rbw ANYCOMMAND: failed to log in to bitwarden instance: failed to parse JSON: missing field `Kdf` at line 1 column 120

[Pablo12345678901]

rbw login: failed to log in to bitwarden instance: failed to parse JSON: missing fieldKdfat line 1 column 120

This issue appeared today (I use your tool every day). Version is the latest : 1.9.0

This is my configuration file :

{"email":"X@Y.Z",
"base_url":"https://vault.bitwarden.com/",
"identity_url":"https://identity.bitwarden.com/",
"notifications_url":"https://notifications.bitwarden.com/",
"lock_timeout":3600,
"sync_interval":1800,
"pinentry":"pinentry",
"client_cert_path":null
}

I tried to add the field 'Kdf' into it with value of 'PDKDF2 SHA-256' as well as '600000' - not working. I tried to add the field at every possible position within the configuration file (first, second, third, ...) - not working.

I think that Bitwarden changed a setting in the way a request has to be done (API).

Is there any way of seeing the sent and returned content of the JSON ?

Thank you.

[zaibakker]

Same problem for me when i use rbw sync or login No pb or error code when i use rbw register

Test on ubuntu 20.04/22.04 with rbw 1.9.0 I created a new account in bitwarden to verify if it was my other account or not

rbw config email xxx rbw register rbw sync

i changed pinentry to pinentry-tty but same pb. i check cnx to api with tcpdump

[ruapho]

Happens with a fresh install too.

[wwwsensor]

Same problem for me.

• Date ($ date): Tue Mar 26 01:06:27 PM CET 2024
• Sys: Artix Linux x86_64, 600 packages, paru, alacritty, zsh + bash
• Setup:
  • base_url: https://vault.bitwarden.eu
  • email: qwerty@qwerty.qwerty
• Note: I succesfully used rbw in the past.

[adrianschlatter]

Same problem.

• rbw 1.9.0
• Linux rtfm 6.5.0-1013-raspi #16-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 14 13:46:12 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux

Setup:

• new installation (OS and rbw)
• base_url: not set (standard US server)
• email: set (correctly)
• registered with OAuth2 client credentials (worked)

Problem:

rbw login throws:

rbw login: failed to log in to bitwarden instance: failed to parse JSON: missing field `Kdf` at line 1 column 120

Note:

I can still use rbw from other machines (Windows, MacOS) where rbw was already installed and registered.

rbw sync does not work anymore on another Ubuntu machine (just hangs without any output). rbw stop-agent did not change anything. rbw login returns immediately (not asking for password; no error). rbw unlock also hangs (no output).

[DavHau]

The same problem recently appeared at my machine. Cached passwords could still be used, but I noticed new ones are missing.

An rbw sync resulted first in this error:

rbw sync: failed to sync database from server: failed to parse JSON: missing field `access_token` at line 1 column 25

After an rbw purge and new login, it now results in this error:

rbw get: failed to log in to bitwarden instance: failed to parse JSON: missing field `Kdf` at line 1 column 120

[brooksvb]

My existing install is still working, but I tried setting up rbw on a fresh system and encountered this error during rbw login

[whitemilan]

Deleting the config.json file in $HOME/.config/rbw/ fixed it for me. You need to put in your credentials again, though.

[rehhouari]

Deleting the config.json file in $HOME/.config/rbw/ fixed it for me. You need to put in your credentials again, though.

Sadly it doesn't do anything on a fresh install:

rm ~/.config/rbw/config.json
rbw config set email user@example.com
rbw login

rbw login: failed to log in to bitwarden instance: failed to parse JSON: missing field `Kdf` at line 1 column 120

[zenware]

I've been trying to get this to work for a few days to no avail -- granted, it's my first time using rbw, so I won't

I haven't been able to pin it down exactly but this does seem to be an issue with the API request/response cycle against the official bitwarden API.

I'm not super familiar with debugging or even reading Rust code, but what I understand looking through the doy/rbw codebase, it seems to be landing on this section of pattern matching during an attempted rbw login that happens behind the scenes for commands like rbw sync etc. https://github.com/doy/rbw/blob/77eeb5b8bd9054529d0f8d551942b27640d22a1e/src/bin/rbw-agent/actions.rs#L199-L202

Since it's hitting the catchall, rather than the [IncorrectPassword](rbw::error::Error::IncorrectPassword) pattern, I have to imagine the error message shown is based on an API response. Either we're meant to provide the Kdf field (seems unlikely), or we are expecting the API to supply it and it's not, or it's not in the expected location?

What I find exceptionally interesting is that rbw register is totally unafflicted by this issue whatsoever, despite having very similar pattern matching cases.

Will attempt to take a closer look at this later and try some manual API requests as well as maybe try to write some integration test cases for rbw that cover this

[FelipeMarcelino]

Same here, trying this tool today as the first time and not getting this work yet.

[ehartmann]

Hi,

I'm facing the same issue. I've tracked done to the Bitwarden response on login, the response is

{"message":"Traffic from your network looks unusual. Connect to a different network or try again later. [Error Code 6]"}

So it looks like Bitwarden is detecting my login as a suspicious one.

[rjc]

Deleting the config.json file in $HOME/.config/rbw/ fixed it for me. You need to put in your credentials again, though.

@whitemilan It was the first thing I had tried, to no avail. Could you describe all the steps exactly, including which server you are connecting, please?

[whitemilan]

Deleting the config.json file in $HOME/.config/rbw/ fixed it for me. You need to put in your credentials again, though.

@whitemilan It was the first thing I had tried, to no avail. Could you describe all the steps exactly, including which server you are connecting, please?

My mistake. Apparently I tried to log in to bitwarden.com first, which failed because of the missing field Kdf, then deleted the config file and tried again with my works server, which worked. I usually only log in to work with this PC, did not realize the server change. I can reproduce the error now when logging in to bitwarden.com. My work server is on version 2022.12.0 if that helps.

[rjc]

@whitemilan Thanks for confirming that it is indeed an issue when authenticating agains the official bitwarden.com server.

[nozerorma]

Same here, was working great until today. Thought it was related to the rofi frontend as it asked for pass as usual and then nothing happened.

[ehartmann]

@rjc, I've contacted the Bitwarden support team, but not much help from them.

I'm using the official servers on the EU and as soon as it's not working, whatever I'm trying (rbw purge, rbw register) I could not log in anymore into Bitwarden official servers.

I have another computer (same external IP, same version of rbw, same version of Linux) and everything has been working well for months and is still working well.

On the computer where I cannot access Bitwarden anymore, I've just made some tests using the same User Agent as the official Bitwarden CLI, and now it works perfectly.

Afterward, everything is working well, even without the User-Agent modification.

And thanks a lot for your work on this CLI, it's way more usable than the official one.

[ohmer]

Same here on fresh install (MacOS 14.4.1). How did you change the User-Agent @ehartmann?

[ehartmann]

@ohmer, here is my patch. patch.txt

[ohmer]

Thanks @ehartmann, patched against tag 1.9.0 and no dice :-/

Did the register with API key:

❯ cat ~/Library/Application\ Support/rbw/device_id
<HIDDEN UUID4>
❯ cat ~/Library/Application\ Support/rbw/config.json
{"email":"<HIDDEN EMAIL>","base_url":null,"identity_url":null,"notifications_url":null,"lock_timeout":3600,"sync_interval":3600,"pinentry":"pinentry","client_cert_path":null}⏎

❯ target/debug/rbw login
rbw login: failed to log in to bitwarden instance: failed to parse JSON: missing field `Kdf` at line 1 column 120

[dylantompkins]

Also having this issue

[mdimitro]

@ohmer, here is my patch. patch.txt

I applied this patch against 1.9.0 on Arch, and rbw now works perfectly for me FWIW.

[nozerorma]

@ohmer, here is my patch. patch.txt

Applied against 1.9.0 on Tuxedo (Debian base) + EU server, working great

[tarantoj]

@ohmer, here is my patch. patch.txt

works great on NixOS after rbw purge, thanks!

pkgs.rbw.overrideAttrs (oldAttrs: {
      patches =
        oldAttrs.patches
        ++ [
          (
            pkgs.fetchpatch {
              name = "add-useragent.patch";
              url = "https://github.com/doy/rbw/files/14921243/patch.txt";
              sha256 = "sha256-SS+PTWA1UTsluts9Qtv+q3LJ22PTRUZ+usOB0aqz3Rk=";
            }
          )
        ];
    })

[wwwsensor]

Same problem for me.

• Date ($ date): Tue Mar 26 01:06:27 PM CET 2024
• Sys: Artix Linux x86_64, 600 packages, paru, alacritty, zsh + bash

• Setup:

  • base_url: https://vault.bitwarden.eu
  • email: qwerty@qwerty.qwerty
• Note: I succesfully used rbw in the past.

Update: I randomly tried again to login in today, without modifying any setting, and it worked flawlessly for some unknown reason.

[zaibakker]

@ohmer I applied the patch an ubuntu. It rock too!

[skeetmtp]

works also here Who's up to make a PR ?

[proxict]

Unfortunately, the patch doesn't cut it for me. I'm registered on the US server, using Argon KDF. What I've tried:

• rbw purge
• rm ~/.config/rbw/config.json
• rbw config set email <email>
• rbw register (fill in my client ID and client secret)
• rbw login

Still getting the same failed to parse JSON: missing fieldKdfat line 1 column 120 error.

EDIT: turns out, the old version of rbw-agent was still running. After killing the rbw-agent and restarting it (after recompiling with the patch), it works flawlessly. Thanks @ehartmann!

[Davidca089]

@mdimitro Hey whats up? If you dont mind me asking, how did you apply this with to your Arch system?

[ruapho]

Install Rust

1. git clone https://github.com/doy/rbw.git
2. cd rbw
3. wget https://github.com/doy/rbw/files/14921243/patch.txt
4. git apply patch.txt
5. cargo build --release

rbw and rbw-agent are compiled into target/release

The patch worked for me too, thx @ehartmann

[rjc]

4. git patch patch.txt

Might be worth editing your reply and correcting the command in step 4.

[adrianschlatter]

Very strange: My problem went away today. I still have rbw 1.9.0 (unpatched, not uninstalled / reinstalled, no config purge etc). as before but I got some updates via apt upgrade. Among other things, I got a kernel upgrade to

• Linux rtfm 6.5.0-1014-raspi #17-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 21 11:24:03 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux

from previously

• Linux rtfm 6.5.0-1013-raspi #16-Ubuntu SMP PREEMPT_DYNAMIC Thu Mar 14 13:46:12 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux

After a system reboot, rbw workes again. I cannot say for sure whether the kernel upgrade is the root cause, mind.

EDIT: Looking at the kernel dates, I have the impression I already got the kernel update before the problem started (but I had not rebooted the system, yet). Could this be a "pending reboot" problem?

[Myned]

I can second being able to login via rbw now without the patch (and I never applied the patch to begin with). I assume this is because Bitwarden received enough complaints to either remove some restrictions such as the user agent or whitelisted rbw specifically.

[rjc]

Like both @adrianschlatter and @Myned, I can now also sync again - I hadn't tried the patch on any of my systems and am no longer getting any login, or sync, issues.

This, obviously, had nothing to do with any software updates on any of my machines - I use rbw on both OpenBSD and macOS.

[doy]

is anyone still having trouble here? i don't currently see any issues logging into either the official bitwarden server or my personal vaultwarden. i'm not really comfortable impersonating the official bitwarden client as the patch above does, but i will start setting a real user agent string so that hopefully we can differentiate rbw traffic from other bot traffic.

[proxict]

I can confirm that rbw sync works again even without the patch. Setting a proper user-agent definitely sounds like a good idea though.

[ehartmann]

Hey @doy , it's also working on my side without my patch. I do agree that rbw should use its user-agent that's the reason why I did not create a pull request for this workaround.

[Pablo12345678901]

I confirm too that working again without the patch on Guix OS with rbw v1.9.0. Really weird... The initial issue is not present anymore.

[mdimitro]

@Davidca089 Seems this problem fixed itself, but in case it helps in the future:

What I did was duplicate Arch's package build instructions for rbw using the Arch Build System (see the wiki), saved the patch.txt into the root folder (next to the PKGBUILD), and then appended this line to the prepare() section: patch --strip=1 --input=../patch.txt (may need to alter the strip value or the "../" for any given package/patch, as needed) Then I simply ran makepkg(8) and installed the result.

Apologies for the delayed response, I guess I don't have notifications enabled.