I am running Vaultwarden with OIDC SSO authentication through PocketID. SSO login works perfectly on the web vault, browser extensions, and desktop app. However the Bitwarden Android app fails.
Here is what happens on mobile. I enter my email address which is something pre-filled automatically. I click proceed with login. I get redirected to my OIDC provider PocketID and successfully authenticate with my Passkey. The app redirects back to Bitwarden App and then shows the error: SSO login currently not possible.
Edit: I noticed that before redirect it says something about an organization identifier which is just: vaultwarden-dummy-oidc-identifier
Is there any way to change this? Maybe thats the issue.
Other Bitwarden apps (Desktop, Browser Extension and WebVault) using the same OIDC provider work with no issues.
What I have tried so far includes deleting and reinstalling the Bitwarden app, clearing app cache and data, confirming WebSockets are enabled in Nginx Proxy Manager, and checking redirect URIs in PocketID which is https://vault.example.com/identity/connect/oidc-signin
My setup is Vaultwarden behind NPM on the npm network with SSO through PocketID using OpenID Connect. The domain is vw.domain.tld with an email domain whitelist for felgner.ch and SSO only mode enabled so all logins redirect to OIDC.
The screenshot attached shows the error message after successful OIDC authentication.
Has anyone successfully gotten mobile SSO working with Vaultwarden and PocketID? Is there a specific setting required for Android or iOS clients? Do I need Domain Verification in the admin panel?
Any help would be greatly appreciated.
You can find my redacted environment variables here:
