Fido2 Webauthn broken on latest version of Android app (2.13.0) #1115

New Issue

Closed

opened 2026-02-04 23:56:52 +03:00 by OVERLORD · 3 comments

OVERLORD commented 2026-02-04 23:56:52 +03:00

Owner

Copy Link

Originally created by @krzmaz on GitHub (Sep 26, 2021).

Subject of the issue

It seems that with the recent version of the mobile app some changes were introduced to FIDO2 Webauthn authentication - https://github.com/bitwarden/mobile/pull/1519
After updating, there is a 404 error when trying to authenticate, as the app is trying to connect to an unimplemented endpoint, example below:
https://vault.mydomain.com/webauthn-mobile-connector.html?data=[DATA]=&parent=bitwarden%3A%2F%2Fwebauthn-callback&v=2

Deployment environment

• vaultwarden version: 1.22.2

• Install method: docker image

• Clients used: Android

• Reverse proxy and version:

• MySQL/MariaDB or PostgreSQL version:

• Other relevant details:

Steps to reproduce

Try to authenticate with Fido2 Webauthn using the latest (2.13.0) mobile app

Expected behaviour

Authentication is possible

Actual behaviour

Error 404 happens

Troubleshooting data

Originally created by @krzmaz on GitHub (Sep 26, 2021). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue <!-- Describe your issue here. --> It seems that with the recent version of the mobile app some changes were introduced to FIDO2 Webauthn authentication - https://github.com/bitwarden/mobile/pull/1519 After updating, there is a 404 error when trying to authenticate, as the app is trying to connect to an unimplemented endpoint, example below: https://vault.mydomain.com/webauthn-mobile-connector.html?data=[DATA]=&parent=bitwarden%3A%2F%2Fwebauthn-callback&v=2 ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 1.22.2 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: docker image * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> Android * Reverse proxy and version: <!-- if applicable --> * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * Other relevant details: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> Try to authenticate with Fido2 Webauthn using the latest (2.13.0) mobile app ### Expected behaviour <!-- Tell us what you expected to happen --> Authentication is possible ### Actual behaviour <!-- Tell us what actually happened --> Error 404 happens ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->

OVERLORD closed this issue 2026-02-04 23:56:57 +03:00

OVERLORD commented 2026-02-04 23:57:06 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Sep 26, 2021):

I think it should work fine. Are you using a reverse proxy, and if so which one? Does it has caching functionally? Did you clear the cache if so?

@BlackDex commented on GitHub (Sep 26, 2021): I think it should work fine. Are you using a reverse proxy, and if so which one? Does it has caching functionally? Did you clear the cache if so?

OVERLORD commented 2026-02-04 23:57:15 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Sep 26, 2021):

Sorry, i just saw that this specific endpoint is available within the current testing image, and thus already fixed. But not in the current latest version

Either use the testing image or wait for a new release.

@BlackDex commented on GitHub (Sep 26, 2021): Sorry, i just saw that this specific endpoint is available within the current testing image, and thus already fixed. But not in the current latest version Either use the testing image or wait for a new release.

OVERLORD commented 2026-02-04 23:57:19 +03:00

Author

Owner

Copy Link

@krzmaz commented on GitHub (Sep 26, 2021):

Thank you for the quick response!
The latest testing docker image is panicking and not starting on my Raspberry Pi 4, so I guess I'll wait for a release :)
Thank you for all the work on this project!

@krzmaz commented on GitHub (Sep 26, 2021): Thank you for the quick response! The latest testing docker image is panicking and not starting on my Raspberry Pi 4, so I guess I'll wait for a release :) Thank you for all the work on this project!

OVERLORD referenced this issue 2026-02-05 05:00:52 +03:00

[PR #1115] [MERGED] Delete associated favorites when deleting a cipher or user #2857

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1115