Closed Bug 1647668 Opened 4 years ago Closed 3 years ago

OAuth2 fails with Gmail when input username in browser

Categories

(Thunderbird :: Security, defect)

defect

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: nicolopiazzalunga, Unassigned)

Details

(Whiteboard: [support])

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0

Steps to reproduce:

Create a new account in thunderbird for gmail.
I have advanced portection activated for gmail, and their help says thunderbird should work with that.
I'm using 68.9.0
Of course I have enabled imap in gmail settings.
After providing relevant parameters, a web page opens up (I guess to perform oauth2), and thunderbird automatically types my username@gmailcom there; when I click to proceed,

Actual results:

instead it asks again for username, and won't go ahead.

Expected results:

I guess it should have gone on asking for password and possibly U2F key, so to finalize account setup.

Component: Untriaged → Security
Whiteboard: [support]

Just as a reference, their help says:
After you turn on Advanced Protection, you can allow these apps and services to access your Google data:
Mozilla Thunderbird
You can use Mozilla Thunderbird to access your Gmail. Make sure you’re using the latest version of Thunderbird (60.0 or up).

Might be the same as bug 1643021.

Looking at bug 1592407, I tried to set general.useragent.compatMode.firefox to true (and also enabled cookies, not sure if it is relevant though); now gmail imap seems to work, in particular I was able to click the 'next' button and insert my password and u2f key. Not sure if something on thunderbird or google side should be fixed.

I can confirm this bug and the fix suggested by @nicolopiazzalunga . In addition to that I had to enable cookies to log in with my password.

Cookies is absolutely required for oauth. See bug 1174797.

set general.useragent.compatMode.firefox to true

That really shouldn't be needed after the fix provided in 68.2.1 https://www.thunderbird.net/en-US/thunderbird/68.2.1/releasenotes/
FWIW, a similar issue is reported at https://github.com/kewisch/gdata-provider/issues/26#issuecomment-548102731

Do you see this in version 78, without the compatmode setting?

Flags: needinfo?(nicolopiazzalunga)
Flags: needinfo?(bader.zaidan)

I just tested this in Thunderbird 78.11.0 (64-bit) with compatmode disabled+new profile, and it works.

Flags: needinfo?(bader.zaidan)

In preferences-privacy-web content, cookies are not enabled, and I have no cookies there.
Is it possible they are only required to perform authentication once, or should I look somewhre else?
Could you remind me how to clear the gmail authentication cookies I currently have in tb?
Sorry it's been a while and I forgot stuff.

Flags: needinfo?(nicolopiazzalunga)

(In reply to nicolopiazzalunga from comment #7)

In preferences-privacy-web content, cookies are not enabled, and I have no cookies there.
Is it possible they are only required to perform authentication once,

See https://support.mozilla.org/en-US/kb/automatic-conversion-google-mail-accounts-oauth20

Does that help?

Flags: needinfo?(nicolopiazzalunga)
Whiteboard: [support] → [closeme 2022-04-20][support]

Thanks for the heads-up.
I did not have any troubles since a long time.
I added an exception for google to my cookies policy.
I have not updated tb yet, but I will report back if anything goes wrong.
Otherwise, I think this can be closed.

Flags: needinfo?(nicolopiazzalunga)

Resolved per whiteboard and Comment 9

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → WORKSFORME
Whiteboard: [closeme 2022-04-20][support] → [support]
You need to log in before you can comment on or make changes to this bug.