2FA login into Bitwarden via authenticator TOTP fails

[danielhass]

Bitwarden Beta

• [X] I'm using the new native Bitwarden Beta app and I'm aware that legacy .NET app bugs should be reported in bitwarden/mobile

Steps To Reproduce

1. On a freshly installed 2024.8.0 beta app, select self-hosted and enter server URL
2. Login via master password (I already received a login warning via mail so this steps seem to work)
3. Now the app presents you with the verification code screen where you should enter your TOTP as my account uses this method as 2FA
4. After entering a valid TOTP (which I verified via a parallel successful login into the web password manager of my instance), the app presents you with a pop-up saying "invalid verificationcode" (I use the German version so this is only roughly translated)

Additional context: I haven't seen any failing HTTP request or similar on my instance during the TOTP 2FA attempt.

Result: I'm unable to login into the Bitwarden app.

Expected Result

As I verified my TOTP via the web-based password manager of my instance I expect the login to work on mobile as well.

Actual Result

Login into Bitwarden app on self-hosted with TOTP 2FA not possible.

Screenshots or Videos

No response

Additional Context

No response

Build Version

2024.8.0 | Server: 2024.7.4

Environment Details

• Device: OnePlus 8T
• OS: Android 14

Issue Tracking Info

• [X] I understand that work is tracked outside of Github. A PR will be linked to this issue should one be opened to address it, but Bitwarden doesn't use fields like "assigned", "milestone", or "project" to track progress.

[bitwarden-bot]

Thank you for your report! We've added this to our internal board for review. ID: PM-11231

[subhashay]

This is seen not just in self hosted but also in bitwarden instance.

I had logged in with 2fa using previous version and updated to latest 2024.8.0.

No issues so far but upon clear data and then trying to login fails and 2fa verification .

[NovaSilentium]

Hi there,

This has been escalated for further investigation. If you have more information that can help us, please add it below.

Thanks!

[uaevuon]

I also had same issue. But I found workaround. If I tried login with other device, it accepts TOTP code. If I tried login with master password, it rejects.

[ralob]

I can confirm that 2FA login is also broke for me and am unable to independently login. The above workaround of approving the login from another device is the only way to access my vault on Android.

App version: 2024.8.0 (18985) Android OS: 14

[david-noa]

Can confirm the most recent beta release 2024.8.0 broke 2FA Device: Samsung Galaxy S23 Ultra Android version: 14 / One UI version: 6.1 2FA: Google Authenticator

Troubleshooting steps:

• Removed and re-linked Google Auth after time syncing both devices
• Re-installed Bitwarden Android App (beta)

"An error has occurred: Invalid verification code"

UPDATE: I have some more info that may help in isolating the issue: I noticed that when I added 'Email' as a 2FA method, and used the 3-dots menu in the App to switch to 'Email' verification during the 2FA step, the code I was sent (after several failed attempts to send) also resulted in this same "An error has occurred: Invalid verification code" pop-up message.

This would indicate the issue is within the App itself and it not handling the verification of the 2FA code correctly, and not related to the specific 2FA method being used. This is an important distinction here as I also get an email notification for a new login when I enter the correct code. This means App is saying "bad" but auth server is saying "good."

[mtalexan]

This also affects both the F-droid and non-F-droid beta builds equally.

[david-noa]

This is my first time coming to Bitwarden Android's Github page for a bug, so I'm not familiar with typical turnaround times or prioritization here, but can we get any kind of update on this issue?

Are there any other specific logs or troubleshooting steps that would help aid in your investigation?

UPDATE: for anyone trying to rollback their Bitwarden app because this issue broke their app, here's what worked for me:

1. Leave the Bitwarden beta program in the Google Play store
2. Uninstall Bitwarden (Beta 2024.8.0) app
3. IMPORTANT: Go into the App Info for the Google Play store app and choose Storage -> Clear cache (did not work for me without this step)
4. Reinstall Bitwarden app from Google Play store and check the version in App Info and it should be the previous build 2024.7.1 that still works without this 2FA issue

UPDATE 2: It looks like this has finally been fixed in 2024.8.1-beta (19099)