[GH-ISSUE #5986] Unable to set YubiKey OTPs #2296

New issue

Closed

opened 2026-03-03 02:17:00 +03:00 by kerem · 5 comments

kerem commented 2026-03-03 02:17:00 +03:00

Owner

Copy link

Originally created by @JYLN on GitHub (Jun 24, 2025).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/5986

Vaultwarden Support String

Your environment (Generated via diagnostics page)

• Vaultwarden version: v1.34.1
• Web-vault version: v2025.5.0
• OS/Arch: linux/x86_64
• Running within a container: true (Base: Debian)
• Database type: SQLite
• Database version: 3.49.1
• Uses config.json: false
• Uses a reverse proxy: true
• IP Header check: true (X-Forwarded-For)
• Internet access: true
• Internet access via a proxy: false
• DNS Check: true
• TZ environment: America/Denver
• Browser/Server Time Check: true
• Server/NTP Time Check: true
• Domain Configuration Check: true
• HTTPS Check: true
• Websocket Check: true
• HTTP Response Checks: true

Config & Details (Generated via diagnostics page)

Show Config & Details

Config:

{
  "_duo_akey": null,
  "_enable_duo": false,
  "_enable_email_2fa": true,
  "_enable_smtp": true,
  "_enable_yubico": true,
  "_icon_service_csp": "",
  "_icon_service_url": "",
  "_ip_header_enabled": true,
  "_max_note_size": 10000,
  "_smtp_img_src": "*****://******************************",
  "admin_ratelimit_max_burst": 3,
  "admin_ratelimit_seconds": 300,
  "admin_session_lifetime": 20,
  "admin_token": "***",
  "allowed_connect_src": "",
  "allowed_iframe_ancestors": "",
  "attachments_folder": "data/attachments",
  "auth_request_purge_schedule": "30 * * * * *",
  "authenticator_disable_time_drift": false,
  "data_folder": "data",
  "database_conn_init": "",
  "database_max_conns": 10,
  "database_timeout": 30,
  "database_url": "***************",
  "db_connection_retries": 15,
  "disable_2fa_remember": false,
  "disable_admin_token": false,
  "disable_icon_download": false,
  "domain": "*****://*******************",
  "domain_origin": "*****://*******************",
  "domain_path": "",
  "domain_set": true,
  "duo_context_purge_schedule": "30 * * * * *",
  "duo_host": null,
  "duo_ikey": null,
  "duo_skey": null,
  "duo_use_iframe": false,
  "email_2fa_auto_fallback": false,
  "email_2fa_enforce_on_verified_invite": false,
  "email_attempts_limit": 3,
  "email_change_allowed": true,
  "email_expiration_time": 600,
  "email_token_size": 6,
  "emergency_access_allowed": true,
  "emergency_notification_reminder_schedule": "0 3 * * * *",
  "emergency_request_timeout_schedule": "0 7 * * * *",
  "enable_db_wal": true,
  "enable_websocket": true,
  "enforce_single_org_with_reset_pw_policy": false,
  "event_cleanup_schedule": "0 10 0 * * *",
  "events_days_retain": null,
  "experimental_client_feature_flags": "",
  "extended_logging": true,
  "helo_name": null,
  "hibp_api_key": null,
  "http_request_block_non_global_ips": true,
  "http_request_block_regex": null,
  "icon_blacklist_non_global_ips": true,
  "icon_blacklist_regex": null,
  "icon_cache_folder": "data/icon_cache",
  "icon_cache_negttl": 259200,
  "icon_cache_ttl": 2592000,
  "icon_download_timeout": 10,
  "icon_redirect_code": 302,
  "icon_service": "internal",
  "incomplete_2fa_schedule": "30 * * * * *",
  "incomplete_2fa_time_limit": 3,
  "increase_note_size_limit": false,
  "invitation_expiration_hours": 120,
  "invitation_org_name": "JaySyn Bitwarden",
  "invitations_allowed": true,
  "ip_header": "X-Forwarded-For",
  "job_poll_interval_ms": 30000,
  "log_file": null,
  "log_level": "info",
  "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f",
  "login_ratelimit_max_burst": 10,
  "login_ratelimit_seconds": 60,
  "org_attachment_limit": null,
  "org_creation_users": "",
  "org_events_enabled": false,
  "org_groups_enabled": false,
  "password_hints_allowed": true,
  "password_iterations": 100000,
  "push_enabled": false,
  "push_identity_uri": "https://identity.bitwarden.com",
  "push_installation_id": "***",
  "push_installation_key": "***",
  "push_relay_uri": "https://push.bitwarden.com",
  "reload_templates": false,
  "require_device_email": false,
  "rsa_key_filename": "data/rsa_key",
  "send_purge_schedule": "0 5 * * * *",
  "sendmail_command": null,
  "sends_allowed": true,
  "sends_folder": "data/sends",
  "show_password_hint": false,
  "signups_allowed": false,
  "signups_domains_whitelist": "",
  "signups_verify": true,
  "signups_verify_resend_limit": 6,
  "signups_verify_resend_time": 3600,
  "smtp_accept_invalid_certs": false,
  "smtp_accept_invalid_hostnames": false,
  "smtp_auth_mechanism": "Plain",
  "smtp_debug": false,
  "smtp_embed_images": false,
  "smtp_explicit_tls": null,
  "smtp_from": "************",
  "smtp_from_name": "JaySyn Bitwarden",
  "smtp_host": "*******************",
  "smtp_password": "***",
  "smtp_port": 587,
  "smtp_security": "starttls",
  "smtp_ssl": null,
  "smtp_timeout": 15,
  "smtp_username": "*********************",
  "templates_folder": "data/templates",
  "tmp_folder": "data/tmp",
  "trash_auto_delete_days": null,
  "trash_purge_schedule": "0 5 0 * * *",
  "use_sendmail": false,
  "use_syslog": false,
  "user_attachment_limit": null,
  "user_send_limit": null,
  "web_vault_enabled": true,
  "web_vault_folder": "web-vault/",
  "yubico_client_id": "112971",
  "yubico_secret_key": "***",
  "yubico_server": "https://api.yubico.com/wsapi/2.0/verify"
}

Vaultwarden Build Version

v1.34.1

Deployment method

Official Container Image

Custom deployment method

No response

Reverse Proxy

Cloudflare Tunnel

Host/Server Operating System

NAS/SAN

Operating System Version

Synology DSM 7.2.2-72806 Update 3

Clients

Web Vault

Client Version

v2025.5.0

Steps To Reproduce

1. Go to 'Settings > Security > Two-Step Login'
2. Click on 'Manage' next to 'Yubico OTP security key'
3. Enter master password
4. Follow the steps on the page to enter a YubiKey OTP

Expected Result

Yubikey OTP to save successfully without error

Actual Result

Receives a 'Invalid Yubikey OTP provided' error

Logs

[2025-06-24 10:06:44.197][request][INFO] PUT /api/two-factor/yubikey

[2025-06-24 10:06:44.338][error][ERROR] Invalid Yubikey OTP provided.

[CAUSE] DecodeError(

    InvalidByte(

        27,

        61,

    ),

)

[2025-06-24 10:06:44.339][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request

Screenshots or Videos

No response

Additional Context

The Cloudflare tunnel setup is new, the vault used to just run on an NGINX Reverse Proxy container within my NAS but I recently switched to the Cloudflare tunnel because I am managing multiple other resources for my domain within Cloudflare. I used to have 2 Yubikey OTPs saved to my account but had to reset my Yubikeys recently. Upon resetting, I haven't been able to save any OTPs within Vaultwarden. I have regenerated my Client ID and Secret twice. I have attempted the using the normal secret and adding a = based on another issue I found within the Github repo. I have explicitly set the server URL and unset the server URL for YubiKey. When testing the API within Postman and random nonce data, I am getting an OK response. Also, I have validated multiple OTPs on Yubikey's demo website. I did recently fix the IP header match, but that hasn't helped resolve my issue. I'm not entirely sure what I'm missing here. Thank you for any help in advance.

Originally created by @JYLN on GitHub (Jun 24, 2025). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/5986 ### Vaultwarden Support String ### Your environment (Generated via diagnostics page) * Vaultwarden version: v1.34.1 * Web-vault version: v2025.5.0 * OS/Arch: linux/x86_64 * Running within a container: true (Base: Debian) * Database type: SQLite * Database version: 3.49.1 * Uses config.json: false * Uses a reverse proxy: true * IP Header check: true (X-Forwarded-For) * Internet access: true * Internet access via a proxy: false * DNS Check: true * TZ environment: America/Denver * Browser/Server Time Check: true * Server/NTP Time Check: true * Domain Configuration Check: true * HTTPS Check: true * Websocket Check: true * HTTP Response Checks: true ### Config & Details (Generated via diagnostics page) <details><summary>Show Config & Details</summary> **Config:** ```json { "_duo_akey": null, "_enable_duo": false, "_enable_email_2fa": true, "_enable_smtp": true, "_enable_yubico": true, "_icon_service_csp": "", "_icon_service_url": "", "_ip_header_enabled": true, "_max_note_size": 10000, "_smtp_img_src": "*****://******************************", "admin_ratelimit_max_burst": 3, "admin_ratelimit_seconds": 300, "admin_session_lifetime": 20, "admin_token": "***", "allowed_connect_src": "", "allowed_iframe_ancestors": "", "attachments_folder": "data/attachments", "auth_request_purge_schedule": "30 * * * * *", "authenticator_disable_time_drift": false, "data_folder": "data", "database_conn_init": "", "database_max_conns": 10, "database_timeout": 30, "database_url": "***************", "db_connection_retries": 15, "disable_2fa_remember": false, "disable_admin_token": false, "disable_icon_download": false, "domain": "*****://*******************", "domain_origin": "*****://*******************", "domain_path": "", "domain_set": true, "duo_context_purge_schedule": "30 * * * * *", "duo_host": null, "duo_ikey": null, "duo_skey": null, "duo_use_iframe": false, "email_2fa_auto_fallback": false, "email_2fa_enforce_on_verified_invite": false, "email_attempts_limit": 3, "email_change_allowed": true, "email_expiration_time": 600, "email_token_size": 6, "emergency_access_allowed": true, "emergency_notification_reminder_schedule": "0 3 * * * *", "emergency_request_timeout_schedule": "0 7 * * * *", "enable_db_wal": true, "enable_websocket": true, "enforce_single_org_with_reset_pw_policy": false, "event_cleanup_schedule": "0 10 0 * * *", "events_days_retain": null, "experimental_client_feature_flags": "", "extended_logging": true, "helo_name": null, "hibp_api_key": null, "http_request_block_non_global_ips": true, "http_request_block_regex": null, "icon_blacklist_non_global_ips": true, "icon_blacklist_regex": null, "icon_cache_folder": "data/icon_cache", "icon_cache_negttl": 259200, "icon_cache_ttl": 2592000, "icon_download_timeout": 10, "icon_redirect_code": 302, "icon_service": "internal", "incomplete_2fa_schedule": "30 * * * * *", "incomplete_2fa_time_limit": 3, "increase_note_size_limit": false, "invitation_expiration_hours": 120, "invitation_org_name": "JaySyn Bitwarden", "invitations_allowed": true, "ip_header": "X-Forwarded-For", "job_poll_interval_ms": 30000, "log_file": null, "log_level": "info", "log_timestamp_format": "%Y-%m-%d %H:%M:%S.%3f", "login_ratelimit_max_burst": 10, "login_ratelimit_seconds": 60, "org_attachment_limit": null, "org_creation_users": "", "org_events_enabled": false, "org_groups_enabled": false, "password_hints_allowed": true, "password_iterations": 100000, "push_enabled": false, "push_identity_uri": "https://identity.bitwarden.com", "push_installation_id": "***", "push_installation_key": "***", "push_relay_uri": "https://push.bitwarden.com", "reload_templates": false, "require_device_email": false, "rsa_key_filename": "data/rsa_key", "send_purge_schedule": "0 5 * * * *", "sendmail_command": null, "sends_allowed": true, "sends_folder": "data/sends", "show_password_hint": false, "signups_allowed": false, "signups_domains_whitelist": "", "signups_verify": true, "signups_verify_resend_limit": 6, "signups_verify_resend_time": 3600, "smtp_accept_invalid_certs": false, "smtp_accept_invalid_hostnames": false, "smtp_auth_mechanism": "Plain", "smtp_debug": false, "smtp_embed_images": false, "smtp_explicit_tls": null, "smtp_from": "************", "smtp_from_name": "JaySyn Bitwarden", "smtp_host": "*******************", "smtp_password": "***", "smtp_port": 587, "smtp_security": "starttls", "smtp_ssl": null, "smtp_timeout": 15, "smtp_username": "*********************", "templates_folder": "data/templates", "tmp_folder": "data/tmp", "trash_auto_delete_days": null, "trash_purge_schedule": "0 5 0 * * *", "use_sendmail": false, "use_syslog": false, "user_attachment_limit": null, "user_send_limit": null, "web_vault_enabled": true, "web_vault_folder": "web-vault/", "yubico_client_id": "112971", "yubico_secret_key": "***", "yubico_server": "https://api.yubico.com/wsapi/2.0/verify" } ``` </details> ### Vaultwarden Build Version v1.34.1 ### Deployment method Official Container Image ### Custom deployment method _No response_ ### Reverse Proxy Cloudflare Tunnel ### Host/Server Operating System NAS/SAN ### Operating System Version Synology DSM 7.2.2-72806 Update 3 ### Clients Web Vault ### Client Version v2025.5.0 ### Steps To Reproduce 1. Go to 'Settings > Security > Two-Step Login' 2. Click on 'Manage' next to 'Yubico OTP security key' 3. Enter master password 4. Follow the steps on the page to enter a YubiKey OTP ### Expected Result Yubikey OTP to save successfully without error ### Actual Result Receives a 'Invalid Yubikey OTP provided' error ### Logs ```text [2025-06-24 10:06:44.197][request][INFO] PUT /api/two-factor/yubikey [2025-06-24 10:06:44.338][error][ERROR] Invalid Yubikey OTP provided. [CAUSE] DecodeError( InvalidByte( 27, 61, ), ) [2025-06-24 10:06:44.339][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request ``` ### Screenshots or Videos _No response_ ### Additional Context The Cloudflare tunnel setup is new, the vault used to just run on an NGINX Reverse Proxy container within my NAS but I recently switched to the Cloudflare tunnel because I am managing multiple other resources for my domain within Cloudflare. I used to have 2 Yubikey OTPs saved to my account but had to reset my Yubikeys recently. Upon resetting, I haven't been able to save any OTPs within Vaultwarden. I have regenerated my Client ID and Secret twice. I have attempted the using the normal secret and adding a `=` based on another issue I found within the Github repo. I have explicitly set the server URL and unset the server URL for YubiKey. When testing the API within Postman and random nonce data, I am getting an `OK` response. Also, I have validated multiple OTPs on Yubikey's demo website. I did recently fix the IP header match, but that hasn't helped resolve my issue. I'm not entirely sure what I'm missing here. Thank you for any help in advance.

kerem 2026-03-03 02:17:00 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-03-03 02:17:01 +03:00

Author

Owner

Copy link

@tsvico commented on GitHub (Jun 26, 2025):

Check your YUBICO_CLIENT_ID and YUBICO_SECRET_KEY. I had the same error as you before. When I reconfigured YUBICO_CLIENT_ID and YUBICO_SECRET_KEY, the error changed to

[2025-06-26 21:34:15.764][error][ERROR] Invalid Yubikey OTP provided.
[CAUSE] BadOTP
[2025-06-26 21:34:15.766][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request
[2025-06-26 21:39:35.638][request][INFO] GET /api/config
[2025-06-26 21:39:35.639][response][INFO] (config) GET /api/config => 200 OK
[2025-06-26 21:39:39.881][request][INFO] PUT /api/two-factor/yubikey
[2025-06-26 21:39:41.934][error][ERROR] Invalid Yubikey OTP provided.
[CAUSE] BadOTP
[2025-06-26 21:39:41.937][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request
[2025-06-26 21:46:41.828][request][INFO] PUT /api/two-factor/yubikey
[2025-06-26 21:46:43.803][error][ERROR] Invalid Yubikey OTP provided.
[CAUSE] ReplayedOTP

I can't solve the current problem

<!-- gh-comment-id:3008582061 --> @tsvico commented on GitHub (Jun 26, 2025): Check your YUBICO_CLIENT_ID and YUBICO_SECRET_KEY. I had the same error as you before. When I reconfigured YUBICO_CLIENT_ID and YUBICO_SECRET_KEY, the error changed to ``` [2025-06-26 21:34:15.764][error][ERROR] Invalid Yubikey OTP provided. [CAUSE] BadOTP [2025-06-26 21:34:15.766][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request [2025-06-26 21:39:35.638][request][INFO] GET /api/config [2025-06-26 21:39:35.639][response][INFO] (config) GET /api/config => 200 OK [2025-06-26 21:39:39.881][request][INFO] PUT /api/two-factor/yubikey [2025-06-26 21:39:41.934][error][ERROR] Invalid Yubikey OTP provided. [CAUSE] BadOTP [2025-06-26 21:39:41.937][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request [2025-06-26 21:46:41.828][request][INFO] PUT /api/two-factor/yubikey [2025-06-26 21:46:43.803][error][ERROR] Invalid Yubikey OTP provided. [CAUSE] ReplayedOTP ``` I can't solve the current problem

kerem commented 2026-03-03 02:17:01 +03:00

Author

Owner

Copy link

@tsvico commented on GitHub (Jun 26, 2025):

Check your YUBICO_CLIENT_ID and YUBICO_SECRET_KEY. I had the same error as you before. When I reconfigured YUBICO_CLIENT_ID and YUBICO_SECRET_KEY, the error changed to

[2025-06-26 21:34:15.764][error][ERROR] Invalid Yubikey OTP provided.
[CAUSE] BadOTP
[2025-06-26 21:34:15.766][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request
[2025-06-26 21:39:35.638][request][INFO] GET /api/config
[2025-06-26 21:39:35.639][response][INFO] (config) GET /api/config => 200 OK
[2025-06-26 21:39:39.881][request][INFO] PUT /api/two-factor/yubikey
[2025-06-26 21:39:41.934][error][ERROR] Invalid Yubikey OTP provided.
[CAUSE] BadOTP
[2025-06-26 21:39:41.937][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request
[2025-06-26 21:46:41.828][request][INFO] PUT /api/two-factor/yubikey
[2025-06-26 21:46:43.803][error][ERROR] Invalid Yubikey OTP provided.
[CAUSE] ReplayedOTP

I can't solve the current problem

I passed the test at https://demo.yubico.com/otp/verify and my debug log is

[2025-06-26 21:57:55.040][reqwest::connect][DEBUG] starting new connection: https://api.yubico.com/
[2025-06-26 21:57:55.334][hyper_util::client::legacy::connect::http][DEBUG] connecting to 13.249.213.128:443
[2025-06-26 21:57:55.337][hyper_util::client::legacy::connect::http][DEBUG] connected to 13.249.213.128:443
[2025-06-26 21:57:56.659][h2::client][DEBUG] binding client connection
[2025-06-26 21:57:56.660][h2::client][DEBUG] client connection bound
[2025-06-26 21:57:56.661][h2::codec::framed_write][DEBUG] send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384, max_header_list_size: 16384 }
[2025-06-26 21:57:56.663][h2::proto::connection][DEBUG] Connection; peer=Client
[2025-06-26 21:57:56.664][hyper_util::client::legacy::pool][DEBUG] pooling idle connection for ("https", api.yubico.com)
[2025-06-26 21:57:56.664][h2::codec::framed_write][DEBUG] send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 }
[2025-06-26 21:57:56.667][h2::codec::framed_write][DEBUG] send frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) }
[2025-06-26 21:57:56.927][h2::codec::framed_read][DEBUG] received frame=Settings { flags: (0x0), max_concurrent_streams: 128, initial_window_size: 65536, max_frame_size: 16777215 }
[2025-06-26 21:57:56.929][h2::codec::framed_write][DEBUG] send frame=Settings { flags: (0x1: ACK) }
[2025-06-26 21:57:56.931][h2::codec::framed_read][DEBUG] received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 2147418112 }
[2025-06-26 21:57:56.933][h2::codec::framed_read][DEBUG] received frame=Settings { flags: (0x1: ACK) }
[2025-06-26 21:57:56.935][h2::proto::settings][DEBUG] received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384, max_header_list_size: 16384 }
[2025-06-26 21:57:57.636][h2::codec::framed_read][DEBUG] received frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) }
[2025-06-26 21:57:57.638][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(1) }
[2025-06-26 21:57:57.639][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) }
[2025-06-26 21:57:57.642][h2::codec::framed_write][DEBUG] send frame=GoAway { error_code: NO_ERROR, last_stream_id: StreamId(0) }
[2025-06-26 21:57:57.643][h2::proto::connection][DEBUG] Connection::poll; connection error error=GoAway(b"", NO_ERROR, Library)
[2025-06-26 21:57:57.904][error][ERROR] Invalid Yubikey OTP provided.
[CAUSE] BadOTP
[2025-06-26 21:57:57.906][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request

If you have any ideas or solutions, please contact me

<!-- gh-comment-id:3008617421 --> @tsvico commented on GitHub (Jun 26, 2025): > Check your YUBICO_CLIENT_ID and YUBICO_SECRET_KEY. I had the same error as you before. When I reconfigured YUBICO_CLIENT_ID and YUBICO_SECRET_KEY, the error changed to > > ``` > [2025-06-26 21:34:15.764][error][ERROR] Invalid Yubikey OTP provided. > [CAUSE] BadOTP > [2025-06-26 21:34:15.766][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request > [2025-06-26 21:39:35.638][request][INFO] GET /api/config > [2025-06-26 21:39:35.639][response][INFO] (config) GET /api/config => 200 OK > [2025-06-26 21:39:39.881][request][INFO] PUT /api/two-factor/yubikey > [2025-06-26 21:39:41.934][error][ERROR] Invalid Yubikey OTP provided. > [CAUSE] BadOTP > [2025-06-26 21:39:41.937][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request > [2025-06-26 21:46:41.828][request][INFO] PUT /api/two-factor/yubikey > [2025-06-26 21:46:43.803][error][ERROR] Invalid Yubikey OTP provided. > [CAUSE] ReplayedOTP > ``` > > I can't solve the current problem I passed the test at [https://demo.yubico.com/otp/verify](https://demo.yubico.com/otp/verify) and my debug log is ``` [2025-06-26 21:57:55.040][reqwest::connect][DEBUG] starting new connection: https://api.yubico.com/ [2025-06-26 21:57:55.334][hyper_util::client::legacy::connect::http][DEBUG] connecting to 13.249.213.128:443 [2025-06-26 21:57:55.337][hyper_util::client::legacy::connect::http][DEBUG] connected to 13.249.213.128:443 [2025-06-26 21:57:56.659][h2::client][DEBUG] binding client connection [2025-06-26 21:57:56.660][h2::client][DEBUG] client connection bound [2025-06-26 21:57:56.661][h2::codec::framed_write][DEBUG] send frame=Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384, max_header_list_size: 16384 } [2025-06-26 21:57:56.663][h2::proto::connection][DEBUG] Connection; peer=Client [2025-06-26 21:57:56.664][hyper_util::client::legacy::pool][DEBUG] pooling idle connection for ("https", api.yubico.com) [2025-06-26 21:57:56.664][h2::codec::framed_write][DEBUG] send frame=WindowUpdate { stream_id: StreamId(0), size_increment: 5177345 } [2025-06-26 21:57:56.667][h2::codec::framed_write][DEBUG] send frame=Headers { stream_id: StreamId(1), flags: (0x5: END_HEADERS | END_STREAM) } [2025-06-26 21:57:56.927][h2::codec::framed_read][DEBUG] received frame=Settings { flags: (0x0), max_concurrent_streams: 128, initial_window_size: 65536, max_frame_size: 16777215 } [2025-06-26 21:57:56.929][h2::codec::framed_write][DEBUG] send frame=Settings { flags: (0x1: ACK) } [2025-06-26 21:57:56.931][h2::codec::framed_read][DEBUG] received frame=WindowUpdate { stream_id: StreamId(0), size_increment: 2147418112 } [2025-06-26 21:57:56.933][h2::codec::framed_read][DEBUG] received frame=Settings { flags: (0x1: ACK) } [2025-06-26 21:57:56.935][h2::proto::settings][DEBUG] received settings ACK; applying Settings { flags: (0x0), enable_push: 0, initial_window_size: 2097152, max_frame_size: 16384, max_header_list_size: 16384 } [2025-06-26 21:57:57.636][h2::codec::framed_read][DEBUG] received frame=Headers { stream_id: StreamId(1), flags: (0x4: END_HEADERS) } [2025-06-26 21:57:57.638][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(1) } [2025-06-26 21:57:57.639][h2::codec::framed_read][DEBUG] received frame=Data { stream_id: StreamId(1), flags: (0x1: END_STREAM) } [2025-06-26 21:57:57.642][h2::codec::framed_write][DEBUG] send frame=GoAway { error_code: NO_ERROR, last_stream_id: StreamId(0) } [2025-06-26 21:57:57.643][h2::proto::connection][DEBUG] Connection::poll; connection error error=GoAway(b"", NO_ERROR, Library) [2025-06-26 21:57:57.904][error][ERROR] Invalid Yubikey OTP provided. [CAUSE] BadOTP [2025-06-26 21:57:57.906][response][INFO] (activate_yubikey_put) PUT /api/two-factor/yubikey => 400 Bad Request ``` If you have any ideas or solutions, please contact me

kerem commented 2026-03-03 02:17:01 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Jun 26, 2025):

It looks like the library handling the request thinks it is a bad reqwest for some reason.
Ill have to check and see why

<!-- gh-comment-id:3008623897 --> @BlackDex commented on GitHub (Jun 26, 2025): It looks like the library handling the request thinks it is a bad reqwest for some reason. Ill have to check and see why

kerem commented 2026-03-03 02:17:01 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Jun 26, 2025):

Hmm, the library it self seems to work just fine as-is. Have to check further

<!-- gh-comment-id:3008631414 --> @BlackDex commented on GitHub (Jun 26, 2025): Hmm, the library it self seems to work just fine as-is. Have to check further

kerem commented 2026-03-03 02:17:01 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Jun 26, 2025):

Found the issue and fixed it.

<!-- gh-comment-id:3008777826 --> @BlackDex commented on GitHub (Jun 26, 2025): Found the issue and fixed it.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#2296

No description provided.