mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-07-16 05:34:10 +03:00
Cannot login on Android with Duo 2FA activated #2403
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @esackbauer on GitHub (Oct 5, 2025).
Prerequisites
Vaultwarden Support String
Your environment (Generated via diagnostics page)
Config & Details (Generated via diagnostics page)
Show Config & Details
Config:
Vaultwarden Build Version
1.34.3
Deployment method
Official Container Image
Custom deployment method
No response
Reverse Proxy
Sophos Firewall
Host/Server Operating System
Linux
Operating System Version
Debian 12
Clients
Android
Client Version
2025.9.0
Steps To Reproduce
Expected Result
Pop up browser window will disappear (or message that window can be closed) and Bitwarden will open the vault
Actual Result
browser window showing spinning dots forever
Logs
Screenshots or Videos
No response
Additional Context
It seems from the logs, that immediately after Duo 2FA is invoked, it is assumed that an invalid token was presented. I had the chance to allow the login in Duo app after a couple of seconds, so that error must have happened before that:
No errors on the reverse proxy log from Sophos Firewall.
Tested with Brave Browser and Chrome on Android device.
Nothing was changed on Duo or reverse proxy side, it was working with a former Bitwarden/Vaultwarden version. Did not login for a long time.
@BlackDex commented on GitHub (Oct 5, 2025):
I'm not sure if this is an issue with Vaultwarden it self. Bitwarden Hosted seems to have the exact same issue. After successful authentication via DUO it redirects you to a page on the host, and that tries to open something like
bitwarden://duo-callbackbut that seems to be blocked for some reason.@BlackDex commented on GitHub (Oct 5, 2025):
Looking at this, it seems like it is a Chrome (or Chromium based browsers) issue.
They block these kind of auto redirects. Bitwarden probably needs to create a button for a user to click on.
@alexschomb commented on GitHub (Oct 7, 2025):
The issue suddenly happens in one Vaultwarden installations of me as well - without any changes to the installation. I can't login to Vaultwarden via Firefox, Chrome and Edge. The login with the browser extensions is not working as well.
The server log shows:
The error popup in the browser or browser extensions (and browser console) says:
What really confuses me is that in a very similar Vaultwarden instance (same version, same settings concerning Duo) the Duo login (to a different Duo organization) just works without error. Is there any way I can help to debug the issue?
@alexschomb commented on GitHub (Oct 8, 2025):
Sorry, Please disregard my comment. Turns out that the time of the server was not in sync.
@danktankk commented on GitHub (Nov 6, 2025):
I am having the same issue on edge browser and I am not having any time sync issues between server and client.
@esackbauer commented on GitHub (Nov 7, 2025):
Edge is also a Chromium based browser. They all have that issue.
@BlackDex commented on GitHub (Dec 20, 2025):
I'm not able to reproduce this anymore using
testingwith the v2025.12.0 web-vault.It might be a fix in the web-vault, or in the browser/OS level in some way.
The v2025.12.0 isn't yet in the
testingcontainer, so if that is the fix you need to wait.Though, for me it also works on v2025.10.1.
Since this isn't something this project can change anyway, and it seems to be fixed for me (While being broken first), I'm going to close this as solved.