OTP code not accepted when login with device #846

New Issue

MrUnknownDE · 2026-04-06T00:00:31+02:00

MrUnknownDE commented

2026-04-06 00:00:31 +02:00

Originally created by @pquantin on 11/12/2024

Vaultwarden Support String

Your environment (Generated via diagnostics page)

Vaultwarden version: v1.32.4-ba48ca68
Web-vault version: v2024.6.2c
OS/Arch: linux/x86_64
Running within a container: true (Base: Alpine)
Environment settings overridden: true
Uses a reverse proxy: true
IP Header check: true (X-Real-IP)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Database type: SQLite
Database version: 3.47.0
Clients used:
Reverse proxy and version:
Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: ADMIN_TOKEN, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://************************",
  "domain_origin": "*****://************************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "fido2-vault-credentials",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": "/data/vaultwarden.log",
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": true,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "push_enabled": true,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "************************",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "**************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "************************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": 30,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": "96472",
  "yubico_secret_key": "***",
  "yubico_server": null
}

Vaultwarden Build Version

1.32.4-ba48ca68

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Synology reverse proxy

Host/Server Operating System

Linux

Operating System Version

Synology DSM 7.2.2

Clients

Web Vault

Client Version

No response

Steps To Reproduce

when trying to connect using 'login with device' and entering the OTP code, the following 'Auth request not found. Try again..' error appears in the log.

Expected Result

OTP code is accepted when using login with device

Actual Result

OTP code is systematically rejected when using login with device

Logs

[2024-11-12 14:17:39.082][request][INFO] POST /api/auth-requests/
[2024-11-12 14:17:39.084][response][INFO] (post_auth_request) POST /api/auth-requests => 200 OK
[2024-11-12 14:17:39.108][request][INFO] GET /notifications/anonymous-hub?Token=77dc6812-229c-407c-bb54-
[2024-11-12 14:17:39.108][vaultwarden::api::notifications][INFO] Accepting Anonymous Rocket WS connection from 192.168.0.1
[2024-11-12 14:17:39.108][response][INFO] (anonymous_websockets_hub) GET /notifications/anonymous-hub?<token..> => 200 OK
[2024-11-12 14:17:48.281][request][INFO] GET /api/auth-requests/
[2024-11-12 14:17:48.282][response][INFO] (get_auth_requests) GET /api/auth-requests => 200 OK
[2024-11-12 14:17:49.289][request][INFO] GET /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae
[2024-11-12 14:17:49.291][response][INFO] (get_auth_request) GET /api/auth-requests/<uuid> => 200 OK
[2024-11-12 14:17:50.572][request][INFO] GET /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae
[2024-11-12 14:17:50.573][response][INFO] (get_auth_request) GET /api/auth-requests/<uuid> => 200 OK
[2024-11-12 14:17:50.941][request][INFO] PUT /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae
[2024-11-12 14:17:50.942][response][INFO] (put_auth_request) PUT /api/auth-requests/<uuid> => 200 OK
[2024-11-12 14:17:50.991][request][INFO] GET /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae/response?code=5DF3rdPrDikuBbFWazAccABA4
[2024-11-12 14:17:50.991][response][INFO] (get_auth_request_response) GET /api/auth-requests/<uuid>/response?<code> => 200 OK
[2024-11-12 14:17:51.134][request][INFO] POST /identity/connect/token
[2024-11-12 14:17:51.136][error][ERROR] 2FA token not provided
[2024-11-12 14:17:51.136][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2024-11-12 14:17:51.200][vaultwarden::api::notifications][INFO] Closing WS connection from 192.168.0.1
[2024-11-12 14:17:51.240][request][INFO] GET /api/auth-requests/
[2024-11-12 14:17:51.241][response][INFO] (get_auth_requests) GET /api/auth-requests => 200 OK
[2024-11-12 14:18:12.880][request][INFO] POST /identity/connect/token
[2024-11-12 14:18:12.881][vaultwarden::api::identity][ERROR] Auth request not found. Try again.. IP: 192.168.0.1. Username: XXX@XXX.com.
[2024-11-12 14:18:12.881][response][INFO] (login) POST /identity/connect/token => 400 Bad Request

Screenshots or Videos

No response

Additional Context

No response

*Originally created by @pquantin on 11/12/2024* ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.32.4-ba48ca68 * Web-vault version: v2024.6.2c * OS/Arch: linux/x86_64 * Running within a container: true (Base: Alpine) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.47.0 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ADMIN_TOKEN, YUBICO_CLIENT_ID, YUBICO_SECRET_KEY ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://************************", "domain_origin": "*****://************************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "fido2-vault-credentials", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": "/data/vaultwarden.log", "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": true, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 100000, "push_enabled": true, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "************************", "smtp_from_name": "Vaultwarden", "smtp_host": "**************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "************************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": 30, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": "96472", "yubico_secret_key": "***", "yubico_server": null } ``` </details> ### Vaultwarden Build Version 1.32.4-ba48ca68 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy Synology reverse proxy ### Host/Server Operating System Linux ### Operating System Version Synology DSM 7.2.2 ### Clients Web Vault ### Client Version _No response_ ### Steps To Reproduce when trying to connect using 'login with device' and entering the OTP code, the following 'Auth request not found. Try again..' error appears in the log. ### Expected Result OTP code is accepted when using login with device ### Actual Result OTP code is systematically rejected when using login with device ### Logs ```text [2024-11-12 14:17:39.082][request][INFO] POST /api/auth-requests/ [2024-11-12 14:17:39.084][response][INFO] (post_auth_request) POST /api/auth-requests => 200 OK [2024-11-12 14:17:39.108][request][INFO] GET /notifications/anonymous-hub?Token=77dc6812-229c-407c-bb54- [2024-11-12 14:17:39.108][vaultwarden::api::notifications][INFO] Accepting Anonymous Rocket WS connection from 192.168.0.1 [2024-11-12 14:17:39.108][response][INFO] (anonymous_websockets_hub) GET /notifications/anonymous-hub?<token..> => 200 OK [2024-11-12 14:17:48.281][request][INFO] GET /api/auth-requests/ [2024-11-12 14:17:48.282][response][INFO] (get_auth_requests) GET /api/auth-requests => 200 OK [2024-11-12 14:17:49.289][request][INFO] GET /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae [2024-11-12 14:17:49.291][response][INFO] (get_auth_request) GET /api/auth-requests/<uuid> => 200 OK [2024-11-12 14:17:50.572][request][INFO] GET /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae [2024-11-12 14:17:50.573][response][INFO] (get_auth_request) GET /api/auth-requests/<uuid> => 200 OK [2024-11-12 14:17:50.941][request][INFO] PUT /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae [2024-11-12 14:17:50.942][response][INFO] (put_auth_request) PUT /api/auth-requests/<uuid> => 200 OK [2024-11-12 14:17:50.991][request][INFO] GET /api/auth-requests/77dc6812-229c-407c-bb54-1894514f18ae/response?code=5DF3rdPrDikuBbFWazAccABA4 [2024-11-12 14:17:50.991][response][INFO] (get_auth_request_response) GET /api/auth-requests/<uuid>/response?<code> => 200 OK [2024-11-12 14:17:51.134][request][INFO] POST /identity/connect/token [2024-11-12 14:17:51.136][error][ERROR] 2FA token not provided [2024-11-12 14:17:51.136][response][INFO] (login) POST /identity/connect/token => 400 Bad Request [2024-11-12 14:17:51.200][vaultwarden::api::notifications][INFO] Closing WS connection from 192.168.0.1 [2024-11-12 14:17:51.240][request][INFO] GET /api/auth-requests/ [2024-11-12 14:17:51.241][response][INFO] (get_auth_requests) GET /api/auth-requests => 200 OK [2024-11-12 14:18:12.880][request][INFO] POST /identity/connect/token [2024-11-12 14:18:12.881][vaultwarden::api::identity][ERROR] Auth request not found. Try again.. IP: 192.168.0.1. Username: XXX@XXX.com. [2024-11-12 14:18:12.881][response][INFO] (login) POST /identity/connect/token => 400 Bad Request ``` ### Screenshots or Videos _No response_ ### Additional Context _No response_

MrUnknownDE closed this issue

2026-04-06 00:00:31 +02:00

Sign in to join this conversation.

No Label bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug bug

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github/vaultwarden#846