knowndevice` endpoint #1544

New issue

Closed

opened 2026-03-03 02:10:04 +03:00 by kerem · 3 comments

kerem commented

2026-03-03 02:10:04 +03:00

Owner

Originally created by @hectorm on GitHub (Mar 26, 2023).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3375

Subject of the issue

After dani-garcia/vaultwarden#3329, the /api/devices/knowndevice endpoint returns an HTTP 400 error when receiving a base64 encoded string without padding in the X-Request-Email header.

It seems that the Bitwarden client removes the padding of base64 encoded strings:
https://github.com/bitwarden/clients/blob/web-v2023.3.0/libs/common/src/misc/utils.ts#L142

Deployment environment

Vaultwarden version: v1.28.0
Web-vault version: v2023.3.0b
Install method: Docker
Clients used: web vault
Reverse proxy and version: Caddy v2.6.4

Steps to reproduce

Enter the email in the web vault.

Expected behaviour

No error returned.

Actual behaviour

The /api/devices/knowndevice endpoint returns an HTTP 400 error and the following content is printed in the server logs:

[request][INFO] GET /api/devices/knowndevice
[vaultwarden::api::core::accounts::_][WARN] Request guard `KnownDevice` failed: "X-Request-Email value failed to decode as base64url".

Troubleshooting data

Request preview (base64 without padding)

Request preview (base64 with padding)

Originally created by @hectorm on GitHub (Mar 26, 2023). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/3375 ### Subject of the issue After dani-garcia/vaultwarden#3329, the `/api/devices/knowndevice` endpoint returns an HTTP 400 error when receiving a base64 encoded string without padding in the `X-Request-Email` header. It seems that the Bitwarden client removes the padding of base64 encoded strings: https://github.com/bitwarden/clients/blob/web-v2023.3.0/libs/common/src/misc/utils.ts#L142 ### Deployment environment * Vaultwarden version: v1.28.0 * Web-vault version: v2023.3.0b * Install method: Docker * Clients used: web vault * Reverse proxy and version: Caddy v2.6.4 ### Steps to reproduce Enter the email in the web vault. ### Expected behaviour No error returned. ### Actual behaviour The `/api/devices/knowndevice` endpoint returns an HTTP 400 error and the following content is printed in the server logs: ``` [request][INFO] GET /api/devices/knowndevice [vaultwarden::api::core::accounts::_][WARN] Request guard `KnownDevice` failed: "X-Request-Email value failed to decode as base64url". ``` ### Troubleshooting data <details><summary>Request preview (base64 without padding)</summary> ![](https://user-images.githubusercontent.com/852266/227808492-d96d82d8-4cd9-4eff-8e4f-9782326999aa.png) </details> <details><summary>Request preview (base64 with padding)</summary> ![](https://user-images.githubusercontent.com/852266/227808485-23267c28-14c1-4d75-9596-f26fbdaea440.png) </details>

kerem

2026-03-03 02:10:04 +03:00

closed this issue
added the
bug
label

kerem commented

2026-03-03 02:10:05 +03:00

Author

Owner

@BlackDex commented on GitHub (Mar 26, 2023):

Thanks for the detailed report.
It is strange as we do use Base64Url also.
Not yet checked detailed info this.

While it probably isn't a big deal, since that feature currently is only used for triggering password less login if I'm correct. It still shouldn't fail. All my test accounts didn't seem to trigger this.

@BlackDex commented on GitHub (Mar 26, 2023): Thanks for the detailed report. It is strange as we do use Base64Url also. Not yet checked detailed info this. While it probably isn't a big deal, since that feature currently is only used for triggering password less login if I'm correct. It still shouldn't fail. All my test accounts didn't seem to trigger this.

kerem commented

2026-03-03 02:10:05 +03:00

Author

Owner

@3XC1T3D commented on GitHub (Mar 27, 2023):

Hi,

we are issuing the same Warning in the logs of vaultwarden.

Beste regards

@3XC1T3D commented on GitHub (Mar 27, 2023): Hi, we are issuing the same Warning in the logs of vaultwarden. Beste regards

kerem commented

2026-03-03 02:10:05 +03:00

Author

Owner

@MaxXor commented on GitHub (Mar 31, 2023):

I'm a bit hesitant to update because of this. Does this actually affect the browser plugin that you can no longer log in or just a warning with no further impact?

@MaxXor commented on GitHub (Mar 31, 2023): I'm a bit hesitant to update because of this. Does this actually affect the browser plugin that you can no longer log in or just a warning with no further impact?