Unable to login from Edge extension when FIFO 2FA enabled #1372

New Issue

Closed

opened 2026-02-05 00:44:56 +03:00 by OVERLORD · 2 comments

OVERLORD commented 2026-02-05 00:44:56 +03:00

Owner

Copy Link

Originally created by @plinss on GitHub (Oct 2, 2022).

Subject of the issue

Not sure if this is an issue with Vaultwarden or the Bitwarden Edge extension.

I just installed the extension in Edge and was unable to login to my vault.
In the extension, after entering the email address and master password, I get a page saying 'Refused to connect'. A bit later I get an email from Vaultwarden saying it saw a login but no 2FA. The Vaultwarden log shows: 'Error: 2FA token not provided'.

This account has both TOTP and FIDO 2FA enabled, and I'm able to login from the web client, desktop, and mobile apps.

I disabled FIDO 2FA for the account (leaving TOTP enabled) and was able to login (I got the TOTP prompt after entering the master password).

Deployment environment

• vaultwarden version: 1.25.2

• Install method: built from source

• Clients used: Edge extension 2022.9.1

• Reverse proxy and version: nginx 1.23.1

• MySQL/MariaDB or PostgreSQL version: PostgreSQL 13.8

• Other relevant details:

Steps to reproduce

Enable FIDO and TOTP 2FA for account in web client.
Install browser extension in Edge, try to login.

Expected behaviour

Prompt for FIDO key or TOTP

Actual behaviour

'Refused to connect' error message

Troubleshooting data

Originally created by @plinss on GitHub (Oct 2, 2022). <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue Not sure if this is an issue with Vaultwarden or the Bitwarden Edge extension. I just installed the extension in Edge and was unable to login to my vault. In the extension, after entering the email address and master password, I get a page saying 'Refused to connect'. A bit later I get an email from Vaultwarden saying it saw a login but no 2FA. The Vaultwarden log shows: 'Error: 2FA token not provided'. This account has both TOTP and FIDO 2FA enabled, and I'm able to login from the web client, desktop, and mobile apps. I disabled FIDO 2FA for the account (leaving TOTP enabled) and was able to login (I got the TOTP prompt after entering the master password). ### Deployment environment <!-- ========================================================================================= Preferably, use the `Generate Support String` button on the admin page's Diagnostics tab. That will auto-generate most of the info requested in this section. ========================================================================================= --> <!-- The version number, obtained from the logs (at startup) or the admin diagnostics page --> <!-- This is NOT the version number shown on the web vault, which is versioned separately from vaultwarden --> <!-- Remember to check if your issue exists on the latest version first! --> * vaultwarden version: 1.25.2 <!-- How the server was installed: Docker image, OS package, built from source, etc. --> * Install method: built from source * Clients used: Edge extension 2022.9.1 * Reverse proxy and version: nginx 1.23.1 * MySQL/MariaDB or PostgreSQL version: PostgreSQL 13.8 * Other relevant details: ### Steps to reproduce <!-- Tell us how to reproduce this issue. What parameters did you set (differently from the defaults) and how did you start vaultwarden? --> Enable FIDO and TOTP 2FA for account in web client. Install browser extension in Edge, try to login. ### Expected behaviour <!-- Tell us what you expected to happen --> Prompt for FIDO key or TOTP ### Actual behaviour <!-- Tell us what actually happened --> 'Refused to connect' error message ### Troubleshooting data <!-- Share any log files, screenshots, or other relevant troubleshooting data -->

OVERLORD closed this issue 2026-02-05 00:45:02 +03:00

OVERLORD commented 2026-02-05 00:45:05 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub (Oct 2, 2022):

Could you provide the support string which you can generate from the admin diagnostics page please.

Also, make sure you do not have added extra headers in nginx to block frames, or external content with custom CSP headers, those will break the functionality. Al the needed headers for security are configured in Vaultwarden already. Expect for HTST.

@BlackDex commented on GitHub (Oct 2, 2022): Could you provide the support string which you can generate from the admin diagnostics page please. Also, make sure you do not have added extra headers in nginx to block frames, or external content with custom CSP headers, those will break the functionality. Al the needed headers for security are configured in Vaultwarden already. Expect for HTST.

OVERLORD commented 2026-02-05 00:45:07 +03:00

Author

Owner

Copy Link

@plinss commented on GitHub (Oct 2, 2022):

I was adding headers in nginx to prevent being framed, removed those and it works now. Sorry for the bother and thanks for the input.

@plinss commented on GitHub (Oct 2, 2022): I was adding headers in nginx to prevent being framed, removed those and it works now. Sorry for the bother and thanks for the input.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

cached-config-operations

test_dylint

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#1372