I was using 1.18 (bitwarden_rs) docker image of arm64 and it works perfectly.
I updated to vaultwarden 1.27.0 by recreate the container, and it works for a while (several minutes).
However, I’m not able to login via WebVault, chrome extension, android app., …etc, currently.
The logs merely says:
[2023-01-10 13:32:47.200][request][INFO] POST /identity/connect/token
[2023-01-10 13:32:47.201][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: xxx.xxx.xxx.xxx. Username: xxxx@xxx.com.
[2023-01-10 13:32:47.201][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
Hard to tell without more information. First of all, make sure you are running the latest version 1.27.0 (see #3082).
Can you post the full log and maybe even increase the LOG_LEVEL?
Also what does the /admin page say? Does it list your users and the expected the numbers of items? And can you share the support string from the diagnostics page?
To simplified the problem, let me focus on the WebVault first.
The container version is tagged as 1.27, the binary reports the version as 1.27.0, the web vault reports its version at the bottom as 2.25.0, and the /admin does not report its version.
Regarding the admin panel, I’ve configure the ADMIN_TOKEN in environment variable and admin_token in config.json with different value.
When I copy-paste the ADMIN_TOKEN to /admin, I see the “Configuration” page, however, the values are the default values, and are not the values loaded from config.json.
When using ADMIN_TOKEN, I have no access to other pages, such as /admin/user, /admin/diagnostics, …etc (http 401).
When I copy-paste the admin_token from config.json to /admin, it just said " Error: Invalid admin token, please try again."
The db.sqlite3 has 566 rows in ciphers table, and 2 rows in users table, which seems OK.
I’ll attach the log (level=trace extended=true) later, as I hit “too many requests” currently
Update: I forgot to refresh the web-vault between switching versions back and forth, the web-vault is indeed 2022.12.0
Okay. If you are using the latest docker image you should be using a newer version of the web-vault as it is bundled with the image (unless you are using a custom web-vault). As said in the linked issue #3082 the version should be reported as v2022.12.0 in the footer. So make sure you have started the new container and there is no other vaultwarden (or bitwarden_rs) container running.
One a side note the config.json generally overrides the values set via environment variables. See
If you can’t even login into the admin interface, i suspect that there is something in between which either blocks headers, clears cookies or something.
Check your reverse proxy for logs, and if you have security stuff enabled which could cause issues, like ModSecurity for example.
Same for some browser extensions, some tend to block specific headers, which could break logins.
Try a different browser with and without Private/incognito window.
I always use private window for debugging issues, and directly connect to docker container using container’s ip address without port forwarding/reverse proxy … etc.
When I submit the token to /admin, it shows the general setting pages with default values, (not reading from my config.json)
When I land to /admin/users/overview, the log shows:
If you want to properly decode that key, you need to use jwt.io
Looking at the message, it says expired. That to me looks like the server or container date/time, or timezone is not set correctly.
This causes the token to be expired instantly.
Only thing you can do to bypass it, is disable the admin token for a short while so you can access the diagnostics page and check.
I had a similar problem, sharing here in case anyone else finds it useful in the future. I moved VaultWarden docker to a new host. I was getting the error message "Username or password is incorrect. Try again " in the web interface when I logged in. I had the logs below
The solution in my case was very simple. When I copied the vw-data folder I had somehow missed copying one of the certificate files, rsa_key.pub.pem or rsa_key.pub. It could be the file was open when I was trying to copy it and because of that it wasn’t added to my zip file. Once I copied that file over it worked as expected.
[2024-08-02 15:54:46.364][request][INFO] POST /identity/accounts/prelogin
[2024-08-02 15:54:46.366][response][INFO] (prelogin) POST /identity/accounts/prelogin => 200 OK
[2024-08-02 15:54:46.374][request][INFO] POST /identity/connect/token
[2024-08-02 15:54:46.375][vaultwarden::api::identity][ERROR] Username or password is incorrect. Try again. IP: 192.168.x.x. Username: (removed)
[2024-08-02 15:54:46.376][response][INFO] (login) POST /identity/connect/token => 400 Bad Request
[2024-08-02 15:55:07.165][request][INFO] GET /alive
[2024-08-02 15:55:07.165][response][INFO] (alive) GET /alive => 200 OK
[2024-08-02 15:55:36.568][vaultwarden::api::core::two_factor][DEBUG] Sending notifications for incomplete 2FA logins
[2024-08-02 15:55:36.568][vaultwarden::api::core::accounts][DEBUG] Purging auth requests