OAuth2 fails with Gmail when input username in browser
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
People
(Reporter: nicolopiazzalunga, Unassigned)
Details
(Whiteboard: [support])
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Steps to reproduce:
Create a new account in thunderbird for gmail.
I have advanced portection activated for gmail, and their help says thunderbird should work with that.
I'm using 68.9.0
Of course I have enabled imap in gmail settings.
After providing relevant parameters, a web page opens up (I guess to perform oauth2), and thunderbird automatically types my username@gmailcom there; when I click to proceed,
Actual results:
instead it asks again for username, and won't go ahead.
Expected results:
I guess it should have gone on asking for password and possibly U2F key, so to finalize account setup.
Updated•4 years ago
|
Reporter | ||
Comment 1•4 years ago
|
||
Just as a reference, their help says:
After you turn on Advanced Protection, you can allow these apps and services to access your Google data:
Mozilla Thunderbird
You can use Mozilla Thunderbird to access your Gmail. Make sure you’re using the latest version of Thunderbird (60.0 or up).
Reporter | ||
Comment 2•4 years ago
|
||
Might be the same as bug 1643021.
Reporter | ||
Comment 3•4 years ago
|
||
Looking at bug 1592407, I tried to set general.useragent.compatMode.firefox to true (and also enabled cookies, not sure if it is relevant though); now gmail imap seems to work, in particular I was able to click the 'next' button and insert my password and u2f key. Not sure if something on thunderbird or google side should be fixed.
Comment 4•4 years ago
|
||
I can confirm this bug and the fix suggested by @nicolopiazzalunga . In addition to that I had to enable cookies to log in with my password.
Comment 5•3 years ago
|
||
Cookies is absolutely required for oauth. See bug 1174797.
set general.useragent.compatMode.firefox to true
That really shouldn't be needed after the fix provided in 68.2.1 https://www.thunderbird.net/en-US/thunderbird/68.2.1/releasenotes/
FWIW, a similar issue is reported at https://github.com/kewisch/gdata-provider/issues/26#issuecomment-548102731
Do you see this in version 78, without the compatmode setting?
Comment 6•3 years ago
|
||
I just tested this in Thunderbird 78.11.0 (64-bit) with compatmode disabled+new profile, and it works.
Reporter | ||
Comment 7•3 years ago
|
||
In preferences-privacy-web content, cookies are not enabled, and I have no cookies there.
Is it possible they are only required to perform authentication once, or should I look somewhre else?
Could you remind me how to clear the gmail authentication cookies I currently have in tb?
Sorry it's been a while and I forgot stuff.
Comment 8•3 years ago
|
||
(In reply to nicolopiazzalunga from comment #7)
In preferences-privacy-web content, cookies are not enabled, and I have no cookies there.
Is it possible they are only required to perform authentication once,
See https://support.mozilla.org/en-US/kb/automatic-conversion-google-mail-accounts-oauth20
Does that help?
Reporter | ||
Comment 9•3 years ago
|
||
Thanks for the heads-up.
I did not have any troubles since a long time.
I added an exception for google to my cookies policy.
I have not updated tb yet, but I will report back if anything goes wrong.
Otherwise, I think this can be closed.
Comment 10•3 years ago
|
||
Resolved per whiteboard and Comment 9
Description
•