I’m pretty sure I’ve fixed my problem, but I wanted to document it. The error message took me a LONG time to figure out. I’m pretty sure I’m right. If so, it might be the kind of thing to add better error messages, if that’s possible from the VaultWarden side.
Situation: I had an iPhone successfully using BitWarden with VaultWarden self-hosted (docker container, VaultWarden Version 2024.6.2 via Docker. (I can supply more details if necessary). I bought a new iPhone. I let the setup process clone from one phone to the other.
When I went to the new phone, I had to login on BitWarden. I supplied the username and master password. Then it asks me for my TOTP value. I supply the right one from my old phone. The new phone says (sorry I didn’t capture the exact words): Invalid push message from from server, failed to decode body (or something similar).
As you can imagine, it’s a lot of work to set up this scenario, and once I got it working I lost the powerful incentive to set it up and test it more. 
Anyways, I feel confident that something was copied (e.g., session token or similar) when the iOS cloning/copying happened. So when it tried to validate the TOTP (or maybe when it sent it?) it didn’t work.
The workaround was to delete BitWarden from my new phone and reinstall. With it clean, all I had to do was login. But while the migrated app data was present on my phone, it wouldn’t login.
Like I said: I can’t tell if that’s something VaultWarden can actually detect and signal somehow. Sometimes VaultWarden’s error messages seem like they’re being displayed verbatim by the BitWarden client, but I know this is a complex dance.
I just wanted to post here and explain what I was seeing, how it manifested, and then what the solution was.
FYI