thunderbird OAuth2 POP access should not offer OAuth2

RESOLVED FIXED in Thunderbird 42.0

Status

Thunderbird
Account Manager
RESOLVED FIXED
2 years ago
2 years ago

People

(Reporter: Helmut Leininger, Assigned: Magnus Melin)

Tracking

38 Branch
Thunderbird 42.0

Thunderbird Tracking Flags

(thunderbird39 wontfix, thunderbird40 fixed, thunderbird41 fixed, thunderbird42 fixed, thunderbird_esr3839+ fixed)

Details

Attachments

(1 attachment)

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20150525141253

Steps to reproduce:

I tried to get mails fromn the gmail account, set to advanced security.


Actual results:

Google rejects Thunderbird's try to access the account (does not accept the password). This happens only, if the gmail/google account is set to advanced security, and maybe created some years ago.
Note: Another test with a new gmail account created today (also advanced security set) seemed to work ok.
(Reporter)

Comment 1

2 years ago
The problem seems to occur only with POP3 access (the error message says a web login is required). IMAP access seems to work.
(Assignee)

Comment 2

2 years ago
I don't think OAUTH is supported for GMail POP access.
Summary: thunderbird problem with gmail advanced security → OAUTH thunderbird POP access doesn't work if setting gmail advanced security
Component: Untriaged → Security
Component: Security → Account Manager

Comment 3

2 years ago
This bug report doesn't seem to fit with a comment I received from Kent James on the Thunderbird Blog - 38 Release page:

I asked about exactly the same scenario, i.e. POP access with OAuth2 selected and receiving a password error from the Gmail server with Google secure access enabled.

This is his response:

"OAuth2 access was added for SMTP and IMAP in Thunderbird 38, but not for POP3."

When I then asked if it would be added in the future, this was his response:

"There are no specific plans for this. Maybe you should file a bug requesting it."

I am a humble end user, but thought this may be useful to the debate.

Comment 4

2 years ago
I had not checked the status of POP3 access in GMail my blog comment was about what had been added in Thunderbird. Checking, I see at least one blog post that mentions only IMAP and SMTP for Gmail. Can anyone give a more solid reference that says that POP3 access in GMail does not support OAuth?
(Assignee)

Updated

2 years ago
Summary: OAUTH thunderbird POP access doesn't work if setting gmail advanced security → thunderbird OAuth2 POP access doesn't work if setting gmail advanced security
(Reporter)

Comment 5

2 years ago
Another test today showed that Google's behaviuor does not seem to be consistent.

a)
new Gmail account created today with advanced security set
Thunderbird:
POP, SSL/TLD, Authentication password, normal
SMTP with Oauth2
--> ok, mails may be retreived and sent

b)
Gmail account created about 2 or 3 years ago, now changed to advanced security
Thunderbird settings as above
--> Authentification fails when trying to fetch mails

acount b) works ok with IMAP and Oauth2

Comment 6

2 years ago
Just updated a v old (2007) laptop running XP to Thunderbird 38.0.1.

This is set up to access my Gmail through IMAP so I wasnt expecting a problem like that with POP, but as soon as I chnage to Oauth2 the server rejects the connection with or without Google advanced security being enabled.

The Windows 7 notebook I updated a few days ago, after selecting Oauth2 intiated a verification exchange in a browser window that then made everything work.

The desktop I use for POP access is also old and running XP.

Should the OS have any effect on whether Oauth2 will work ?  Does Oauth2 use something in the OS that isnt present in XP ?  I realise that now XP is unsupported I should have moved on but my old machines otherwise do everything I need and being so old, arent worth updating and probably wont run a later OS anyway.

As a reasonably savvy end user I'm finding this and the reality of getting Oauth2 to work very confusing so I imagine there are many more of us !

Comment 7

2 years ago
I'm still confused by this bug. OAuth2 is not expected to work with POP3 as AFAIK Google does not support that. Is anyone disputing that? If not, this is a Google issue, not a Thunderbird issue.

Or do I misunderstand the reports here?

Comment 8

2 years ago
(In reply to Kent James (:rkent) from comment #7)
> OAuth2 is not expected to work with POP3 as
> AFAIK Google does not support that. Is anyone disputing that?

From https://developers.google.com/gmail/oauth_overview

"For non-Gmail clients, Gmail supports the standard IMAP and SMTP protocols. The Gmail IMAP and SMTP servers have been extended to support authorization via the industry-standard OAuth 2.0 protocol."

Seem pretty clear to me, POP3 is not mentioned at all on that page.

Comment 9

2 years ago
Let's morph this bug as reporting that POP3 offers OAuth2 as an option in Advanced account configuration, when there are no valid users of POP3 OAuth2 supported in Thunderbird.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: thunderbird OAuth2 POP access doesn't work if setting gmail advanced security → thunderbird OAuth2 POP access should not offer OAuth2
(Assignee)

Comment 10

2 years ago
Created attachment 8627905 [details] [diff] [review]
bug1174505_oauth_pop.patch
Assignee: nobody → mkmelin+mozilla
Status: NEW → ASSIGNED
Attachment #8627905 - Flags: review?(rkent)

Comment 11

2 years ago
Comment on attachment 8627905 [details] [diff] [review]
bug1174505_oauth_pop.patch

Review of attachment 8627905 [details] [diff] [review]:
-----------------------------------------------------------------

LGTM It's simple enough we should probably also land for esr38
Attachment #8627905 - Flags: review?(rkent)
Attachment #8627905 - Flags: review+
Attachment #8627905 - Flags: approval-comm-esr38?
(Assignee)

Comment 12

2 years ago
Thx. I'll land this with a small modification. (Should also make sure it's visible again if imap)
(Assignee)

Comment 13

2 years ago
https://hg.mozilla.org/comm-central/rev/59af84e68db1 -> FIXED
Status: ASSIGNED → RESOLVED
Last Resolved: 2 years ago
status-thunderbird38: --- → affected
status-thunderbird40: --- → affected
status-thunderbird41: --- → affected
status-thunderbird42: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 42.0

Comment 14

2 years ago
Comment on attachment 8627905 [details] [diff] [review]
bug1174505_oauth_pop.patch

http://hg.mozilla.org/releases/comm-aurora/rev/9f0be9a6369d
http://hg.mozilla.org/releases/comm-beta/rev/c394981a2bfa
http://hg.mozilla.org/releases/comm-esr38/rev/0a8994d729d6
Attachment #8627905 - Flags: approval-comm-esr38?
Attachment #8627905 - Flags: approval-comm-esr38+
Attachment #8627905 - Flags: approval-comm-beta+
Attachment #8627905 - Flags: approval-comm-aurora+

Updated

2 years ago
status-thunderbird38: affected → ---
status-thunderbird39: --- → wontfix
status-thunderbird40: affected → fixed
status-thunderbird41: affected → fixed
status-thunderbird_esr38: --- → fixed
tracking-thunderbird_esr38: --- → 39+
You need to log in before you can comment on or make changes to this bug.