeats the whole login with device if you need to login with a password on your phone of course.

@BlackDex commented on GitHub (Sep 1, 2023): Strange that it did worked before. Or, i never tested with biometrics. It also defeats the whole login with device if you need to login with a password on your phone of course.
GiteaMirror commented 2026-03-07 20:19:32 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Sep 1, 2023):

It might have something to do with this:
https://github.com/bitwarden/clients/issues/6156

@BlackDex commented on GitHub (Sep 1, 2023): It might have something to do with this: https://github.com/bitwarden/clients/issues/6156
GiteaMirror commented 2026-03-07 20:19:32 -06:00
Author
Owner
Copy Link

@martinjgrunwald commented on GitHub (Sep 1, 2023):

Try fully logging out of the mobile app, log back into the mobile app, and go back into options to use the mobile app to approve login requests. A clean login to the mobile app and now I can approve web and desktop logins from mobile. I'm on android

I logged out of the BitWarden App on macOS and iOS and afterwards I was able to authenticate in a browser using any of those two. On both of them I logged in using biometrics so that works as well @BlackDex

@martinjgrunwald commented on GitHub (Sep 1, 2023): > Try fully logging out of the mobile app, log back into the mobile app, and go back into options to use the mobile app to approve login requests. A clean login to the mobile app and now I can approve web and desktop logins from mobile. I'm on android I logged out of the BitWarden App on macOS and iOS and afterwards I was able to authenticate in a browser using any of those two. On both of them I logged in using biometrics so that works as well @BlackDex
GiteaMirror commented 2026-03-07 20:19:32 -06:00
Author
Owner
Copy Link

@martinjgrunwald commented on GitHub (Sep 1, 2023):

Can be closed

@martinjgrunwald commented on GitHub (Sep 1, 2023): Can be closed
GiteaMirror commented 2026-03-07 20:19:33 -06:00
Author
Owner
Copy Link

@sbisbilo commented on GitHub (Sep 1, 2023):

Try fully logging out of the mobile app, log back into the mobile app, and go back into options to use the mobile app to approve login requests. A clean login to the mobile app and now I can approve web and desktop logins from mobile. I'm on android

I logged out of the BitWarden App on macOS and iOS and afterwards I was able to authenticate in a browser using any of those two. On both of them I logged in using biometrics so that works as well @BlackDex

Same for me, after logout from iOS app it's working thanks for this feature :)

@sbisbilo commented on GitHub (Sep 1, 2023): > > Try fully logging out of the mobile app, log back into the mobile app, and go back into options to use the mobile app to approve login requests. A clean login to the mobile app and now I can approve web and desktop logins from mobile. I'm on android > > I logged out of the BitWarden App on macOS and iOS and afterwards I was able to authenticate in a browser using any of those two. On both of them I logged in using biometrics so that works as well @BlackDex Same for me, after logout from iOS app it's working thanks for this feature :)
GiteaMirror commented 2026-03-07 20:19:33 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Sep 1, 2023):

I have retested this, and indeed, it seems to work after (again fully cleaning everything or uninstall/re-install the app). Simple logout and login didn't worked, not even with a restart of the phone.

So i had to fully clear all data, and that worked.
@stefan0xC, if we are able to send a nice message, that would be nice, but i'm not sure if that will reach all the stable version users as of now hehe.

We could however create a wiki page maybe which explains these quirks?

@BlackDex commented on GitHub (Sep 1, 2023): I have retested this, and indeed, it seems to work after (again fully cleaning everything or uninstall/re-install the app). Simple logout and login didn't worked, not even with a restart of the phone. So i had to fully clear all data, and that worked. @stefan0xC, if we are able to send a nice message, that would be nice, but i'm not sure if that will reach all the stable version users as of now hehe. We could however create a wiki page maybe which explains these quirks?
GiteaMirror commented 2026-03-07 20:19:33 -06:00
Author
Owner
Copy Link

@stefan0xC commented on GitHub (Sep 1, 2023):

@martinjgrunwald @BlackDex Does it still work after rebooting the device? I've not tested this very extensively but I could reproduce this issue earlier by simply rebooting my Android device. Not sure if this is dependend on some expiration date but if it does not work after a reboot I would not dismiss the issue prematurely.

@stefan0xC commented on GitHub (Sep 1, 2023): @martinjgrunwald @BlackDex Does it still work after rebooting the device? I've not tested this very extensively but I could reproduce this issue earlier by simply rebooting my Android device. Not sure if this is dependend on some expiration date but if it does not work after a reboot I would not dismiss the issue prematurely.
GiteaMirror commented 2026-03-07 20:19:33 -06:00
Author
Owner
Copy Link

@martinjgrunwald commented on GitHub (Sep 1, 2023):

@stefan0xC You are right, after a reboot of my iPhone the issue re-appears

@martinjgrunwald commented on GitHub (Sep 1, 2023): @stefan0xC You are right, after a reboot of my iPhone the issue re-appears
GiteaMirror commented 2026-03-07 20:19:34 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Sep 1, 2023):

Ok, i tested it again, and it breaks again indeed.
We probably want to test this with an official Bitwarden environment to, and see what happens.
Because, if that is the case, it's a bug in the client.

@BlackDex commented on GitHub (Sep 1, 2023): Ok, i tested it again, and it breaks again indeed. We probably want to test this with an official Bitwarden environment to, and see what happens. Because, if that is the case, it's a bug in the client.
GiteaMirror commented 2026-03-07 20:19:34 -06:00
Author
Owner
Copy Link

@catfluoride commented on GitHub (Sep 1, 2023):

Try fully logging out of the mobile app, log back into the mobile app, and go back into options to use the mobile app to approve login requests. A clean login to the mobile app and now I can approve web and desktop logins from mobile. I'm on android

I logged out of the BitWarden App on macOS and iOS and afterwards I was able to authenticate in a browser using any of those two. On both of them I logged in using biometrics so that works as well @BlackDex

It works like this for me in Android as well. Thanks!

@catfluoride commented on GitHub (Sep 1, 2023): > > Try fully logging out of the mobile app, log back into the mobile app, and go back into options to use the mobile app to approve login requests. A clean login to the mobile app and now I can approve web and desktop logins from mobile. I'm on android > > I logged out of the BitWarden App on macOS and iOS and afterwards I was able to authenticate in a browser using any of those two. On both of them I logged in using biometrics so that works as well @BlackDex It works like this for me in Android as well. Thanks!
GiteaMirror commented 2026-03-07 20:19:34 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Sep 1, 2023):

@stefan0xC the masterPasswordHash is optional.
So, we need to change the code to support Option<String> and adjust the databases to allow null.
I just quickly tested this locally and that works just fine.

@BlackDex commented on GitHub (Sep 1, 2023): @stefan0xC the `masterPasswordHash` is optional. So, we need to change the code to support `Option<String>` and adjust the databases to allow `null`. I just quickly tested this locally and that works just fine.
GiteaMirror commented 2026-03-07 20:19:34 -06:00
Author
Owner
Copy Link

@BlackDex commented on GitHub (Sep 1, 2023):

PR Created which should fix this issue #3831

@BlackDex commented on GitHub (Sep 1, 2023): PR Created which should fix this issue #3831
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label bug enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#5317
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?