Closed Bug 1661337 Opened 4 years ago Closed 3 years ago

After OAuth2 enabled for one account, other accounts do not remember the password for the current session (Yahoo OAuth2)

Categories

(Thunderbird :: Untriaged, defect)

Product:
Thunderbird
Component:
Untriaged
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1673446

People

(Reporter: mjulier, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux i686; rv:80.0) Gecko/20100101 Firefox/80.0

Steps to reproduce:

  1. several accounts configured, including:
  • one account with the password stored in the password manager
  • 2 accounts with the password not stored, or which one is a Yahoo account (POP3 or IMAP)
    None of them is using OAuth2.
  1. Change the Yahoo account to use OAuth2, as suggested by them

Actual results:

  1. Thunderbird will request the password for the accounts whose password is not stored in the password manager, just once in a session (more precisely, once for receiving and once for sending)

  2. After the change, the account not using OAuth2 and with the password not stored in the password manager will prompt for the password from time to time: the password seems to be remembered for a few minutes, but not for one hour.

Same behavior observed with 2 different configurations, one of which is on Linux 32 bit and the other one on Windows 10 64 bit. The OAuth2 change was done at the same time on both computers.

Expected results:

The behavior from (1) should be maintained.
Switching an account to OAuth2 should have no effect to the way the password is remembered during the current session for another account.

I have the same issue. I have 5 accounts. 3 use IMAP. 2 use OAuth2 (gmail and yahoo). Before i changed the yahoo account to use OAuth2 everything worked fine.

thunderbird version: 78.2.0
operating system: Debian 10 with latest updates

Reporter, does this happen for you when using version 78? You can update by going to help > about.

Whiteboard: [closeme 2020-09-25]

(In reply to Wayne Mery (:wsmwk) from comment #2)

Reporter, does this happen for you when using version 78? You can update by going to help > about.

Yes, same behavior happens after updating to 78.2.2 (32 bits).

Conditions: on Linux, with:

  • 2 POP accounts on Yahoo/OAuth2 (passwords stored)
  • 2 other POP accounts (passwords stored)
  • 1 unused POP account (no password)
  • 1 IMAP account (password not stored, no automatic message retrieval)
    Thunderbird asks for the password of the IMAP account when I click on its mailbox (OK), but it asks again if I click again on its mailbox after a while (bad), not if I do it after just a minute.

So what you're reporting is that for Yahoo, the OAuth2 authentication is not remembered (or rather, I'd assume, expired server side too soon)?

(In reply to Magnus Melin [:mkmelin] from comment #4)

So what you're reporting is that for Yahoo, the OAuth2 authentication is not remembered (or rather, I'd assume, expired server side too soon)?

No, just the contrary: that after enabling the OAuth2 authentication for Yahoo, the password of the other accounts in not remembered anymore. Before enabling OAuth2, the passwords would be remembered until the end of the session.

I have the same problem, and it's driving me nuts! I have to enter several passwords every X minutes just to see if I got new mail.
I am using Thunderbird 78.4.0 (32-bit) on Win 10 (64.bit) (latest)-

(And, thank you, Miguel, for figuring out that it's related to Yahoo and OAuth2. Is there work-around? Do I have to disable the Yahoo account for a while? Any help?

Whiteboard: [closeme 2020-09-25]
Summary: After OAuth2 enabled for one account, other accounts do not remember the password for the current session → After OAuth2 enabled for one account, other accounts do not remember the password for the current session (Yahoo OAuth2)

Recently caught eye of this bug and it made a the last few days a nightmare.

An update which is clears the details around this bug: every time mail is fetched/searched on an OAuth2 account all passwords are immediately forgotten. Unless OAuth mail is explicitly or implicitly searched/fetched, the session passwords keep being alive. Tested this behaviour with Yahoo OAuth2.

As a test/triage I readded my OAuth accounts, but disabled the periodic new message checks, while keeping the startup checks active. That way I can check those mailboxes when ThunderBird starts, and then input the passwords for all the other accounts once or twice, depending on the order of mail fetching. For all the duration of the session, ThunderBird keeps remembering the other passwords.

Is this the same as bug 1673446 ?
Where at least one account and it seems either pop or imap providing it is using OAuth & the user does not want to store passwords.

I've read the thread and so far yes, seems absolutely the same.

Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.