Giters

doy / rbw

unofficial bitwarden cli

Home Page:https://git.tozt.net/rbw

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support for SSO?

fiskhest opened this issue · comments

commented

I'm an enforced SSO user of bitwarden, and when I try to login I get:

rbw list: failed to log in to bitwarden instance: api request returned error: 400

I have previously done a rbw register with my API credentials.

A quick search for sso in this repository yields no hits, so I just wanted to verify if the utility has support for sso or not before I dive further?

commented

sso is not currently supported, but i would be happy to review prs implementing it.

commented

I would like to share some additional information about current SSO state that maybe helpful.

I wasn't aware that SSO is not supported so I spend some time on debugging the issue using trial and error message before I find out this issue and learned that SSO is not supported. But since I didn't know that I almost made it working ;)

tl; dr; I initially thought that the problem is with 2FA not SSO. Since I disabled 2FA for testing I (my account ;) ) was removed from organisation. The plot twist is that I managed to logging using rbw after reenabling 2FA and being added back to the organisation.

longer version:
I tried to losing with rbw from 3 diferent 'fresh' (not registered in BW) systems: my Intel Macbook, Debian VM, M2 Macbook, always ending up with error 400 with out any additional information. My account was in organization with SSO and 2FA enabled. I know my master password and OTP codes ware correct since I was getting difrent error messages when I was deliberately entering wrong credentials.

The interesting thing happened when I was doped out from the organisation due to disabling 2FA for testing. Then I managed to login. After enabling 2FA and being added to organisation I couldn't login again. But after running rbw purge and religion I managed to access my vault. My guess it that there was no error 400 at this stage since my device was already registered in BW (since my api key didn't changed). Other possible explanation is that rbw purge deletes only password database but lefts some configuration data and this allows to get int the flow that doesn't trigger this error.