🐛 Bug Report: Not able to use email based login (Says One time access code must be used on the device it was generated for. Please try again.) #581

New Issue

Closed

opened 2026-02-04 20:33:36 +03:00 by OVERLORD · 9 comments

OVERLORD commented 2026-02-04 20:33:36 +03:00

Owner

Copy Link

Originally created by @murtaza-nasir on GitHub (Jan 3, 2026).

Reproduction steps

I just updated to v2. Email based login was working before the update.

Reproduction:

1. open SSO login page
2. Choose alternative sign-in method
3. Choose Email login, enter email, and submit
4. In the email, copy and paste the code, or directly click the sign in button

Expected behavior

It should sign-in to pocket-id or the App using this for SSO

Actual Behavior

Pocket ID Version

v2.0.1

Database

SQLite

OS and Environment

docker managed via portainer on Ubuntu 24.04.3 LTS

Log Output

_pid-pocket-id-1_logs.txt

Originally created by @murtaza-nasir on GitHub (Jan 3, 2026). ### Reproduction steps I just updated to v2. Email based login was working before the update. Reproduction: 1. open SSO login page 2. Choose alternative sign-in method 3. Choose Email login, enter email, and submit 4. In the email, copy and paste the code, or directly click the sign in button ### Expected behavior It should sign-in to pocket-id or the App using this for SSO ### Actual Behavior <img width="736" height="453" alt="Image" src="https://github.com/user-attachments/assets/1c10e5d8-5525-49c8-8054-3494dfa17ec1" /> ### Pocket ID Version v2.0.1 ### Database SQLite ### OS and Environment docker managed via portainer on Ubuntu 24.04.3 LTS ### Log Output [_pid-pocket-id-1_logs.txt](https://github.com/user-attachments/files/24413220/_pid-pocket-id-1_logs.txt)

OVERLORD closed this issue 2026-02-04 20:33:38 +03:00

OVERLORD commented 2026-02-04 20:33:44 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub (Jan 3, 2026):

Are you opening the link from the email in the same browser as you have requested the login code?

@stonith404 commented on GitHub (Jan 3, 2026): Are you opening the link from the email in the same browser as you have requested the login code?

OVERLORD commented 2026-02-04 20:33:53 +03:00

Author

Owner

Copy Link

@daniel100097 commented on GitHub (Jan 3, 2026):

Same issue here, same browser tab.

An generated code via admin works but only if the code does not get sent via email. Maybe my email provider is trying to fetch it ?

@daniel100097 commented on GitHub (Jan 3, 2026): Same issue here, same browser tab. <img width="639" height="526" alt="Image" src="https://github.com/user-attachments/assets/4bc5092d-a38e-4086-a737-549e01c66212" /> <img width="723" height="384" alt="Image" src="https://github.com/user-attachments/assets/e23ded23-8114-4643-8daf-146b41d7abae" /> <img width="759" height="384" alt="Image" src="https://github.com/user-attachments/assets/4b760502-4418-4120-b1e8-2b4666e08585" /> An generated code via admin works but only if the code does not get sent via email. Maybe my email provider is trying to fetch it ?

OVERLORD commented 2026-02-04 20:33:59 +03:00

Author

Owner

Copy Link

@murtaza-nasir commented on GitHub (Jan 3, 2026):

Are you opening the link from the email in the same browser as you have requested the login code?

Yes, it is the same computer, same browser. Ideally, I would like this to work as long as I have the code (like it works with services like Claude etc).

@murtaza-nasir commented on GitHub (Jan 3, 2026): > Are you opening the link from the email in the same browser as you have requested the login code? Yes, it is the same computer, same browser. Ideally, I would like this to work as long as I have the code (like it works with services like Claude etc).

OVERLORD commented 2026-02-04 20:34:09 +03:00

Author

Owner

Copy Link

@murtaza-nasir commented on GitHub (Jan 3, 2026):

ReferenceError: AuthenticatorAssertionResponse is not defined
    mapCredentialAssertResult moz-extension://cf68c112-f685-4c56-a7f4-4575ed83f8b3/content/fido2-page-script.js:216
    getWebAuthnCredential moz-extension://cf68c112-f685-4c56-a7f4-4575ed83f8b3/content/fido2-page-script.js:544
    fulfilled moz-extension://cf68c112-f685-4c56-a7f4-4575ed83f8b3/content/fido2-page-script.js:379
[tXc6KnY3.js:1:10984](https://mydomain.com/_app/immutable/chunks/tXc6KnY3.js)
Cookie “__Host-device_token” has been rejected for invalid prefix.

This is what I see in the console. I think this is the same error as #1188.

@murtaza-nasir commented on GitHub (Jan 3, 2026): ``` ReferenceError: AuthenticatorAssertionResponse is not defined mapCredentialAssertResult moz-extension://cf68c112-f685-4c56-a7f4-4575ed83f8b3/content/fido2-page-script.js:216 getWebAuthnCredential moz-extension://cf68c112-f685-4c56-a7f4-4575ed83f8b3/content/fido2-page-script.js:544 fulfilled moz-extension://cf68c112-f685-4c56-a7f4-4575ed83f8b3/content/fido2-page-script.js:379 [tXc6KnY3.js:1:10984](https://mydomain.com/_app/immutable/chunks/tXc6KnY3.js) Cookie “__Host-device_token” has been rejected for invalid prefix. ``` This is what I see in the console. I think this is the same error as #1188.

OVERLORD commented 2026-02-04 20:34:11 +03:00

Author

Owner

Copy Link

@murtaza-nasir commented on GitHub (Jan 3, 2026):

The above is in FF, the below is what I see in the chrome console:

@murtaza-nasir commented on GitHub (Jan 3, 2026): The above is in FF, the below is what I see in the chrome console: <img width="1263" height="409" alt="Image" src="https://github.com/user-attachments/assets/9774143a-0d86-4819-a646-17441b0ea52b" />

OVERLORD commented 2026-02-04 20:34:18 +03:00

Author

Owner

Copy Link

@Maddog0057 commented on GitHub (Jan 3, 2026):

Same issue after updating to v2. Tested using the code directly and the link, as well as with multiple user accounts.

@Maddog0057 commented on GitHub (Jan 3, 2026): Same issue after updating to v2. Tested using the code directly and the link, as well as with multiple user accounts.

OVERLORD commented 2026-02-04 20:34:22 +03:00

Author

Owner

Copy Link

@MrExplode commented on GitHub (Jan 4, 2026):

Experiencing the same, tested with multiple users. (on multiple browsers spread across multiple OSes)

@MrExplode commented on GitHub (Jan 4, 2026): Experiencing the same, tested with multiple users. (on multiple browsers spread across multiple OSes)

OVERLORD commented 2026-02-04 20:34:28 +03:00

Author

Owner

Copy Link

@stonith404 commented on GitHub (Jan 4, 2026):

Thanks for reporting this, the cookie configuration was wrong, so the token was never set. This should be fixed in v2.1.0 which will be available in a few minutes.

@stonith404 commented on GitHub (Jan 4, 2026): Thanks for reporting this, the cookie configuration was wrong, so the token was never set. This should be fixed in `v2.1.0` which will be available in a few minutes.

OVERLORD commented 2026-02-04 20:34:35 +03:00

Author

Owner

Copy Link

@deuts commented on GitHub (Jan 6, 2026):

I'm on v2.1.0 and this Send Email Login code does not work:

The Show Code Login Code appears to be working as well as the Email Login option.

@deuts commented on GitHub (Jan 6, 2026): I'm on v2.1.0 and this Send Email Login code does not work: <img width="642" height="315" alt="Image" src="https://github.com/user-attachments/assets/38a8339f-6f3c-47b2-8931-81fbbb1dcf8b" /> The Show Code Login Code appears to be working as well as the Email Login option.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/email-verification

oidc-scopes

default-env-db-keys

slog-gorm

v2.2.0

v2.1.0

v2.0.2

v2.0.1

v2.0.0

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

bug

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#581