Can't login if two factor authentication is enabled

TimoK · June 14, 2020, 7:15pm

Hello,
I recently installed Bitwarden_RS. If a user has two factor authentication enabled, the login fails from the Android-App and from the Web-Vault. It is not possible to enter a token. The server-time is correct. If the user only has enabled e-mail verification, an e-mail with a code is send.

My environment:
Bitwarden_RS version: 1.15.0-52ed8e4d
Bitwarden Web version: 2.14.0
Install method: Docker image
Reverse proxy: Apache/2.4.38 (Debian Buster)

Relevant logs:

[2020-06-14 20:04:48][request][INFO] POST /api/accounts/prelogin
[2020-06-14 20:04:48][response][INFO] POST /api/accounts/prelogin (prelogin) => 200 OK
[2020-06-14 20:04:48][request][INFO] POST /identity/connect/token
[2020-06-14 20:04:48][error][ERROR] 2FA token not provided
[2020-06-14 20:04:48][response][INFO] POST /identity/connect/token (login) => 400 Bad Request

docker-compose.yml:
Pastebin

Thank you very much!

jjlin · June 14, 2020, 7:39pm

So what exactly happens when the login fails? Screenshots would be helpful.

Your logs look normal. 2FA login is supposed to return 400 initially, after which the client is supposed to prompt the user for the 2FA token and retry the login.

TimoK · June 14, 2020, 7:47pm

The message “an unknown error has occurred” is shown.
There is simply no option to enter a token. The same happens with different browsers/devices and in the app.
Thanks

jjlin · June 14, 2020, 7:57pm

Open the browser dev tools (pressing F12 usually works), then try logging in via the web vault and see if that provides any further insight into what’s going wrong.

TimoK · June 14, 2020, 8:08pm

Thanks for your response.
I already tried that. I am only getting the HTTP 400 error. The console is not showing anything other.
Greetings

jjlin · June 14, 2020, 8:28pm

There should be response data returned along with the 400 error, e.g.

{"TwoFactorProviders":[0],"TwoFactorProviders2":{"0":null},"error":"invalid_grant","error_description":"Two factor required."}

Is that what you get? If so, it seems like it would be a client side issue, since it’s up to the client to prompt for the 2FA token.

TimoK · June 14, 2020, 8:51pm

The 404 error does not return anything:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
</body></html>

jjlin · June 14, 2020, 10:32pm

Well, that would explain why your apps aren’t prompting for 2FA. You’ll need to share more details of your config then, like probably the reverse proxy, and anything else that might be unusual.

TimoK · June 15, 2020, 6:29am

Hi, thanks for your response.
I found the error .
My Reverse Proxy is a Apache2 Webserver, with PHP-FPM. The option ProxyErrorOverride on was enabled for the vHost of the password manager and caused this issue.
So it was an problem with the reverse proxy.
Thanks for helping.

Topic		Replies	Views
Problem with U2F FIDO2 Help	10	1741	November 8, 2021
[SOLVED] "error saving twofactor"? Help	0	775	August 3, 2021
Firefox extension logs me out every couple of days Help	3	113	February 10, 2024
Bitwarden clients keep logging me out	9	442	January 12, 2024
Browser bitwarden addon wont login Help	7	2818	April 15, 2024

Can't login if two factor authentication is enabled

Related Topics