Sync issues with passkeys?

skibbipl commented 6 months ago

Subject of the issue

One of the sites I use, introduced passkeys. So I enabled it for my account and saved the data to vaultwarden (via official Firefox bitwarden client). Today I wanted to register passkey from another computer. But I've got error.

Deployment environment

Vaultwarden version: v1.30.1
Web-vault version: v2023.10.0
OS/Arch: linux/aarch64
Running within Docker: true (Base: Debian)
Environment settings overridden: true
Uses a reverse proxy: true
IP Header check: true (X-Real-IP)
Internet access: true
Internet access via a proxy: false
DNS Check: true
Browser/Server Time Check: true
Server/NTP Time Check: true
Domain Configuration Check: true
HTTPS Check: true
Database type: SQLite
Database version: 3.44.0
Clients used: Bitwarden official firefox extension
Reverse proxy and version:
Other relevant information:
Reverse proxy and version: Haproxy
Other relevant details:

Steps to reproduce

Registered passkey to one site on computer A. Tried to register another passkey on computer B - got error.

Expected behaviour

Register another passkey on computer B.

Actual behaviour

Got error registering passkey on computer B.

Troubleshooting data

[2023-12-20 23:00:16.114][request][INFO] GET /api/accounts/revision-date
[2023-12-20 23:00:16.117][response][INFO] (revision_date) GET /api/accounts/revision-date => 200 OK
[2023-12-20 23:00:22.148][request][INFO] PUT /api/ciphers/600712b1-223b-442a-affc-ad09e343a8c5
[2023-12-20 23:00:22.152][vaultwarden::api::core::ciphers][ERROR] The client copy of this cipher is out of date. Resync the client and try again.
[2023-12-20 23:00:22.152][response][INFO] (put_cipher) PUT /api/ciphers/<uuid> => 400 Bad Request

But when I tried to sync the client I've got "Sync failed" error despite seeing this in the logs:

[2023-12-20 23:01:38.103][request][INFO] POST /identity/connect/token
[2023-12-20 23:01:38.109][response][INFO] (login) POST /identity/connect/token => 200 OK
[2023-12-20 23:01:38.203][request][INFO] GET /api/sync
[2023-12-20 23:01:38.301][response][INFO] (sync) GET /api/sync?<data..> => 200 OK

So I deleted the entry for the site and saved it again i vaultwarden. Then I was able to save the passkey for the site.

BlackDex commented 6 months ago

Fully logout and back in with those clients.

If a client isn't in sync, Vaultwarden will refuse to store older data over newer data, which is the message you got in the logs.

skibbipl commented 6 months ago

OK, will try it tomorrow on another computer. Restarting browser is not enough to "reset" the state of the client?

BlackDex commented 6 months ago

No, the state is stored locally. You can trigger a manual sync via the menus somewhere, but that probably fails, which is why you need to logout and back in again

dani-garcia / vaultwarden