Open-Source Wikis

/

Bitwarden Server

/

Primitives

/

Device

bitwarden/server

Device

A registered client device. Defined at src/Core/Entities/Device.cs and persisted to dbo.Device. Devices are the targets of push notifications and the carriers of trusted-device-encryption keys.

Important columns

Column Notes
Id (Guid), UserId Identity.
Name Free-form display label.
Type DeviceType enum (Android, iOS, ChromeExtension, WindowsDesktop, MacOsDesktop, LinuxDesktop, FirefoxBrowser, OperaBrowser, EdgeBrowser, WindowsCLI, MacOsCLI, LinuxCLI, Server, WindowsConnector, MacOsConnector, LinuxConnector, iOSBrowser, AndroidBrowser, …).
Identifier Client-provided unique identifier (used for "trust this device" lookups).
PushToken APNs / FCM / WNS token used by IPushRegistrationService.
EncryptedUserKey TDE: user key encrypted with the device's public key.
EncryptedPublicKey, EncryptedPrivateKey TDE: per-device key pair, both encrypted under the user key (so a user can rotate keys for all their devices in one go).
Active Whether the device should still receive push notifications.
LastActivityDate Updated on every token refresh / login from this device.
CreationDate, RevisionDate Audit timestamps.

How it's used

  • PushIPushRegistrationService.CreateOrUpdateRegistrationAsync writes the PushToken to ANH or the local registration store.
  • TDE — for SSO-only orgs that don't want a master password, devices hold the wrapped user key. See features/auth.
  • Login With DeviceAuthRequest rows reference a Device id to know whose push to fire.
  • Trust — when a new device first authenticates, a Quartz job emails the user a "new device" notice.

Pruning

Stale devices are cleaned up by Quartz job logic in src/Api/Jobs/ (account-revision-date-driven) and on explicit user logout.

Where it shows up

Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.

Device – Bitwarden Server wiki | Factory