[GH-ISSUE #1074] Error decoding JWT #762

New issue

Closed

opened 2026-03-03 02:02:56 +03:00 by kerem · 5 comments

kerem commented 2026-03-03 02:02:56 +03:00

Owner

Copy link

Originally created by @talan-z on GitHub (Jul 26, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1074

Hello!
I have below issue. Hopefully there is an easy fix!

Subject of the issue

I created a new organization and invited a friend to join. Upon clicking the link, filling up the new account information, and submitting, the following appears on the webpage: Error decoding JWT.

Your environment

• Bitwarden_rs version: 1.16.0
• Install method: docker
• Clients used: Webpage
• Reverse proxy and version: caddy v1.0.5
• Version of mysql/postgresql: n/a
• Other relevant information:

Relevant logs

bitwarden_1 | [2020-07-26 14:12:36][request][INFO] GET /api/organizations/a52078e7-0de5-455c-93f9-872937062640/policies/token?token=eyJ0eXAiOiJKV1QiLCJhbGci
bitwarden_1 | [2020-07-26 14:12:36][error][ERROR] Error decoding JWT.
bitwarden_1 | [CAUSE] Error(
bitwarden_1 | ExpiredSignature,
bitwarden_1 | )
bitwarden_1 | [2020-07-26 14:12:36][response][INFO] GET /api/organizations/<org_id>/policies/token? (list_policies_token) => 400 Bad Request
bitwarden_1 | [2020-07-26 14:12:50][request][INFO] POST /api/accounts/register
bitwarden_1 | [2020-07-26 14:12:50][error][ERROR] Error decoding JWT.
bitwarden_1 | [CAUSE] Error(
bitwarden_1 | ExpiredSignature,
bitwarden_1 | )
bitwarden_1 | [2020-07-26 14:12:50][response][INFO] POST /api/accounts/register (register) => 400 Bad Request

Thank you,
Philipp

Originally created by @talan-z on GitHub (Jul 26, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1074 Hello! I have below issue. Hopefully there is an easy fix! ### Subject of the issue I created a new organization and invited a friend to join. Upon clicking the link, filling up the new account information, and submitting, the following appears on the webpage: Error decoding JWT. ### Your environment * Bitwarden_rs version: 1.16.0 * Install method: docker * Clients used: Webpage * Reverse proxy and version: caddy v1.0.5 * Version of mysql/postgresql: n/a * Other relevant information: ### Relevant logs bitwarden_1 | [2020-07-26 14:12:36][request][INFO] GET /api/organizations/a52078e7-0de5-455c-93f9-872937062640/policies/token?token=eyJ0eXAiOiJKV1QiLCJhbGci bitwarden_1 | [2020-07-26 14:12:36][error][ERROR] Error decoding JWT. bitwarden_1 | [CAUSE] Error( bitwarden_1 | ExpiredSignature, bitwarden_1 | ) bitwarden_1 | [2020-07-26 14:12:36][response][INFO] GET /api/organizations/<org_id>/policies/token?<token> (list_policies_token) => 400 Bad Request bitwarden_1 | [2020-07-26 14:12:50][request][INFO] POST /api/accounts/register bitwarden_1 | [2020-07-26 14:12:50][error][ERROR] Error decoding JWT. bitwarden_1 | [CAUSE] Error( bitwarden_1 | ExpiredSignature, bitwarden_1 | ) bitwarden_1 | [2020-07-26 14:12:50][response][INFO] POST /api/accounts/register (register) => 400 Bad Request Thank you, Philipp

kerem 2026-03-03 02:02:56 +03:00

• closed this issue
• added the
  enhancement
  low priority
  labels

kerem commented 2026-03-03 02:02:57 +03:00

Author

Owner

Copy link

@dani-garcia commented on GitHub (Jul 26, 2020):

The emails expire after five days I think, did he open the link after that time has passed?

<!-- gh-comment-id:664000048 --> @dani-garcia commented on GitHub (Jul 26, 2020): The emails expire after five days I think, did he open the link after that time has passed?

kerem commented 2026-03-03 02:02:58 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Oct 9, 2020):

Closing this long open issue. Please feel free to reopen if it is still not resolved 😄.

<!-- gh-comment-id:706416299 --> @BlackDex commented on GitHub (Oct 9, 2020): Closing this long open issue. Please feel free to reopen if it is still not resolved 😄.

kerem commented 2026-03-03 02:02:58 +03:00

Author

Owner

Copy link

@ItsShadowCone commented on GitHub (Apr 26, 2021):

As of currently, this is still the case. Also the email does not say anything about the five day limit.

We should provide a different error message if token decoding fails due to expiration, especially for invite links.

<!-- gh-comment-id:826752199 --> @ItsShadowCone commented on GitHub (Apr 26, 2021): As of currently, this is still the case. Also the email does not say anything about the five day limit. We should provide a different error message if token decoding fails due to expiration, especially for invite links.

kerem commented 2026-03-03 02:02:58 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Apr 26, 2021):

Well, the fefault value is 5 for upstream (although you can configure it there if self-hosted).
But it also does not mention this limit anywhere as far i can remember.

Though, we maybe can try to change the message maybe.

<!-- gh-comment-id:826853054 --> @BlackDex commented on GitHub (Apr 26, 2021): Well, the fefault value is 5 for upstream (although you can configure it there if self-hosted). But it also does not mention this limit anywhere as far i can remember. Though, we maybe can try to change the message maybe.

kerem commented 2026-03-03 02:02:58 +03:00

Author

Owner

Copy link

@BlackDex commented on GitHub (Jun 21, 2021):

I'm going to close this again, as we want to try and keep as close as possible to upstream.
If someone really want's to implement something regarding this we may accept a well written PR.

But in my opinion, it will only add more complexity since all tokens use the same decoding function.

<!-- gh-comment-id:865288487 --> @BlackDex commented on GitHub (Jun 21, 2021): I'm going to close this again, as we want to try and keep as close as possible to upstream. If someone really want's to implement something regarding this we may accept a well written PR. But in my opinion, it will only add more complexity since all tokens use the same decoding function.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

revert-7033-patch-1

cached-config-operations

test_dylint

1.35.8

1.35.7

1.35.6

1.35.5

1.35.4

1.35.3

1.35.2

1.35.1

1.35.0

1.34.3

1.34.2

1.34.1

1.34.0

1.33.2

1.33.1

1.33.0

1.32.7

1.32.6

1.32.5

1.32.4

1.32.3

1.32.2

1.32.1

1.32.0

1.31.0

1.30.5

1.30.4

1.30.3

1.30.2

1.30.1

1.30.0

1.29.2

1.29.1

1.29.0

1.28.1

1.28.0

1.27.0

1.26.0

1.25.2

1.25.1

1.25.0

1.24.0

1.23.1

1.23.0

1.22.2

1.22.1

1.22.0

1.21.0

1.20.0

1.19.0

1.18.0

1.17.0

1.16.3

1.16.2

1.16.1

1.16.0

1.15.1

1.15.0

1.14.2

1.14.1

1.14

1.13.1

1.13.0

1.12.0

1.11.0

1.10.0

1.9.1

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.0

1.3.0

1.2.0

1.1.0

1.0.0

0.13.0

0.12.0

0.11.0

0.10.0

0.9.0

Labels

Clear labels   

SSO

  

Third party

  

better for forum

  

bug

  

bug

  

documentation

  

duplicate

  

enhancement

  

future Vault

  

future Vault

  

future Vault

  

good first issue

  

help wanted

  

low priority

  

notes

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

troubleshooting

  

wontfix

No labels

SSO

Third party

better for forum

bug

bug

documentation

duplicate

enhancement

future Vault

future Vault

future Vault

good first issue

help wanted

low priority

notes

pull-request

question

troubleshooting

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/vaultwarden#762

No description provided.