Implement "login with device" #1582

New Issue

MrUnknownDE · 2026-04-06T02:03:24+02:00

MrUnknownDE commented

2026-04-06 02:03:24 +02:00

Originally created by @quexten on 6/17/2023

This is a very WIP pull-request for login-with-device. To run this, you need a new client version, for the web client this is 2023.06 (or latest master as of today) since login-with-device was disabled for self-hosted installations previously.

Basic login-with-device on WebSocket clients (desktop/web/webextension) works, but there is still quite some work to be done.
Screencast from 2023-06-17 23-53-39.webm

This PR implements a few components to make the login-with-device work, each still partially incomplete.

A few new rocket endpoints for adding / updating requests (mostly done, some request validation / responses missing)
A new database table for keeping the auth_requests (only done for sqlite)
A new websocket endpoint for anonymous connections (needed for the login-with-device feature, this duplicates some code but I didn't know how to structure it better in this case)
Some changes to the password_login. To finish the login-with-device, a regular password-login request to '/identity/connect/token' is made, with an additional field in the body, "authRequest", this contains the UUID of the authrequest, the password is the authCode from the passwordless login-request instead of the actual masterpasswordhash.

Aside from the points missing mentioned above, mobile push is not implemented yet, and a lot of code clean-up needs to be done.

Feel free to comment general comments, keep in mind the PR is very WIP so a lot of parts are missing and there is a lot of clean-up to be done.

I will squash the PR when it is done.

*Originally created by @quexten on 6/17/2023* This is a **very WIP** pull-request for login-with-device. To run this, you need a new client version, for the web client this is 2023.06 (or latest master as of today) since login-with-device was disabled for self-hosted installations previously. Basic login-with-device on WebSocket clients (desktop/web/webextension) works, but there is still quite some work to be done. [Screencast from 2023-06-17 23-53-39.webm](https://github.com/dani-garcia/vaultwarden/assets/11866552/88a9360f-483a-4bcb-9e8f-58a264f2457e) This PR implements a few components to make the login-with-device work, each still partially incomplete. - A few new rocket endpoints for adding / updating requests (mostly done, some request validation / responses missing) - A new database table for keeping the auth_requests (only done for sqlite) - A new websocket endpoint for anonymous connections (needed for the login-with-device feature, this duplicates some code but I didn't know how to structure it better in this case) - Some changes to the password_login. To finish the login-with-device, a regular password-login request to '/identity/connect/token' is made, with an additional field in the body, "authRequest", this contains the UUID of the authrequest, the password is the authCode from the passwordless login-request instead of the actual masterpasswordhash. Aside from the points missing mentioned above, mobile push is not implemented yet, and a lot of code clean-up needs to be done. Feel free to comment general comments, keep in mind the PR is very WIP so a lot of parts are missing and there is a lot of clean-up to be done. I will squash the PR when it is done.

MrUnknownDE closed this issue

2026-04-06 02:03:24 +02:00

Sign in to join this conversation.

No Label

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#1582