"The provided code is not valid or has expired." #3902

New Issue

Closed

opened 2026-02-05 07:48:56 +03:00 by OVERLORD · 6 comments

OVERLORD commented 2026-02-05 07:48:56 +03:00

Owner

Copy Link

Originally created by @b3nd1k on GitHub (Jul 5, 2023).

Attempted Debugging

• I have read the debugging page

Searched GitHub Issues

• I have searched GitHub for the issue.

Describe the Scenario

I haven't logged into Bookstack for a few weeks and when I tried to log in today I get a message saying "The provided code is not valid or has expired" when I input the 2FA code generated by Bitwarden. It has worked fine up until now, but now I am not able to log in.

It doesen't seem to be that Bitwarden has messed with my 2FA codes either as BookStack seems to be the only app I have issues with. Is there a way for me to edit a text file to disable 2FA or do something else to gain access?

Exact BookStack Version

latest

Log Content

No errors in the log

PHP Version

Unsure

Hosting Environment

Docker on Unraid Server

Originally created by @b3nd1k on GitHub (Jul 5, 2023). ### Attempted Debugging - [X] I have read the debugging page ### Searched GitHub Issues - [X] I have searched GitHub for the issue. ### Describe the Scenario I haven't logged into Bookstack for a few weeks and when I tried to log in today I get a message saying "The provided code is not valid or has expired" when I input the 2FA code generated by Bitwarden. It has worked fine up until now, but now I am not able to log in. It doesen't seem to be that Bitwarden has messed with my 2FA codes either as BookStack seems to be the only app I have issues with. Is there a way for me to edit a text file to disable 2FA or do something else to gain access? ### Exact BookStack Version latest ### Log Content No errors in the log ### PHP Version Unsure ### Hosting Environment Docker on Unraid Server

OVERLORD added the 🐕 Support label 2026-02-05 07:48:56 +03:00

OVERLORD closed this issue 2026-02-05 07:48:57 +03:00

OVERLORD commented 2026-02-05 07:49:04 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 5, 2023):

Hi @b3nd1k,
This is most commonly caused by the BookStack host time not being current, since TOTP MFA codes are time dependant.
It'd be worth checking the time within the docker container to check if it's correct.

For resetting MFA, we provide a command as detailed here:
https://www.bookstackapp.com/docs/admin/commands/#reset-user-mfa-methods

@ssddanbrown commented on GitHub (Jul 5, 2023): Hi @b3nd1k, This is most commonly caused by the BookStack host time not being current, since TOTP MFA codes are time dependant. It'd be worth checking the time within the docker container to check if it's correct. For resetting MFA, we provide a command as detailed here: https://www.bookstackapp.com/docs/admin/commands/#reset-user-mfa-methods

OVERLORD commented 2026-02-05 07:49:11 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Jul 18, 2023):

Since there's been no further follow up or response to the above I'll close this off.

@ssddanbrown commented on GitHub (Jul 18, 2023): Since there's been no further follow up or response to the above I'll close this off.

OVERLORD commented 2026-02-05 07:49:14 +03:00

Author

Owner

Copy Link

@alexanderharm commented on GitHub (Oct 18, 2023):

I had the same issue with Bitwarden. I solved it by just copying the secret of the provided URL. So instead of using

otpauth://totp/BookStack:admin%40admin.com?secret=ABCDEFGHIJKLMN&issuer=BookStack&algorithm=SHA1&digits=6&period=30

I simply used ABCDEFGHIJKLMN. Then it worked.

Just make sure you setup the time correctly as well (APP_TIMEZONE).

@alexanderharm commented on GitHub (Oct 18, 2023): I had the same issue with Bitwarden. I solved it by just copying the secret of the provided URL. So instead of using `otpauth://totp/BookStack:admin%40admin.com?secret=ABCDEFGHIJKLMN&issuer=BookStack&algorithm=SHA1&digits=6&period=30` I simply used `ABCDEFGHIJKLMN`. Then it worked. Just make sure you setup the time correctly as well (`APP_TIMEZONE`).

OVERLORD commented 2026-02-05 07:49:15 +03:00

Author

Owner

Copy Link

@kekonn commented on GitHub (Apr 4, 2024):

This worked for me as well!

@ssddanbrown sorry to ping you from an old issue, but the QR code and URL you generate seem to be incompatible with Bitwarden. If I just copy the secret part of the url into Bitwarden, my code is accepted. If I copy the entire url, it is not.

I also tried scanning the generated QR code, but the Bitwarden app won't even recognize it as a TOTP code. I did a quick google search to see if Bitwarden specifies the format it expects, but couldn't find it.

@kekonn commented on GitHub (Apr 4, 2024): This worked for me as well! @ssddanbrown sorry to ping you from an old issue, but the QR code and URL you generate seem to be incompatible with Bitwarden. If I just copy the secret part of the url into Bitwarden, my code is accepted. If I copy the entire url, it is not. I also tried scanning the generated QR code, but the Bitwarden app won't even recognize it as a TOTP code. I did a quick google search to see if Bitwarden specifies the format it expects, but couldn't find it.

OVERLORD commented 2026-02-05 07:49:19 +03:00

Author

Owner

Copy Link

@ssddanbrown commented on GitHub (Apr 4, 2024):

@kekonn If you can find something wrong with our use of standards, that is affecting bitwarden feel free to raise that as an issue but otherwise it's not something I test against since I don't have a bitwarden account, plus TOTP appears to be a premium feature for bitwarden so I'm not keen to pay to test their implementation.

@ssddanbrown commented on GitHub (Apr 4, 2024): @kekonn If you can find something wrong with our use of standards, that is affecting bitwarden feel free to raise that as an issue but otherwise it's not something I test against since I don't have a bitwarden account, plus TOTP appears to be a premium feature for bitwarden so I'm not keen to pay to test their implementation.

OVERLORD commented 2026-02-05 07:49:24 +03:00

Author

Owner

Copy Link

@kekonn commented on GitHub (Apr 4, 2024):

Oh no, I am pretty sure this one is on Bitwarden, but the workaround we've found here, might be worth mentioning in your documentation. I do have Bitwarden premium and I think I log a support ticket for this with them.

@kekonn commented on GitHub (Apr 4, 2024): Oh no, I am pretty sure this one is on Bitwarden, but the workaround we've found here, might be worth mentioning in your documentation. I do have Bitwarden premium and I think I log a support ticket for this with them.

OVERLORD referenced this issue 2026-02-05 09:41:41 +03:00

Use a purpose-built robust slug record to help resolve old links #5118

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

development

further_theme_development

l10n_development

release

llm_only

vectors

v25-11

docker_env

drawio_rendering

user_permissions

ldap_host_failover

svg_image

prosemirror

captcha_example

fix/video-export

v25.12.3

v25.12.2

v25.12.1

v25.12

v25.11.6

v25.11.5

v25.11.4

v24.11.4

v25.11.3

v25.11.2

v25.11.1

v25.11

v25.07.3

v25.07.2

v25.07.1

v25.07

v25.05.2

v25.05.1

v25.05

v25.02.5

v25.02.4

v25.02.3

v25.02.2

v25.02.1

v25.02

v24.12.1

v24.12

v24.10.3

v24.10.2

v24.10.1

v24.10

v24.05.4

v24.05.3

v24.05.2

v24.05.1

v24.05

v24.02.3

v24.02.2

v24.02.1

v24.02

v23.12.3

v23.12.2

v23.12.1

v23.12

v23.10.4

v23.10.3

v23.10.2

v23.10.1

v23.10

v23.08.3

v23.08.2

v23.08.1

v23.08

v23.06.2

v23.06.1

v23.06

v23.05.2

v23.05.1

v23.05

v23.02.3

v23.02.2

v23.02.1

v23.02

v23.01.1

v23.01

v22.11.1

v22.11

v22.10.2

v22.10.1

v22.10

v22.09.1

v22.09

v22.07.3

v22.07.2

v22.07.1

v22.07

v22.06.2

v22.06.1

v22.06

v22.04.2

v22.04.1

v22.04

v22.03.1

v22.03

v22.02.3

v22.02.2

v22.02.1

v22.02

v21.12.5

v21.12.4

v21.12.3

v21.12.2

v21.12.1

v21.12

v21.11.3

v21.11.2

v21.11.1

v21.11

v21.10.3

v21.10.2

v21.10.1

v21.10

v21.08.6

v21.08.5

v21.08.4

v21.08.3

v21.08.2

v21.08.1

v21.08

v21.05.4

v21.05.3

v21.05.2

v21.05.1

v21.05

v21.04.6

v21.04.5

v21.04.4

v21.04.3

v21.04.2

v21.04.1

v21.04

v0.31.8

v0.31.7

v0.31.6

v0.31.5

v0.31.4

v0.31.3

v0.31.2

v0.31.1

v0.31.0

v0.30.7

v0.30.6

v0.30.5

v0.30.4

v0.30.3

v0.30.2

v0.30.1

v0.30.0

v0.29.3

v0.29.2

v0.29.1

v0.29.0

v0.28.3

v0.28.2

v0.28.1

v0.28.0

v0.27.5

v0.27.4

v0.27.3

v0.27.2

v0.27.1

v0.27

v0.26.4

v0.26.3

v0.26.2

v0.26.1

v0.26.0

v0.25.5

v0.25.4

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.3

v0.24.2

v0.24.1

v0.24.0

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.0

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.3

v0.16.2

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.3

v0.14.2

v0.14.1

v0.14.0

v0.13.1

v0.13.0

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.2

v0.8.1

v0.8.0

v0.7.6

v0.7.5

v0.7.4

v0.7.3

0.7.2

v.0.7.1

v0.7.0

v0.6.3

v0.6.2

v0.6.1

v0.6.0

v0.5.0

Labels

Clear labels

🎨 Design

📖 Docs Update

🐛 Bug

🐛 Bug

:cat2:🐈 Possible duplicate

💿 Database

☕ Open to discussion

💻 Front-End

🐕 Support

🚪 Authentication

🌍 Translations

🔌 API Task

🏭 Back-End

⛲ Upstream

🔨 Feature Request

🛠️ Enhancement

🛠️ Enhancement

🛠️ Enhancement

❤️ Happy feedback

🔒 Security

🔍 Pending Validation

💆 UX

📝 WYSIWYG Editor

🌔 Out of scope

🔩 API Request

:octocat: Admin/Meta

🖌️ View Customization

❓ Question

🚀 Priority

🛡️ Blocked

🚚 Export System

♿ A11y

🔧 Maintenance

> Markdown Editor

pull-request

Mirrored from GitHub Pull Request

No Label 🐕 Support

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#3902