Existing users are unable to accept invitation to new organization #1183

New Issue

Closed

opened 2026-02-05 00:14:57 +03:00 by OVERLORD · 4 comments

OVERLORD commented 2026-02-05 00:14:57 +03:00

Owner

Copy Link

Originally created by @mburgess00 on GitHub (Jan 7, 2022).

Subject of the issue

I created a new organization and was joined to it as an owner, however, inviting other users that exist on our server fails with an error:
Error decoding JWT

Deployment environment

• vaultwarden version:
  2.25.0

• Install method:
  Docker image

• Clients used:
  Web vault

• Reverse proxy and version:

• MySQL/MariaDB or PostgreSQL version:

• Other relevant details:

Steps to reproduce

Expected behaviour

Link to join org should work

Actual behaviour

Presented with JWT error

Troubleshooting data

Server logs:
2022-01-06 15:43:45[2022-01-06 22:43:45.966][response][INFO] POST /identity/connect/token (login) => 200 OK
2022-01-06 15:43:45[2022-01-06 22:43:45.961][response][INFO] POST /identity/connect/token (login) => 200 OK
2022-01-06 15:43:45[2022-01-06 22:43:45.956][request][INFO] POST /identity/connect/token
2022-01-06 15:43:45[2022-01-06 22:43:45.950][request][INFO] POST /identity/connect/token
2022-01-06 15:43:45[2022-01-06 22:43:45.861][error][ERROR] Error decoding JWT.
2022-01-06 15:43:45[CAUSE] Error(
2022-01-06 15:43:45InvalidSignature,
2022-01-06 15:43:45)
2022-01-06 15:43:45[2022-01-06 22:43:45.861][response][INFO] POST /api/organizations/<_org_id>/users/<_org_user_id>/accept (accept_invite) => 400 Bad Request
2022-01-06 15:43:45[2022-01-06 22:43:45.859][request][INFO] POST /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/users/1efc2f8e-1eb2-4e62-a9e5-f657f95573a6/accept
[2022-01-06 22:43:45.859][request][INFO] POST /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/users/1efc2f8e-1eb2-4e62-a9e5-f657f95573a6/accept
2022-01-06 15:43:45[2022-01-06 22:43:45.793][error][ERROR] Error decoding JWT.
2022-01-06 15:43:45[CAUSE] Error(
2022-01-06 15:43:45InvalidSignature,
2022-01-06 15:43:45)
2022-01-06 15:43:45[2022-01-06 22:43:45.793][response][INFO] GET /api/organizations/<org_id>/policies/token? (list_policies_token) => 400 Bad Request
2022-01-06 15:43:45[2022-01-06 22:43:45.791][request][INFO] GET /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/policies/token?token=eyJ0eXAiOiJKV1QiLCJhbGci
2022-01-06 15:43:45[2022-01-06 22:43:45.707][response][INFO] POST /identity/connect/token (login) => 200 OK
2022-01-06 15:43:45[2022-01-06 22:43:45.707][vaultwarden::api::identity][INFO] User <##user email redacted##> logged in successfully. IP: 10.101.9.88
2022-01-06 15:43:45[2022-01-06 22:43:45.551][request][INFO] POST /identity/connect/token
2022-01-06 15:43:45[2022-01-06 22:43:45.453][response][INFO] POST /api/accounts/prelogin (prelogin) => 200 OK
2022-01-06 15:43:45[2022-01-06 22:43:45.450][request][INFO] POST /api/accounts/prelogin
2022-01-06 15:43:41[2022-01-06 22:43:41.536][error][ERROR] Error decoding JWT.
2022-01-06 15:43:41[CAUSE] Error(
2022-01-06 15:43:41InvalidSignature,
2022-01-06 15:43:41)
2022-01-06 15:43:41[2022-01-06 22:43:41.536][response][INFO] GET /api/organizations/<org_id>/policies/token? (list_policies_token) => 400 Bad Request
2022-01-06 15:43:41[2022-01-06 22:43:41.534][request][INFO] GET /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/policies/token?token=eyJ0eXAiOiJKV1QiLCJhbGci
2022-01-06 15:41:48[2022-01-06 22:41:48.971][response][INFO] GET /api/sync?<data..> (sync) => 200 OK
2022-01-06 15:41:48[2022-01-06 22:41:48.968][response][INFO] GET /api/sync?<data..> (sync) => 200 OK
2022-01-06 15:41:48[2022-01-06 22:41:48.797][request][INFO] GET /api/sync?excludeDomains=true
2022-01-06 15:41:48[2022-01-06 22:41:48.762][request][INFO] GET /api/sync?excludeDomains=true
2022-01-06 15:41:48[2022-01-06 22:41:48.743][response][INFO] POST /identity/connect/token (login) => 200 OK
2022-01-06 15:41:48[2022-01-06 22:41:48.734][request][INFO] POST /identity/connect/token
2022-01-06 15:41:48[2022-01-06 22:41:48.689][response][INFO] POST /identity/connect/token (login) => 200 OK
2022-01-06 15:41:48[2022-01-06 22:41:48.680][request][INFO] POST /identity/connect/token
2022-01-06 15:41:48[2022-01-06 22:41:48.591][error][ERROR] Error decoding JWT.
2022-01-06 15:41:48[CAUSE] Error(
2022-01-06 15:41:48InvalidSignature,
2022-01-06 15:41:48)
2022-01-06 15:41:48[2022-01-06 22:41:48.591][response][INFO] POST /api/organizations/<_org_id>/users/<_org_user_id>/accept (accept_invite) => 400 Bad Request
2022-01-06 15:41:48[2022-01-06 22:41:48.585][request][INFO] POST /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/users/1efc2f8e-1eb2-4e62-a9e5-f657f95573a6/accept
2022-01-06 15:41:48[2022-01-06 22:41:48.522][error][ERROR] Error decoding JWT.
2022-01-06 15:41:48[CAUSE] Error(
2022-01-06 15:41:48InvalidSignature,
2022-01-06 15:41:48)
2022-01-06 15:41:48[2022-01-06 22:41:48.522][response][INFO] GET /api/organizations/<org_id>/policies/token? (list_policies_token) => 400 Bad Request
2022-01-06 15:41:48[2022-01-06 22:41:48.519][request][INFO] GET /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/policies/token?token=<##token redacted##>
2022-01-06 15:41:48[2022-01-06 22:41:48.447][vaultwarden::api::identity][INFO] User <##user email redacted##> logged in successfully. IP: 10.101.8.84
2022-01-06 15:41:48[2022-01-06 22:41:48.447][response][INFO] POST /identity/connect/token (login) => 200 OK
2022-01-06 15:41:48[2022-01-06 22:41:48.365][request][INFO] POST /identity/connect/token
2022-01-06 15:41:48[2022-01-06 22:41:48.258][response][INFO] POST /api/accounts/prelogin (prelogin) => 200 OK
2022-01-06 15:41:48[2022-01-06 22:41:48.255][request][INFO] POST /api/accounts/prelogin
2022-01-06 15:41:42[2022-01-06 22:41:42.848][error][ERROR] Error decoding JWT.
2022-01-06 15:41:42[CAUSE] Error(
2022-01-06 15:41:42InvalidSignature,
2022-01-06 15:41:42)
2022-01-06 15:41:42[2022-01-06 22:41:42.848][response][INFO] GET /api/organizations/<org_id>/policies/token? (list_policies_token) => 400 Bad Request
2022-01-06 15:41:42[2022-01-06 22:41:42.846][request][INFO] GET /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/policies/token?token=<##token redacted##>
2022-01-06 15:40:38[2022-01-06 22:40:38.042][response][INFO] GET /api/sync?<data..> (sync) => 200 OK
2022-01-06 15:40:38[2022-01-06 22:40:38.033][response][INFO] GET /api/sync?<data..> (sync) => 200 OK
2022-01-06 15:40:37[2022-01-06 22:40:37.764][request][INFO] GET /api/sync?excludeDomains=true
2022-01-06 15:40:37[2022-01-06 22:40:37.729][request][INFO] GET /api/sync?excludeDomains=true
2022-01-06 15:40:37[2022-01-06 22:40:37.709][response][INFO] POST /identity/connect/token (login) => 200 OK
2022-01-06 15:40:37[2022-01-06 22:40:37.693][request][INFO] POST /identity/connect/token
2022-01-06 15:40:37[2022-01-06 22:40:37.674][response][INFO] POST /identity/connect/token (login) => 200 OK
2022-01-06 15:40:37[2022-01-06 22:40:37.659][request][INFO] POST /identity/connect/token
2022-01-06 15:39:10[2022-01-06 22:39:10.263][start][INFO] Rocket has launched from http://0.0.0.0:80
2022-01-06 15:39:10[2022-01-06 22:39:10.111][vaultwarden][INFO] Public key created correctly.
2022-01-06 15:39:10[2022-01-06 22:39:10.111][vaultwarden][INFO] Private key created correctly.
2022-01-06 15:39:09| Starting Vaultwarden |
2022-01-06 15:39:09| Version 1.23.1 |
2022-01-06 15:39:09|--------------------------------------------------------------------|
2022-01-06 15:39:09| This is an unofficial Bitwarden implementation, DO NOT use the |
2022-01-06 15:39:09| official channels to report bugs/features, regardless of client. |
2022-01-06 15:39:09| Send usage/configuration questions or feature requests to: |
2022-01-06 15:39:09| https://vaultwarden.discourse.group/ |
2022-01-06 15:39:09| Report suspected bugs/issues in the software itself at: |
2022-01-06 15:39:09| https://github.com/dani-garcia/vaultwarden/issues/new |
2022-01-06 15:39:09--------------------------------------------------------------------/
2022-01-06 15:39:09[INFO] No .env file found.
2022-01-06 15:39:09/--------------------------------------------------------------------\

Originally created by @mburgess00 on GitHub (Jan 7, 2022). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue I created a new organization and was joined to it as an owner, however, inviting other users that exist on our server fails with an error: Error decoding JWT ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 2.25.0 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: Docker image * Clients used: <!-- web vault, desktop, Android, iOS, etc. (if applicable) --> Web vault * Reverse proxy and version: <!-- if applicable --> * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * Other relevant details: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> ### Expected behaviour <!-- Tell us what you expected to happen --> Link to join org should work ### Actual behaviour <!-- Tell us what actually happened --> Presented with JWT error ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data --> Server logs: 2022-01-06 15:43:45[2022-01-06 22:43:45.966][response][INFO] POST /identity/connect/token (login) => 200 OK 2022-01-06 15:43:45[2022-01-06 22:43:45.961][response][INFO] POST /identity/connect/token (login) => 200 OK 2022-01-06 15:43:45[2022-01-06 22:43:45.956][request][INFO] POST /identity/connect/token 2022-01-06 15:43:45[2022-01-06 22:43:45.950][request][INFO] POST /identity/connect/token 2022-01-06 15:43:45[2022-01-06 22:43:45.861][error][ERROR] Error decoding JWT. 2022-01-06 15:43:45[CAUSE] Error( 2022-01-06 15:43:45InvalidSignature, 2022-01-06 15:43:45) 2022-01-06 15:43:45[2022-01-06 22:43:45.861][response][INFO] POST /api/organizations/<_org_id>/users/<_org_user_id>/accept (accept_invite) => 400 Bad Request 2022-01-06 15:43:45[2022-01-06 22:43:45.859][request][INFO] POST /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/users/1efc2f8e-1eb2-4e62-a9e5-f657f95573a6/accept [2022-01-06 22:43:45.859][request][INFO] POST /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/users/1efc2f8e-1eb2-4e62-a9e5-f657f95573a6/accept 2022-01-06 15:43:45[2022-01-06 22:43:45.793][error][ERROR] Error decoding JWT. 2022-01-06 15:43:45[CAUSE] Error( 2022-01-06 15:43:45InvalidSignature, 2022-01-06 15:43:45) 2022-01-06 15:43:45[2022-01-06 22:43:45.793][response][INFO] GET /api/organizations/<org_id>/policies/token?<token> (list_policies_token) => 400 Bad Request 2022-01-06 15:43:45[2022-01-06 22:43:45.791][request][INFO] GET /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/policies/token?token=eyJ0eXAiOiJKV1QiLCJhbGci 2022-01-06 15:43:45[2022-01-06 22:43:45.707][response][INFO] POST /identity/connect/token (login) => 200 OK 2022-01-06 15:43:45[2022-01-06 22:43:45.707][vaultwarden::api::identity][INFO] User <##user email redacted##> logged in successfully. IP: 10.101.9.88 2022-01-06 15:43:45[2022-01-06 22:43:45.551][request][INFO] POST /identity/connect/token 2022-01-06 15:43:45[2022-01-06 22:43:45.453][response][INFO] POST /api/accounts/prelogin (prelogin) => 200 OK 2022-01-06 15:43:45[2022-01-06 22:43:45.450][request][INFO] POST /api/accounts/prelogin 2022-01-06 15:43:41[2022-01-06 22:43:41.536][error][ERROR] Error decoding JWT. 2022-01-06 15:43:41[CAUSE] Error( 2022-01-06 15:43:41InvalidSignature, 2022-01-06 15:43:41) 2022-01-06 15:43:41[2022-01-06 22:43:41.536][response][INFO] GET /api/organizations/<org_id>/policies/token?<token> (list_policies_token) => 400 Bad Request 2022-01-06 15:43:41[2022-01-06 22:43:41.534][request][INFO] GET /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/policies/token?token=eyJ0eXAiOiJKV1QiLCJhbGci 2022-01-06 15:41:48[2022-01-06 22:41:48.971][response][INFO] GET /api/sync?<data..> (sync) => 200 OK 2022-01-06 15:41:48[2022-01-06 22:41:48.968][response][INFO] GET /api/sync?<data..> (sync) => 200 OK 2022-01-06 15:41:48[2022-01-06 22:41:48.797][request][INFO] GET /api/sync?excludeDomains=true 2022-01-06 15:41:48[2022-01-06 22:41:48.762][request][INFO] GET /api/sync?excludeDomains=true 2022-01-06 15:41:48[2022-01-06 22:41:48.743][response][INFO] POST /identity/connect/token (login) => 200 OK 2022-01-06 15:41:48[2022-01-06 22:41:48.734][request][INFO] POST /identity/connect/token 2022-01-06 15:41:48[2022-01-06 22:41:48.689][response][INFO] POST /identity/connect/token (login) => 200 OK 2022-01-06 15:41:48[2022-01-06 22:41:48.680][request][INFO] POST /identity/connect/token 2022-01-06 15:41:48[2022-01-06 22:41:48.591][error][ERROR] Error decoding JWT. 2022-01-06 15:41:48[CAUSE] Error( 2022-01-06 15:41:48InvalidSignature, 2022-01-06 15:41:48) 2022-01-06 15:41:48[2022-01-06 22:41:48.591][response][INFO] POST /api/organizations/<_org_id>/users/<_org_user_id>/accept (accept_invite) => 400 Bad Request 2022-01-06 15:41:48[2022-01-06 22:41:48.585][request][INFO] POST /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/users/1efc2f8e-1eb2-4e62-a9e5-f657f95573a6/accept 2022-01-06 15:41:48[2022-01-06 22:41:48.522][error][ERROR] Error decoding JWT. 2022-01-06 15:41:48[CAUSE] Error( 2022-01-06 15:41:48InvalidSignature, 2022-01-06 15:41:48) 2022-01-06 15:41:48[2022-01-06 22:41:48.522][response][INFO] GET /api/organizations/<org_id>/policies/token?<token> (list_policies_token) => 400 Bad Request 2022-01-06 15:41:48[2022-01-06 22:41:48.519][request][INFO] GET /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/policies/token?token=<##token redacted##> 2022-01-06 15:41:48[2022-01-06 22:41:48.447][vaultwarden::api::identity][INFO] User <##user email redacted##> logged in successfully. IP: 10.101.8.84 2022-01-06 15:41:48[2022-01-06 22:41:48.447][response][INFO] POST /identity/connect/token (login) => 200 OK 2022-01-06 15:41:48[2022-01-06 22:41:48.365][request][INFO] POST /identity/connect/token 2022-01-06 15:41:48[2022-01-06 22:41:48.258][response][INFO] POST /api/accounts/prelogin (prelogin) => 200 OK 2022-01-06 15:41:48[2022-01-06 22:41:48.255][request][INFO] POST /api/accounts/prelogin 2022-01-06 15:41:42[2022-01-06 22:41:42.848][error][ERROR] Error decoding JWT. 2022-01-06 15:41:42[CAUSE] Error( 2022-01-06 15:41:42InvalidSignature, 2022-01-06 15:41:42) 2022-01-06 15:41:42[2022-01-06 22:41:42.848][response][INFO] GET /api/organizations/<org_id>/policies/token?<token> (list_policies_token) => 400 Bad Request 2022-01-06 15:41:42[2022-01-06 22:41:42.846][request][INFO] GET /api/organizations/bccad2c2-bc0b-4096-b121-09d30229b883/policies/token?token=<##token redacted##> 2022-01-06 15:40:38[2022-01-06 22:40:38.042][response][INFO] GET /api/sync?<data..> (sync) => 200 OK 2022-01-06 15:40:38[2022-01-06 22:40:38.033][response][INFO] GET /api/sync?<data..> (sync) => 200 OK 2022-01-06 15:40:37[2022-01-06 22:40:37.764][request][INFO] GET /api/sync?excludeDomains=true 2022-01-06 15:40:37[2022-01-06 22:40:37.729][request][INFO] GET /api/sync?excludeDomains=true 2022-01-06 15:40:37[2022-01-06 22:40:37.709][response][INFO] POST /identity/connect/token (login) => 200 OK 2022-01-06 15:40:37[2022-01-06 22:40:37.693][request][INFO] POST /identity/connect/token 2022-01-06 15:40:37[2022-01-06 22:40:37.674][response][INFO] POST /identity/connect/token (login) => 200 OK 2022-01-06 15:40:37[2022-01-06 22:40:37.659][request][INFO] POST /identity/connect/token 2022-01-06 15:39:10[2022-01-06 22:39:10.263][start][INFO] Rocket has launched from http://0.0.0.0:80 2022-01-06 15:39:10[2022-01-06 22:39:10.111][vaultwarden][INFO] Public key created correctly. 2022-01-06 15:39:10[2022-01-06 22:39:10.111][vaultwarden][INFO] Private key created correctly. 2022-01-06 15:39:09| Starting Vaultwarden | 2022-01-06 15:39:09| Version 1.23.1 | 2022-01-06 15:39:09|--------------------------------------------------------------------| 2022-01-06 15:39:09| This is an *unofficial* Bitwarden implementation, DO NOT use the | 2022-01-06 15:39:09| official channels to report bugs/features, regardless of client. | 2022-01-06 15:39:09| Send usage/configuration questions or feature requests to: | 2022-01-06 15:39:09| https://vaultwarden.discourse.group/ | 2022-01-06 15:39:09| Report suspected bugs/issues in the software itself at: | 2022-01-06 15:39:09| https://github.com/dani-garcia/vaultwarden/issues/new | 2022-01-06 15:39:09\--------------------------------------------------------------------/ 2022-01-06 15:39:09[INFO] No .env file found. 2022-01-06 15:39:09/--------------------------------------------------------------------\

OVERLORD closed this issue 2026-02-05 00:15:05 +03:00

OVERLORD commented 2026-02-05 00:15:10 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jan 7, 2022):

Please post the Support String which you can generate via the /admin/diagnostics page.

@BlackDex commented on GitHub (Jan 7, 2022): Please post the `Support String` which you can generate via the /admin/diagnostics page.

OVERLORD commented 2026-02-05 00:15:12 +03:00

Author

Owner

Copy Link

@mburgess00 commented on GitHub (Jan 7, 2022):

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.23.1
• Web-vault version: v2.25.0
• Running within Docker: false (Base: Debian)
• Environment settings overridden: false
• Uses a reverse proxy: true
• IP Header check: false (X-Forwarded-For)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: PostgreSQL
• Database version: PostgreSQL 10.14 on x86_64-pc-linux-gnu, compiled by x86_64-unknown-linux-gnu-gcc (GCC) 4.9.4, 64-bit
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_ip_header_enabled": true,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_max_conns": 10,
  "database_url": "**********://***********:************************@***********.********************.*********.***.*********.***/***********",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****.*********.***",
  "domain_origin": "*****://*****.*********.***",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_org_name": "Hillman RDS",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "org_attachment_limit": null,
  "org_creation_users": "",
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "************.***",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": null,
  "smtp_debug": false,
  "smtp_explicit_tls": false,
  "smtp_from": "***********@************.***",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****.********.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_ssl": true,
  "smtp_timeout": 15,
  "smtp_username": "******",
  "templates_folder": "data/templates",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": false,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

@mburgess00 commented on GitHub (Jan 7, 2022): ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.23.1 * Web-vault version: v2.25.0 * Running within Docker: false (Base: Debian) * Environment settings overridden: false * Uses a reverse proxy: true * IP Header check: false (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: PostgreSQL * Database version: PostgreSQL 10.14 on x86_64-pc-linux-gnu, compiled by x86_64-unknown-linux-gnu-gcc (GCC) 4.9.4, 64-bit * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_ip_header_enabled": true, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_max_conns": 10, "database_url": "**********://***********:************************@***********.********************.*********.***.*********.***/***********", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.*********.***", "domain_origin": "*****://*****.*********.***", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_org_name": "Hillman RDS", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "org_attachment_limit": null, "org_creation_users": "", "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": true, "signups_domains_whitelist": "************.***", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": null, "smtp_debug": false, "smtp_explicit_tls": false, "smtp_from": "***********@************.***", "smtp_from_name": "Vaultwarden", "smtp_host": "****.********.***", "smtp_password": "***", "smtp_port": 587, "smtp_ssl": true, "smtp_timeout": 15, "smtp_username": "******", "templates_folder": "data/templates", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": false, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details>

OVERLORD commented 2026-02-05 00:15:14 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Jan 7, 2022):

It seems to work for me.
At least on the testing tagged image.

Could you check if the mail was expired? The expire time is 5 day's.
Also, if you have changed the rsa generated keys used to encode the JWT tokens, decoding them will not work.

@BlackDex commented on GitHub (Jan 7, 2022): It seems to work for me. At least on the `testing` tagged image. Could you check if the mail was expired? The expire time is 5 day's. Also, if you have changed the rsa generated keys used to encode the JWT tokens, decoding them will not work.

OVERLORD commented 2026-02-05 00:15:17 +03:00

Author

Owner

Copy Link

@mburgess00 commented on GitHub (Jan 11, 2022):

Thanks for the reply. The mail had been sent moments before the link was clicked so I'm sure it wasn't expired. The only thing I could think with the rsa generated keys is that we are running two instances of the container in AWS ECS in a fault-tolerant configuration. Would it be possible that the containers have their own keys? If so is there a way to inject/store the key outside of the container?

@mburgess00 commented on GitHub (Jan 11, 2022): Thanks for the reply. The mail had been sent moments before the link was clicked so I'm sure it wasn't expired. The only thing I could think with the rsa generated keys is that we are running two instances of the container in AWS ECS in a fault-tolerant configuration. Would it be possible that the containers have their own keys? If so is there a way to inject/store the key outside of the container?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1183