Hi - i’m running vaultwarden with mysql backend. I’m having problems logging in (which I never used to) using Duo.
Vaultwarden is running on docker with vaultwarden:latest.
I get to the login page and enter my username and password. I’m redirected to the Duo screen and I select “Send me a push”. Push notification sent to my phone and I select Accept. The vaultwarden login screen then switches to a countdown saying redirecting to the main screen. Once the coutdown ends, I’m redirected back to the main screen wanting username and password.
The log files on the vaultwarden-sql container are the following:
[2025-04-01 19:13:01.826][request][INFO] GET /api/devices/knowndevice
[2025-04-01 19:13:01.828][response][INFO] (get_known_device) GET /api/devices/knowndevice => 200 OK
[2025-04-01 19:13:06.169][request][INFO] POST /identity/accounts/prelogin
[2025-04-01 19:13:06.170][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
[2025-04-01 19:13:06.221][request][INFO] POST /identity/connect/token
[2025-04-01 19:13:06.936][error][ERROR] 2FA token not provided
[2025-04-01 19:13:06.936][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
I understand the logs saying the 2FA token is not provided but how?? I’m not sure what’s going on now. There really isn’t anything to debug.
In my particular setup Duo is activated on user basis (not globally). Is there a way to configure vaultwarden to bypass Duo?
I’m not sure what else I can do to debug.
I’ve checked time synchronization on the docker vaultwarden server, client (which is Firefox running MBP), and iPhone (running Duo app). All seem to be at same time however I can’t pin down the exact seconds. All synchronize to time server and I don’t think there is a problem.
After trying to login I’m being sent a email from Vaultwarden warning me of an unauthorized login attempt.
Appreciate any help and I can send more logs if needbe.