Bitwarden-cli 1.22.0 - login no longer working - API Path changes

Hello There :wave:

I’m a vivid user of Vaultwarden and work with Cloudron Vaultwarden version is 1.24.0

For client access I use bitwarden-rofi which works with the bitwarden-cli

When using the latest version of bitwarden-cli => v1.22.0 the login with vaultwarden does not work anymore.

yay -Ss bitwarden-cli
community/bitwarden-cli 1.22.0-1 (3.4 MiB 24.6 MiB)
The command line vault

Installing my tools

yay -S bitwarden-rofi
. . . 
:: Checking for conflicts...
:: Checking for inner conflicts...
[Repo:1]  bitwarden-cli-1.22.0-1
[Aur:1]  bitwarden-rofi-0.4-1
bw login user.name@domain.tld `_SuperSecureRedactedPassword_` --method 0 --code `_RedactedTOTPCode_`
Username or password is incorrect. Try again

(fyi: --method 0 refers to TOTP auth method => https:// bitwarden. com/help/cli/#enums (had to destroy the URL since I am only allowed to post 2 urls))

not working.

uninstall bitwarden-rofi and bitwarden-cli and installing bitwarden-cli:1.21.1 from file.

yay -R bitwarden-rofi bitwarden-cli
sudo pacman -U ~/bitwarden-cli-1.21.1-1-any.pkg.tar.zst

Now again, login attempt:

bw login user.name@domain.tld `_SuperSecureRedactedPassword_` --method 0 --code `_RedactedTOTPCode_`
You are logged in!

1.21.1 login web log

Mar 18 13:28:12 [2022-03-18 12:28:12.678][request][INFO] POST /api/accounts/prelogin
Mar 18 13:28:12 [2022-03-18 12:28:12.679][response][INFO] POST /api/accounts/prelogin (prelogin) => 200 OK
Mar 18 13:28:12 95.91.246.76 - - [18/Mar/2022:12:28:12 +0000] "POST /api/accounts/prelogin HTTP/1.1" 200 32 "-" "Bitwarden_CLI/1.21.1 (LINUX)"
Mar 18 13:28:12 [2022-03-18 12:28:12.867][request][INFO] POST /identity/connect/token
Mar 18 13:28:12 [2022-03-18 12:28:12.929][vaultwarden::api::identity][INFO] User user.name@domain.tld logged in successfully. IP: XXX.XXX.XXX.XXX
Mar 18 13:28:12 [2022-03-18 12:28:12.929][response][INFO] POST /identity/connect/token (login) => 200 OK
Mar 18 13:28:12 95.91.246.76 - - [18/Mar/2022:12:28:12 +0000] "POST /identity/connect/token HTTP/1.1" 200 3189 "-" "Bitwarden_CLI/1.21.1 (LINUX)"
Mar 18 13:28:13 [2022-03-18 12:28:13.281][request][INFO] POST /identity/connect/token
Mar 18 13:28:13 [2022-03-18 12:28:13.287][response][INFO] POST /identity/connect/token (login) => 200 OK
Mar 18 13:28:13 95.91.246.76 - - [18/Mar/2022:12:28:13 +0000] "POST /identity/connect/token HTTP/1.1" 200 3189 "-" "Bitwarden_CLI/1.21.1 (LINUX)"
Mar 18 13:28:13 [2022-03-18 12:28:13.434][request][INFO] GET /api/sync?excludeDomains=true
Mar 18 13:28:13 [2022-03-18 12:28:13.943][response][INFO] GET /api/sync?<data..> (sync) => 200 OK
Mar 18 13:28:13 95.91.246.76 - - [18/Mar/2022:12:28:13 +0000] "GET /api/sync?excludeDomains=true HTTP/1.1" 200 825790 "-" "Bitwarden_CLI/1.21.1 (LINUX)"

Once again with 1.22.0 for the web log:

Mar 18 13:30:40 [2022-03-18 12:30:40.187][request][INFO] POST /identity/accounts/prelogin
Mar 18 13:30:40 [2022-03-18 12:30:40.188][response][INFO] 404 Not Found
Mar 18 13:30:40 95.91.246.76 - - [18/Mar/2022:12:30:40 +0000] "POST /identity/accounts/prelogin HTTP/1.1" 404 597 "-" "Bitwarden_CLI/1.22.0 (LINUX)"
Mar 18 13:30:40 [2022-03-18 12:30:40.338][request][INFO] POST /identity/connect/token
Mar 18 13:30:40 [2022-03-18 12:30:40.390][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: XXX.XXX.XXX.XXX. Username: user.name@domain.tld.
Mar 18 13:30:40 [2022-03-18 12:30:40.391][response][INFO] POST /identity/connect/token (login) => 400 Bad Request
Mar 18 13:30:40 95.91.246.76 - - [18/Mar/2022:12:30:40 +0000] "POST /identity/connect/token HTTP/1.1" 400 351 "-" "Bitwarden_CLI/1.22.0 (LINUX)"

So it looks like the CLI 1.22.0 is using a different API Path which seems to be missing on Vaultwarden :person_shrugging:
That is as far as I can report this issue.

I was unsure where to post this, here in the forum or as a github issue.
But since the github issue creation states:

Use this ONLY for bugs in vaultwarden itself. Use the Discourse forum (link below) to request features or get help with usage/configuration. If in doubt, use the forum

So that’s why you are reading this here :slight_smile:

Hope this helps solving the issue going forward.

Cheers :beers:
~ Elias

TOTP login works fine for me with 1.22.0. It’s not really secure to be putting your password on the command line, though.

If you have 2FA enabled, it may be more convenient to bypass that by using API key login instead.

After some digging I realized WEB_VAULT_VERSION=2.25.0 is used in my case which is still missing the API UI.
So I simply need to update.
Will be reporting back after that.

Login is now working with the API but still not with the normal username password and TOTP or Yubikey.

If you’re running on Arch Linux, you might be encountering

1 Like