Google services not working: OAuth2 failure when using Google Account (Fixed in TB 68.2.1) - Affects IMAP accounts and 3rd-party add-on "Provider for Google Calendar" (check https://github.com/kewisch/gdata-provider/ and ATN) - Workaround: Comment #22
Categories
(Thunderbird :: Account Manager, defect)
Tracking
(thunderbird_esr6870+ fixed, thunderbird71 fixed, thunderbird72 fixed)
People
(Reporter: admin, Unassigned)
References
Details
(Keywords: regression)
Attachments
(3 files)
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0
Steps to reproduce:
Clean install Thunderbird 68.2
- Add Gmail account
- Fill in Google Authentication popup window and allow app
- Fails at next window
Actual results:
Email is not synced at all
Warning saying:
Unable to log in at server. Probably wrong configuration, username or password
Password & username is correct
Expected results:
Login should Continue and account should start syncing email
Tried older versions and latest Thunderbird beta 71 with the same results
Maybe Google has changed something with their OAuth2 requirements ?
Also should note the email is not auto-filled in the Google login popup (this used to be auto-filled)
Comment 3•5 years ago
|
||
I test creating my Google IMAP account and Comcast POP3 account with every release candidate. I had no problem creating the accounts when testing the 68.2 candidate on Ubuntu 18.04.2 LTS. I still have that test profile and I can get mail on the account.
After seeing this bug report in my Gmail Bugzilla folder, I tested my 68.2 with a test profile on both Windows 10 and Ubuntu, and can reproduce the problem.
Comment 4•5 years ago
|
||
I just tested creating the account with a new test profile using 71.0b1 on Ubuntu 18.04.3 LTS and can reproduce.
I don't recall seeing the dialogs from Google that appear now when testing release candidates.
Comment 5•5 years ago
|
||
No changes in that area between TB 70 beta 4 and TB 71 beta 1. Does it still work with TB 68?
Comment 7•5 years ago
|
||
Sorry, you said 68.2.0. Hmm, looks like Google finally tightened the screw. Magnus and Andrei, do you know anything about this?
Comment 8•5 years ago
|
||
Creating an account in 68.2 with a test profile. No.
The user would normally get a dialog window with the email address already filled in and all they had to do was click "Next" to get to the dialog window to enter the password. Now I have to fill in my email or phone number.
Entering the email address and clicking next brings up the window to fill in the password, showing my email address and avatar associated with the account.
Typing in the password and clicking next brings up the "Mozilla Thunderbird Email wants to access your Google Account" dialog window.
Clicking the "Allow" button is where it fails.
No problem using my account in 68.2 or 70.0b1 or 72.0a1 with the production profiles on Windows 10 or Linux.
Comment 9•5 years ago
|
||
I've just confirmed it. After answering all the Google prompts incl. tying in a code received via SMS, the authentication fails :-( - An existing account still seems to work.
Comment 11•5 years ago
|
||
Yeah, I can't get gmail to auth either. The google oauth stuff looks the same to me, we still have the same authorizations we had before. There weren't any messages from Google either.
The only thing I can think of is that there is apparently a token rate limit, but it's not clear to me what that applies to, and there's no data for how many tokens we're granting per day, so I have no idea if it's even working right.
Comment 12•5 years ago
•
|
||
After setting mail.wizard.logging.dump to 'all' and mail.wizard.logging.console to 'all', when Thunderbird makes a request to https://www.googleapis.com/oauth2/v3/token the response is '400 bad request' with {"error": "invalid_grant", "error_description": "Malformed auth code."}
https://blog.timekit.io/google-oauth-invalid-grant-nightmare-and-how-to-fix-it-9f4efaf1da35
Googling makes it sound like it's a generic error that can apply to any number of scenarios. So I don't know. Maybe Fallen has some idea what could be going on here? Do we have Google contacts we can ask about this?
As of this moment, gmail auth is broken for all users and the error message may as well be 'something is wrong'.
Comment 13•5 years ago
|
||
I just came across this on the mozillaZine forum where the poster indicates using "normal password authentication" works.
http://forums.mozillazine.org/viewtopic.php?p=14848558#p14848558
Comment 14•5 years ago
|
||
Yes, you can set an app password using the "less secure apps" option in Google as a workaround. That won't fix the oauth bug itself, of course.
Updated•5 years ago
|
Comment 15•5 years ago
|
||
I can confirm the bug, at least in 60 (i'm switching to 68 now...), 32bit, Win7.
Trouble happen if users change their password, and (i suppose) more generally on token change. If token is valid, all works as expected.
Obviously 'normal password' works if enabled on google site.
Updated•5 years ago
|
Comment 17•5 years ago
•
|
||
Looking at the docs at https://developers.google.com/identity/protocols/OAuth2InstalledApp we should probably update the urls as so.
- "https://accounts.google.com/o/oauth2/auth",
- "https://www.googleapis.com/oauth2/v3/token",
+ "https://accounts.google.com/o/oauth2/v2/auth",
+ "https://oauth2.googleapis.com/token",
Unfortunately, that doesn't help any :(
These are the relevant network requests. For the AccountChooser for whatever reason we end with a param to get sent to the legacy auth (https://accounts.google.com/signin/oauth/legacy/consent). I'd imagine that's the root of the problem.
curl 'https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Upgrade-Insecure-Requests: 1'
curl 'https://accounts.google.com/signin/oauth?client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&as=raOi9ApwBeyZIud8WPVzhg&Email=example@gmail.com&destination=http://localhost&approval_state=!ChR2ZTJFaTBWQ2ZtMzhvMEVFOXhySxIfMDFiWFlJVWhNejhhOERFdWhZOThQY18xSm8zSDRSWQ%E2%88%99AJDr988AAAAAXbrIfhVE7FpoqoGhuBlX2DvLqjmU3VA6&oauthriskyscope=1&xsrfsig=ChkAeAh8T_oe9FxRgZIFTl3qVXN0iKZcn16rEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'
curl 'https://accounts.google.com/signin/oauth?client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&as=raOi9ApwBeyZIud8WPVzhg&Email=example@gmail.com&destination=http://localhost&approval_state=!ChR2ZTJFaTBWQ2ZtMzhvMEVFOXhySxIfMDFiWFlJVWhNejhhOERFdWhZOThQY18xSm8zSDRSWQ%E2%88%99AJDr988AAAAAXbrIfhVE7FpoqoGhuBlX2DvLqjmU3VA6&oauthriskyscope=1&xsrfsig=ChkAeAh8T_oe9FxRgZIFTl3qVXN0iKZcn16rEg5hcHByb3ZhbF9zdGF0ZRILZGVzdGluYXRpb24SBXNvYWN1Eg9vYXV0aHJpc2t5c2NvcGU' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'
curl 'https://accounts.google.com/AccountChooser?oauth=1&continue=https%3A%2F%2Faccounts.google.com%2Fsignin%2Foauth%2Flegacy%2Fconsent%3Fauthuser%3Dunknown%26part%3DAJi8hAP_NCRJtKpGW84MoNR_ltqVjGRuVys1ie0r3UyClXR5iskmXA3AvkNOVmPpFQ3iLzzHjApPhYeoo9SgwTuTLgtOaHE4qhcpqVkCjNqjEQWuV30xTzu1hyEwxH45I3JYe5fGIgn0SPU8P912AklFPgq_Nx4gBsgugTKAbVZ7R0wPKJJis302QEb_sDQ2XobkQdG5B3Xjt18t-SWZIxz8iElJdSQ6XOs5AhrqLRsImXVdwsQOAIlLz75bd5bfHLTpqd4RkvXsS1b7EgBsSc0X8l00Rpdn3vKbi3tdRHGPb7-q1YN5vG_LFpVo5rL8mp_oeEsPw9IHc0vdixIsB3SaN9QHhVoXiS6UHszRZhkbBsnlfeqF5nBSbiYs6UdxH3pjtcnNmCTvq0BPnXqcip8RqLkym9-AxcZ-9hD8MgHw3o_523pML4w%26as%3DraOi9ApwBeyZIud8WPVzhg%23' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Thunderbird/72.0a1' -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=406964657835-aq8lmia8j95dhl1a2bvharmfk3t1hgqj.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost&scope=https%3A%2F%2Fmail.google.com%2F&login_hint=example%40gmail.com' -H 'DNT: 1' -H 'Connection: keep-alive' -H 'Cookie: OCAK=fwSdeZHWp9M0a0jvnbwWEu57NPSzYGYQXIyvq3awhbw; GAPS=1:VErCzlQH5r0KkWvwZjsi5_lWb08Aag:iGBDQu8UQ1COgpda' -H 'Upgrade-Insecure-Requests: 1' -H 'TE: Trailers'
Comment 20•5 years ago
|
||
For the authentication step, override the useragent and change it to Firefox.
Comment 22•5 years ago
|
||
As per comment #20 and https://github.com/kewisch/gdata-provider/issues/26#issuecomment-547994463, setting general.useragent.compatMode.firefox to true allows IMAP access again. Not tested for gData, but no reason to distrust the GitHub post.
Updated•5 years ago
|
Comment 23•5 years ago
|
||
I tested the workaround with gData for Calendar and it worked as expected.
Comment 24•5 years ago
|
||
I confirm too, workaround work!
(tested win32 60.9.0 version)
Comment 25•5 years ago
|
||
As far as I can tell, this works. I claim no merit, all I did was copy/paste.
Comment 26•5 years ago
|
||
Jorg, would Bug 1592342 depends on this bug?
Comment 28•5 years ago
|
||
Thanks, Richard, also for writing up the nice summary over in bug 1592342. We can collect the duplicates here.
Comment 29•5 years ago
|
||
A bit off the wagon but wanted to mention it in case anyone else found this bug and is on TB 70.0b4 with Lightning+Provider for Google Calendar 70.b4. Flipping general.useragent.compatMode.firefox=true on TB 70.0b4 has totally resolve a weird stuttering / lagging / slowness issue I've been experiencing ever since moving to 70.0b and now my work machine is snappy and responsive again. Sorry for the noise.
Comment 30•5 years ago
|
||
Comment 31•5 years ago
|
||
And more comments from IRC:
20:48:13 - Fallen: I'd recommend to use https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams in the Thunderbird patch
20:50:29 - pmorris has left the room (Quit: Ping timeout: 121 seconds).
20:50:59 - Fallen: Something like let url = new URL(aData); let params = new URLSearchParams((url.search || url.hash).substr(1)); and then use params.get("code") instead of results.code
20:51:29 - Fallen: possibly find out if they are using the hash or the search part of the url and then just use the right thing
20:52:24 - Fallen: Maybe a Cu.importGlobalProperties for URL and/or URLSearchParams
Comment 32•5 years ago
|
||
Comment 33•5 years ago
|
||
Pushed by mozilla@jorgk.com:
https://hg.mozilla.org/comm-central/rev/57532519642e
Port OAuth2 decoding fix from gData add-on. r=mkmelin DONTBUILD
Updated•5 years ago
|
Comment 34•5 years ago
|
||
TB 71 beta 2:
https://hg.mozilla.org/releases/comm-beta/rev/e4607a1592d21563c3daa8ea441519b63fb5ba62
Comment 35•5 years ago
|
||
TB 68.2.1 ESR:
https://hg.mozilla.org/releases/comm-esr68/rev/afe823a25c03b91217ff767b360f14e289f3671d
Comment 36•5 years ago
|
||
Comment 37•5 years ago
|
||
Seems to be working in the 68.2.1 build.
Comment 38•5 years ago
|
||
Does someone remember if the email (user) used to get pre-filled properly? (It's not atm.)
When testing this fix we should remember to check the other providers too are working.
Comment 39•5 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #38)
Does someone remember if the email (user) used to get pre-filled properly? (It's not atm.)
It is filled in automatically, if the workaround as proposed in comments #20, #22 and #29 is done. I believe to remember that it has been done automatically before Google's recent change, Is I noticed that now I had to check for the user as I do have multiple accounts.
Updated•5 years ago
|
Comment 43•5 years ago
|
||
(In reply to Magnus Melin [:mkmelin] from comment #38)
Does someone remember if the email (user) used to get pre-filled properly? (It's not atm.)
When testing this fix we should remember to check the other providers too are working.
FWIW, in 68.2.0, it is possible to set up a new Yahoo! Mail account with OAuth, and the username is prefilled in the web login popup.
Comment 44•5 years ago
|
||
You misunderstood: We wanted to test whether TB 68.2.1 with the modification affected OAuth2 authentication of Yahoo, Yandex or others. Apparently that's not the case.
Comment 45•5 years ago
|
||
No, I didn't misunderstand. I was just giving a data point that freshly setting up a Yahoo! Mail account with OAuth did work in 68.2.0, and the account name was prefilled, unlike with Gmail. The fact that I wasn't talking about 68.2.1 is why I led with "FWIW". Glad to hear the change for Google didn't break Yahoo! or others.
Comment 46•5 years ago
|
||
Why is 60.9.1 not released? From a supporters point of view you should not force the upgrade from 60.* to 68.* in this context.
Comment 47•5 years ago
|
||
(In reply to Alex Ihrig from comment #46)
Why is 60.9.1 not released? From a supporters point of view you should not force the upgrade from 60.* to 68.* in this context.
Good questions.
a) we're not forcing updates. we're using the normal update process.
b) we're not doing 60.9.1 as a first choice because what if something goes wrong with that update, or it is insuficient to fix the issue? 68 is a better platform from which to iterate
c) we planned to update users from 60 to 68 anyway
Comment 48•5 years ago
|
||
Nevertheless, since 68.x breaks compatibility with so many extensions, many of which will never be updated, it would be a nice gesture to release a 60.9.1, given how severely Gmail and Google Calendar are broken on all prior versions. You wouldn't have to rejigger the update process that's already set to lift people up to the 68.x branch; you could simply make 60.9.1 available under https://archive.mozilla.org/pub/thunderbird/releases/ for those who know to look there.
Of the 5 add-ons that I use:
- 1 was updated (I haven't yet had time to test it).
- 1 was reimplemented as a separate MailExtension by a different author (again, haven't yet had time to test the new version to confirm everything still works).
- 1 was apparently updated to the new packaging requirements, but doesn't actually function.
- 2 seem to have been abandoned by their authors and there's a good chance they'll never be updated or reimplemented.
So with only 2 out of 5 of my add-ons (at least theoretically) working, it'd be nice to be able to keep a working version of 60.x around, and just be aware not to view untrusted emails with it, since it won't be getting any more security updates.
Comment 49•5 years ago
|
||
Out of interest: List those five add-ons.
Comment 50•5 years ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #47)
(In reply to Alex Ihrig from comment #46)
Why is 60.9.1 not released? From a supporters point of view you should not force the upgrade from 60.* to 68.* in this context.
Good questions.
a) we're not forcing updates. we're using the normal update process.
b) we're not doing 60.9.1 as a first choice because what if something goes wrong with that update, or it is insuficient to fix the issue? 68 is a better platform from which to iterate
c) we planned to update users from 60 to 68 anyway
You seemed to have forced the update on me! I woke up this morning to a computer that had Thunderbird 60.x running and a dialog box saying to click here to restart Thunderbird with this new (broken) version of Thunderbird. I didn't ask for this ergo I was forced!
Note I had been running the new Thunderbird (68) on a laptop but not my desktop. I was not impressed. Many extensions were broken so I was waiting for them to be updated and working before I would update my desktop but you (thunderbird not you Dan) forced this update on me. Now I'll try to downgrade to 69.0b4...
Comment 51•5 years ago
|
||
Ugh, tried 69.0b4 and it screwed up my entire thunderbird installation! Now I have to recover. Thanks guys!
Comment 52•5 years ago
|
||
In 'Options' > 'Update':
I have selected 'Check for updates, but let me choose whether to install them'
Thunderbird does as expected. I see a pop up saying there is a new update and asking if I want to update.
If you have the 'Automatically install updates' option selected - note this is selected by default - then Thunderbird will auto update at the appropriate time. You would then prompted to restart.
What do you mean by 'this new (broken) version' ? Do you only mean you are using addons created by various users/authors and those addons are not working ?
If yes, then Thunderbird is not broken. You may discover many addons can be updated / some are in the pipline / some issues can be fixed by alternative ways. Suggest you ask a question in the Support Forum to see if something can be done.
Or
are you refering to the bug discussed in this bug report which claims the update has fixed?
Are you using the up to date addon: Provider for Google Calendar version 68.0
What issue are you experiencing with the Imap gmail account?
Comment 53•5 years ago
|
||
(In reply to Andrew DeFaria from comment #50)
Many extensions were broken so I was waiting for them to be updated and working before I would update my desktop but you (thunderbird not you Dan) forced this update on me. Now I'll try to downgrade to 69.0b4...
Extension authors "only" had about half a year time to update their extensions. IMHO, what isn't updated by now should be considered unmaintained and not fit for use any more.
I really don't understand why after an undesired automated upgrade from 60 to 68 you'd go even further and install a 69 beta 4 version. And then blame others for that "screw up".
Comment 54•5 years ago
|
||
It's a loss of functionality nonetheless. In this instance my entire calendar is inoperable! I didn't ask for that so yes I tried to go to a version that might have a chance of getting my functionality back. There was a post that hinted that that 69.01b might work. When I went to the download area I saw 69.04b so I tried that. What I ended up with was a bare-bones installation - no email accounts, no add-ons, nothing.
Have you ever heard of the saying "If it ain't broke then don't fix it"? This wasn't broken until you broke it. And there appears to be no (simple) way back. I didn't ask for my email client of some 17 years to break so horribly. In fact, I was purposely avoiding it by testing it out on another system (laptop). I didn't even get a chance to say "Thanks but no thanks, I'll stay with what is working". AFAICT I was forced into this so Dan's statement of not forcing updates is, AFAICT, false. I've been using Thunderbird since before it was Thunderbird. Yes there are times when add-ons fail to work initially but never has it been this broken WRT Add-Ons in the 17 years I've been using Thunderbird.
And by broke, I do not mean just the add-ons. Granted Google Provider seems busted with OAuth. Google Provider keeps asking me to log in and afterward does nothing but ask me again so yes that's this bug here. I have Version 68 of Google Provider.
What I meant by my environment being screwed up is that when run Thunderbird shows me a basic setup, no accounts, no add-ons, nothing. I'm coming to find out it seems to have created a blank profile instead of using my existing one. But my existing one was still there so using the ProfileManager I was able to log in with the correct profile and I'm cleaning that up.
Comment 55•5 years ago
|
||
"Google Provider" is a 3rd-party add-on that hasn't been updated to work with the new Google OAuth2 scheme. Complain to its author:
https://addons.thunderbird.net/en-GB/thunderbird/addon/provider-for-google-calendar/
https://github.com/kewisch/gdata-provider/
In certain upgrade situations it can happen that TB doesn't recognise your existing profile and creates a new one. You can select the profile want in the profile manager or via "Help > Troubleshooting Information", about:profiles. We're working on improving that.
To my knowledge, Thunderbird's Calender Lightning will work in any version you install.
For security reasons we must eventually discontinue old versions and migrate users to the new supported version. The update from 60 to 68 has been a bit bumpy for some users which we regret.
Comment 57•5 years ago
|
||
(In reply to Andrew DeFaria from comment #54)
And by broke, I do not mean just the add-ons. Granted Google Provider seems busted with OAuth. Google Provider keeps asking me to log in and afterward does nothing but ask me again so yes that's this bug here. I have Version 68 of Google Provider.
1.) Users should also complain to Google, if there are always technical details changed without specific announcement (to the affected users). This would also be Google's task to inform users - not just developers.
2.) Google Provider must be updated to version 68.2.1, to have the bug in the addon fixed.
What I meant by my environment being screwed up is that when run Thunderbird shows me a basic setup, no accounts, no add-ons, nothing. I'm coming to find out it seems to have created a blank profile instead of using my existing one. But my existing one was still there so using the ProfileManager I was able to log in with the correct profile and I'm cleaning that up.
That's the bad UX, when we force users to do a major upgrade instead of providing a small bugfix update to 60.9.1 (which is now available today - thanks!).
Comment 58•5 years ago
|
||
(In reply to Andrew DeFaria from comment #54)
Have you ever heard of the saying "If it ain't broke then don't fix it"? This wasn't broken until you broke it. And there appears to be no (simple) way back. I didn't ask for my email client of some 17 years to break so horribly. In fact, I was purposely avoiding it by testing it out on another system (laptop). I didn't even get a chance to say "Thanks but no thanks, I'll stay with what is working". AFAICT I was forced into this so Dan's statement of not forcing updates is, AFAICT, false. I've been using Thunderbird since before it was Thunderbird. Yes there are times when add-ons fail to work initially but never has it been this broken WRT Add-Ons in the 17 years I've been using Thunderbird.
I do not see your reply to Anje on your settings. Was the update contrary to your settings? This is a very core question that has been glossed over.
What I meant by my environment being screwed up is that when run Thunderbird shows me a basic setup, no accounts, no add-ons, nothing. I'm coming to find out it seems to have created a blank profile instead of using my existing one. But my existing one was still there so using the ProfileManager I was able to log in with the correct profile and I'm cleaning that up.
That is called profile per install and is the "new" way things are done, thank you Mozilla core developers.
Comment 59•5 years ago
|
||
(In reply to Jorg K (GMT+2) from comment #49)
Out of interest: List those five add-ons.
I intentionally did not list them because I prefer not to give out exact details of my configuration when posting under my real name, particularly for pieces of software that are likely to get no more security updates. However, if you want to send me a private message, I'll give you the list.
(In reply to Andrew DeFaria from comment #50)
Many extensions were broken so I was waiting for them to be updated and working before I would update my desktop but you (thunderbird not you Dan) forced this update on me.
(In reply to Andrew DeFaria from comment #54)
AFAICT I was forced into this so Dan's statement of not forcing updates is, AFAICT, false.
Andrew, I'm afraid you've got me confused with someone else. Note that the From information for each comment is in a header, not a footer.
(In reply to Jorg K (GMT+2) from comment #53)
Extension authors "only" had about half a year time to update their extensions. IMHO, what isn't updated by now should be considered unmaintained and not fit for use any more.
"Unmaintained" and "not fit for use any more" are not synonymous. Many Firefox and Thunderbird add-ons have continued working properly for years after their last update. Also, the Thunderbird ecosystem is a lot smaller than the Firefox one, so chances are much greater of a particular specialized add-on being the only one that implements a particular bit of functionality, thus there is a greater chance of needing to rely on a piece of software that hasn't been updated lately. And only a small minority of Thunderbird add-ons have the potential for network-facing security holes, so the argument against continuing to use unmaintained software for security reasons doesn't apply to most of them.
(In reply to Alex Ihrig from comment #57)
That's the bad UX, when we force users to do a major upgrade instead of providing a small bugfix update to 60.9.1 (which is now available today - thanks!).
Oh! Thanks for the heads-up on that, Alex! I see that not only was it made available under https://archive.mozilla.org/pub/thunderbird/releases/60.9.1/ as I was suggesting, but doing an update in 60.9.0 now updates to 60.9.1 instead of 68.2.0. Very cool; thanks, guys!
(In reply to Matt from comment #58)
What I meant by my environment being screwed up is that when run Thunderbird shows me a basic setup, no accounts, no add-ons, nothing. I'm coming to find out it seems to have created a blank profile instead of using my existing one. But my existing one was still there so using the ProfileManager I was able to log in with the correct profile and I'm cleaning that up.
That is called profile per install and is the "new" way things are done, thank you Mozilla core developers.
Ugh, and it doesn't even ask you at install-time if you want to go with your old settings or a fresh profile, the way that such software as the Nvidia drivers, VLC, etc. does it? What a horrendously hostile user experience.
Comment 60•5 years ago
|
||
60.9.1 is released
Comment 61•5 years ago
|
||
i'm still (or better: recently) having the bug (pretty sure it's the one?)
"auth error while connecting to imap.gmail.com"
never had it before, it just started seemingly yesterday.
please someone help, almost none of my mail adresses work, what can i do? compatmode.firefox had no effect
Comment 62•5 years ago
|
||
devschrott,
Which version of TB and Google Provider are you using?
Comment 63•5 years ago
|
||
I updated to Thunderbird 68.2.1, Lightning 68.2.1, and Provider for Google Calendar 68.2.1, which are the latest available to me under Ubuntu, and I still have the problem. After the google login, and I click Allow, I get the "Locate your calendar" dialog box, with no calendars in it. The debugging console says:
[Exception... "null" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gdata-provider/modules/gdataSession.jsm :: login/authFailed< :: line 284" data: no] gdataSession.jsm:284:33
Note when I tried this in the official release 60.9.0 I got a different error:
[HTTP/2.0 400 Bad Request 92ms] Lightning:[calGoogleSession] Authentication failure: { "error": "invalid_grant", "error_description": "Malformed auth code." } gdataSession.jsm:272 [Exception... "invalid_grant" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gdata-provider/modules/gdataSession.jsm :: login/authFailed< :: line 274" data: no]
Note that I was able to log into google/gmail in my browser with the exact same credentials (as in copied/pasted so I know they were identical to what I tried in Lightning
Comment 64•5 years ago
|
||
(In reply to David Kramer from comment #63)
I updated to Thunderbird 68.2.1, Lightning 68.2.1, and Provider for Google Calendar 68.2.1, which are the latest available to me under Ubuntu, and I still have the problem. After the google login, and I click Allow, I get the "Locate your calendar" dialog box, with no calendars in it. The debugging console says:
Lightning: [calGoogleSession] Authentication failure: undefined gdataSession.jsm:282 [Exception... "null" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gdata-provider/modules/gdataSession.jsm :: login/authFailed< :: line 284" data: no] gdataSession.jsm:284:33
Note when I tried this in the official release 60.9.0 I got a different error:
[HTTP/2.0 400 Bad Request 92ms] Lightning:[calGoogleSession] Authentication failure: { "error": "invalid_grant", "error_description": "Malformed auth code." } gdataSession.jsm:272 [Exception... "invalid_grant" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource://gdata-provider/modules/gdataSession.jsm :: login/authFailed< :: line 274" data: no]
Note that I was able to log into google/gmail in my browser with the exact same credentials (as in copied/pasted so I know they were identical to what I tried in Lightning
Comment 65•5 years ago
|
||
The easy thing first: TB 60.9.0 will not work (but TB 60.9.1 will).
We just found out that some distributions may have built "Provider for Google Calendar" from the wrong repository :-(
The correct add-on can be obtained here: https://addons.thunderbird.net/en-GB/thunderbird/addon/provider-for-google-calendar/
It's also called 68.2.1 but is may be different. If you're able to open/unpack the XPI file which is just a ZIP file, check the following file:
Open modules/OAuth2.jsm and check line 26: Do you have the working version which reads: result[key] = decodeURIComponent(value);
?
Comment 66•5 years ago
|
||
But TB 60.9.0 say that provider_for_google_calendar-68.2.1-tb.xpi is not compatible with TB 60.9.0 and cannot be installed.
Comment 67•5 years ago
|
||
I've backtracked to TB 60.9.1. When running 60.9.1 I was able to "update" Provider for Google Calendar and it works. The add on says it's version 4.4.2.
I'm gonna stay here on 60.9.x until this blows over.
Comment 68•5 years ago
|
||
(In reply to Jorg K (GMT+2) from comment #65)
The easy thing first: TB 60.9.0 will not work (but TB 60.9.1 will).
We just found out that some distributions may have built "Provider for Google Calendar" from the wrong repository :-(
The correct add-on can be obtained here: https://addons.thunderbird.net/en-GB/thunderbird/addon/provider-for-google-calendar/
It's also called 68.2.1 but is may be different. If you're able to open/unpack the XPI file which is just a ZIP file, check the following file:
Open modules/OAuth2.jsm and check line 26: Do you have the working version which reads:result[key] = decodeURIComponent(value);
?
Yes, my version has that line.
Comment 69•5 years ago
|
||
Yes, my version has that line.
Then it should work. That version of the add-on came from the distro?
Comment 70•5 years ago
|
||
(In reply to Jorg K (GMT+2) from comment #69)
Yes, my version has that line.
Then it should work. That version of the add-on came from the distro?
No, I added it through the in app "Manage your extensions". Ubuntu doesn't have the Thunderbird extensions as .deb files
Comment 71•5 years ago
|
||
(In reply to paul from comment #23)
I tested the workaround with gData for Calendar and it worked as expected.
Confirmed! /Lars
Comment 72•5 years ago
|
||
(In reply to llh from comment #71)
(In reply to paul from comment #23)
I tested the workaround with gData for Calendar and it worked as expected.
Confirmed! /Lars
What is this workaround you mention? I'm still stuck
Comment 73•5 years ago
|
||
First of all, TB 68.2.1 with gData 68.2.1 installed from https://addons.thunderbird.net/en-GB/thunderbird/addon/provider-for-google-calendar/ should work. The workaround is described in comment #22.
Comment 74•5 years ago
|
||
For posterity: the data that needed to be different was "4/" vs. "4%2F" for the code parameter. It needed to be the latter now. Presumably there was no slash in the code earlier so it would have worked without decoding.
Description
•