Closed Bug 1546779 Opened 6 years ago Closed 4 years ago

OAuth2 failure is not a password failure

Categories

(Thunderbird :: Account Manager, defect)

Product:
Thunderbird
Component:
Account Manager
Platform:
x86_64
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: ToddAndMargo, Unassigned)

Details

(Whiteboard: [has protocol log])

Attachments

(1 file)

imap.log.moz_log
3.67 MB, application/octet-stream
Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0

Steps to reproduce:

I am a consultant. I have Thunderbird spread across two counties.

Lately, I am getting multiple calls from folks whose eMail carrier has changed to OAuth2. They are pretty angry because they get told by Thunderbird that their password is incorrect, when it is not. Switching them to OAuth2 fixes the issue.

When this happens, would you please change the error message to state they have the wrong authentication method and not the wrong password.

Type: defect → enhancement
OS: Unspecified → All
Hardware: Unspecified → x86_64

Can you be more specific with a screen shot?

Component: Untriaged → Account Manager
Flags: needinfo?(ToddAndMargo)

Well, it is the exact same error pop up you see when you type in the wrong password for your IMAP server. Problem is that the password is correct, it is just that you are being rejected because you are not using OAuth2. It needs to state such.

Flags: needinfo?(ToddAndMargo)

Found this going though some old bugs. This looks like it's worth doing. Magnus, Ben?

Flags: needinfo?(mkmelin+mozilla)
Flags: needinfo?(benjamin)

I could be wrong, but I think it's likely the server doesn't tell us what the problem was (just auth failed), so there is no way for Thunderbird to know that not using OAuth2 is the problem.

If you have reason to think otherwise, get an imap log for the server in question. https://wiki.mozilla.org/MailNews:Logging

Flags: needinfo?(mkmelin+mozilla)
Flags: needinfo?(benjamin)

Todd, can you get a log for us?

Flags: needinfo?(ToddAndMargo)

Give me a few days

Flags: needinfo?(ToddAndMargo)
Attached file imap.log.moz_log

There are several OAuth2 accounts in this log. toddandmargo@gmail.com is the one with password set to normal, triggering the bogus bad password prompt

Flags: needinfo?(mkmelin+mozilla)
Whiteboard: [has protocol log]
Whiteboard: [has protocol log] → [has protocol log]

CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA ID XLIST CHILDREN X-GM-EXT-1 XYZZY SASL-IR AUTH=XOAUTH2 AUTH=PLAIN AUTH=PLAIN-CLIENTTOKEN AUTH=OAUTHBEARER AUTH=XOAUTH

So gmail tells us it accepts plain login. (And it does, if you enable that option in their UI.)

There's at least technically not a bug here.

Status: UNCONFIRMED → RESOLVED
Type: enhancement → defect
Closed: 4 years ago
Flags: needinfo?(mkmelin+mozilla)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: