iOS Bitwarden client incompatibility #995

New Issue

Closed

opened 2025-10-09 16:59:57 +03:00 by OVERLORD · 6 comments

OVERLORD commented 2025-10-09 16:59:57 +03:00

Owner

Copy Link

Originally created by @ghost on GitHub.

Subject of the issue

Cannot login with iOS Bitwarden client

Deployment environment

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.26.0-8feed291
• Web-vault version: v2022.11.1
• Running within Docker: true (Base: Debian)
• Environment settings overridden: true
• Uses a reverse proxy: true
• IP Header check: true (X-Real-IP)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Database type: SQLite
• Database version: 3.39.2
• Clients used:
• Reverse proxy and version:
• Other relevant information:

Config (Generated via diagnostics page)

Show Running Config

Environment settings which are overridden: SIGNUPS_ALLOWED, ADMIN_TOKEN

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": false,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_smtp_img_src": "cid:",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_token": "***",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "****/**.*******",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*****.**********.****",
  "domain_origin": "*****://*****.**********.****",
  "domain_path": "",
  "domain_set": true,
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "email_attempts_limit": 3,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 5 * * * *",
  "emergency_request_timeout_schedule": "0 5 * * * *",
  "enable_db_wal": true,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "Vaultwarden",
  "invitations_allowed": true,
  "ip_header": "X-Real-IP",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "Info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": true,
  "signups_domains_whitelist": "",
  "signups_verify": false,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "gssapi",
  "smtp_debug": false,
  "smtp_embed_images": true,
  "smtp_explicit_tls": null,
  "smtp_from": "**************@**.***",
  "smtp_from_name": "Vaultwarden",
  "smtp_host": "****.****.**.***",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "**************@**.***",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_syslog": false,
  "user_attachment_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "websocket_address": "0.0.0.0",
  "websocket_enabled": true,
  "websocket_port": 3012,
  "yubico_client_id": null,
  "yubico_secret_key": null,
  "yubico_server": null
}

• vaultwarden version: testing

• Install method: docker

• Clients used: iOS

• Reverse proxy and version: nginx/1.18.0

• MySQL/MariaDB or PostgreSQL version:

• Other relevant details: nginx proxy settings

proxy_set_header Host $host;
resolver 192.168.0.1;
proxy_set_header Accept-Encoding "";
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Port 8080;
proxy_set_header Host vault.example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_cookie_domain vault.example.com localhost;
sub_filter "localhost" "vault.example.com";
sub_filter_once off;
proxy_redirect http://localhost https://vault.example.com;
proxy_pass http://127.0.0.1:8080$request_uri;

Steps to reproduce

Installing with docker on latest or testing, login via web is fine, via chrome plugin is fine, but via iOS app fails with "an error occurred"

Expected behaviour

successful login

Actual behaviour

when attempt to login with the exact same credentials & url successfully used via web or chrome plugin, login fails on iOS app

Troubleshooting data

I initially attempt to use just the proxy pass string without filters and without headers, but this failed. I then attempted to add filters and the like, and this failed as well. Everything still works on other clients.

Originally created by @ghost on GitHub. <!-- # ### NOTE: Please update to the latest version of vaultwarden before reporting an issue! This saves you and us a lot of time and troubleshooting. See: * https://github.com/dani-garcia/vaultwarden/issues/1180 * https://github.com/dani-garcia/vaultwarden/wiki/Updating-the-vaultwarden-image # ### --> <!-- Please fill out the following template to make solving your problem easier and faster for us. This is only a guideline. If you think that parts are unnecessary for your issue, feel free to remove them. Remember to hide/redact personal or confidential information, such as passwords, IP addresses, and DNS names as appropriate. --> ### Subject of the issue Cannot login with iOS Bitwarden client ### Deployment environment ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.26.0-8feed291 * Web-vault version: v2022.11.1 * Running within Docker: true (Base: Debian) * Environment settings overridden: true * Uses a reverse proxy: true * IP Header check: true (X-Real-IP) * Internet access: true * Internet access via a proxy: false * DNS Check: true * Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Database type: SQLite * Database version: 3.39.2 * Clients used: * Reverse proxy and version: * Other relevant information: ### Config (Generated via diagnostics page) <details><summary>Show Running Config</summary> **Environment settings which are overridden:** SIGNUPS_ALLOWED, ADMIN_TOKEN ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": false, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_smtp_img_src": "cid:", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_token": "***", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "****/**.*******", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*****.**********.****", "domain_origin": "*****://*****.**********.****", "domain_path": "", "domain_set": true, "duo_host": null, "duo_ikey": null, "duo_skey": null, "email_attempts_limit": 3, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 5 * * * *", "emergency_request_timeout_schedule": "0 5 * * * *", "enable_db_wal": true, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "extended_logging": true, "helo_name": null, "hibp_api_key": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "invitation_expiration_hours": 120, "invitation_org_name": "Vaultwarden", "invitations_allowed": true, "ip_header": "X-Real-IP", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "Info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "password_hints_allowed": true, "password_iterations": 100000, "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": true, "signups_domains_whitelist": "", "signups_verify": false, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": "gssapi", "smtp_debug": false, "smtp_embed_images": true, "smtp_explicit_tls": null, "smtp_from": "**************@**.***", "smtp_from_name": "Vaultwarden", "smtp_host": "****.****.**.***", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "**************@**.***", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_syslog": false, "user_attachment_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "websocket_address": "0.0.0.0", "websocket_enabled": true, "websocket_port": 3012, "yubico_client_id": null, "yubico_secret_key": null, "yubico_server": null } ``` </details> * vaultwarden version: testing * Install method: docker * Clients used: iOS * Reverse proxy and version: nginx/1.18.0 * MySQL/MariaDB or PostgreSQL version: <!-- if applicable --> * Other relevant details: nginx proxy settings ``` proxy_set_header Host $host; resolver 192.168.0.1; proxy_set_header Accept-Encoding ""; proxy_set_header X-Forwarded-Proto http; proxy_set_header X-Forwarded-Port 8080; proxy_set_header Host vault.example.com; proxy_set_header X-Real-IP $remote_addr; proxy_cookie_domain vault.example.com localhost; sub_filter "localhost" "vault.example.com"; sub_filter_once off; proxy_redirect http://localhost https://vault.example.com; proxy_pass http://127.0.0.1:8080$request_uri; ``` ### Steps to reproduce Installing with docker on latest or testing, login via web is fine, via chrome plugin is fine, but via iOS app fails with "an error occurred" ### Expected behaviour successful login ### Actual behaviour when attempt to login with the exact same credentials & url successfully used via web or chrome plugin, login fails on iOS app ### Troubleshooting data I initially attempt to use just the proxy pass string without filters and without headers, but this failed. I then attempted to add filters and the like, and this failed as well. Everything still works on other clients.

OVERLORD closed this issue 2025-10-09 16:59:58 +03:00

OVERLORD commented 2025-10-09 16:59:59 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub:

That is not the log part regarding login.
We need the part that has anything to do with login and mentions something about the login. Also if possible set the log_level to debug.

And, what happens if you try to connect to your instance via safari on the iPhone? Because all other clients work for you, sounds more like a client/connectivity issue.

@BlackDex commented on GitHub: That is not the log part regarding login. We need the part that has anything to do with login and mentions something about the login. Also if possible set the `log_level` to `debug`. And, what happens if you try to connect to your instance via safari on the iPhone? Because all other clients work for you, sounds more like a client/connectivity issue.

OVERLORD commented 2025-10-09 17:00:00 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub:

Could you provide logs please? Have you tried fully logging out and back in again?

@BlackDex commented on GitHub: Could you provide logs please? Have you tried fully logging out and back in again?

OVERLORD commented 2025-10-09 17:00:00 +03:00

Author

Owner

Copy Link

@strieflinger commented on GitHub:

I do experience a similar error. Can successfully login via web client (using same credentials) but login fails for macOS App (Version 2022.11.0 (5788)). The log says (reverse chronological) order:

2022-12-04 15:29:53	stdout	[2022-12-04 15:29:53.802][response][INFO] POST /identity/connect/token (login) => 400 Bad Request
2022-12-04 15:29:53	stdout	[2022-12-04 15:29:53.802][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 172.17.0.1. Username:
2022-12-04 15:29:53	stdout	[2022-12-04 15:29:53.705][request][INFO] POST /identity/connect/token
2022-12-04 15:29:53	stdout	[2022-12-04 15:29:53.688][response][INFO] 404 Not Found
2022-12-04 15:29:53	stdout	[2022-12-04 15:29:53.688][request][INFO] POST /identity/accounts/prelogin

Any ideas?

@strieflinger commented on GitHub: I do experience a similar error. Can successfully login via web client (using same credentials) but login fails for macOS App (Version 2022.11.0 (5788)). The log says (reverse chronological) order: > 2022-12-04 15:29:53 | stdout | [2022-12-04 15:29:53.802][response][INFO] POST /identity/connect/token (login) => 400 Bad Request -- | -- | -- 2022-12-04 15:29:53 | stdout | [2022-12-04 15:29:53.802][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 172.17.0.1. Username: <redacted> 2022-12-04 15:29:53 | stdout | [2022-12-04 15:29:53.705][request][INFO] POST /identity/connect/token 2022-12-04 15:29:53 | stdout | [2022-12-04 15:29:53.688][response][INFO] 404 Not Found 2022-12-04 15:29:53 | stdout | [2022-12-04 15:29:53.688][request][INFO] POST /identity/accounts/prelogin Any ideas?

OVERLORD commented 2025-10-09 17:00:00 +03:00

Author

Owner

Copy Link

@ghost commented on GitHub:

I cannot login to logout... but I have tried logging in on iOS, re-installing the app and logging in, deleting, rebooting, and then logging in, etc. I can login on every other platform.

The nginx log shows:

2022/12/02 13:07:20 [error] 1717#1717: *103 upstream prematurely closed connection while reading response header from upstream, client: 192.168.0.6, server: vault.example.com, request: "GET /notifications/hub?access_token=redacted token HTTP/1.1", upstream: "http://127.0.0.1:3012/notifications/hub?access_token=redacted token

Interestingly, the docker log does show my admin login via the browser, but does not show the latest attempt via iOS. Maybe there's something different about how the iOS formats requests that isn't making it through nginx to docker?

@ghost commented on GitHub: I cannot login to logout... but I have tried logging in on iOS, re-installing the app and logging in, deleting, rebooting, and then logging in, etc. I can login on every other platform. The nginx log shows: ```2022/12/02 13:07:20 [error] 1717#1717: *103 upstream prematurely closed connection while reading response header from upstream, client: 192.168.0.6, server: vault.example.com, request: "GET /notifications/hub?access_token=redacted token HTTP/1.1", upstream: "http://127.0.0.1:3012/notifications/hub?access_token=redacted token``` Interestingly, the docker log does show my admin login via the browser, but does not show the latest attempt via iOS. Maybe there's something different about how the iOS formats requests that isn't making it through nginx to docker?

OVERLORD commented 2025-10-09 17:00:01 +03:00

Author

Owner

Copy Link

@BlackDex commented on GitHub:

@slotbaer are you using the latest or testing tagged images?
Since only testing will work fully with the latest version of Bitwarden Clients a.t.m.

@BlackDex commented on GitHub: @slotbaer are you using the `latest` or `testing` tagged images? Since only `testing` will work fully with the latest version of Bitwarden Clients a.t.m.

OVERLORD commented 2025-10-09 17:00:02 +03:00

Author

Owner

Copy Link

@strieflinger commented on GitHub:

That's good to know. I am using latest. Any timeline for arrival of compatibility in latest?

@strieflinger commented on GitHub: That's good to know. I am using `latest`. Any timeline for arrival of compatibility in `latest`?

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

test_dylint

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels

better for forum

bug

bug

bug

documentation

duplicate

enhancement

future Vault

good first issue

help wanted

low priority

notes

pull-request

Mirrored from GitHub Pull Request

question

SSO

Third party

troubleshooting

troubleshooting

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/vaultwarden#995