ATT and associated domains do not have access to oAuth in Thunderbird as they do not use Yahoo.com server names.
Categories
(Thunderbird :: Account Manager, defect)
Tracking
(Not tracked)
People
(Reporter: unicorn.consulting, Assigned: BenB, NeedInfo)
References
(Depends on 1 open bug, Blocks 1 open bug)
Details
+++ This bug was initially created as a clone of Bug #1697117 +++
As mentioned in bug 1697117, I am attempting here to list the known users of yahoo infrastructure that currently do not get access to oAuth because of server names used. But I am sure there are more. I have cc'ed some that might add to the list.
Other than @att email addresses. ATT also has the following mail domains which use the same server settings.
@ameritech.net, @att.net, @bellsouth.net, @currently.com, @flash.net, @nvbell.net, @pacbell.net, @prodigy.net, @sbcglobal.net, @snet.net, @swbell.net, or @wans.net.
|
Assignee | |
Comment 1•3 years ago
•
|
||
Note to self: The current config for AT&T uses inbound.att.net with POP3 over SSL and password auth and outbound.att.net with SMTP over SSL for the following domains:
ameritech.net
att.net
bellsouth.net
flash.net
nvbell.net
pacbell.net
prodigy.net
sbcglobal.net
snet.net
swbell.net
wans.net
which is all of the domains listed in comment 0 - only currently.com is missing.
We should at least verify that IMAP works and change to that.
|
|
Assignee | |
Comment 2•3 years ago
•
|
||
FWIW, not using OAuth2 is not in itself a bug. In fact, OAuth2 is worse from a client-side perspective, for many reasons: a) User needs to manually log in using a webpage b) the login can expire after completely undefined times (may be a year, may be a day, the server decides), b) and specific email applications can be blocked specifically. Password auth works more reliably, the user never has to re-enter the password, and we do not depend on a webpage for login. So, from our perspective, OAuth2 only causes trouble and is to be avoided when possible.
If there are specific problems with password auth, specifically at AT&T, please list them.
|
|
Assignee | |
Comment 3•3 years ago
|
||
See also bug 1474694 comment 7 and following. We would need to verify whether we need a separate OAuth2 client registration for AT&T.
Some relevant links to ATT and some information related to Verizon that is I think relevant to the general authentication mess that is yahoo and oAuth.
The page requiring the use of a mailkey or oAuth for ATT
https://www.att.com/support/article/email-support/KM1240462
The page where ATT advise Thunderbird is not an oAuth app, but windows mail is!
https://www.att.com/support/article/email-support/KM1240462
The page where ATT provides the IMAP and POP settings for mail connections.
https://www.att.com/support/article/email-support/KM1010523/
The change referred to has occurred, in line with the cessation of the less secure apps setting on Yahoo. So the wizard fails to create a functional account that can connect unless the user has already created a mailkey and provided it when we ask for a password. In other cases the wizard fails, suggesting there is a password issue as the cause as the server is refusing connections. This is perhaps technically correct, but less than helpful to those that really have no idea and struggle in many cases to create a mailkey using the information ATT provide even when they are lead there and have it pointed out to them.
I am fully cognizant of the information in comment 7 of Bug 1474694, and as was stated there that would be ideally. Not a requirement. Since that time much has changed, including just about all documentation at developer.verizonmedia.net pointing to yahoo for oauth credentials. I am not even sure we still need separate secrets for AOL and Yahoo, let alone Verizon. who suggest a combination of server names at Verizon and AOL depending on the choice of IMAP and POP.
https://help.aol.com/articles/how-do-i-set-up-other-email-applications-to-send-and-receive-my-verizon-net-mail
So IMAP Verizon account should be using oauth from AOL! I have no idea if a yahoo oauth would work with a pop account as the server resolves to global-jpop-aol.mail.gm0.yahoodns.net which appears to be a yahoo property.
AOL do hide away the fact you need to use an application password or oAth (they never call it that though) here https://help.aol.com/articles/allow-apps-that-use-less-secure-sign-in
Interestingly AOL makes no comment at all in their settings as to the appropriate authentication method to use, that has to be teased out of other pages and references.
This is exactly why I want to modify the UI and allow the appropriate key to be set by the user, or the wizard in bug 1591782, it is an approach that has been used on Linux / Andriod mail apps and really using the incorrectly secret is not important if you provide the wrong one it just does not work.
I have no personal feelings on oAuth, but as providers allow an application that uses it to "just work" and those that do not to jump through hoops, we have little choice to facilitate it were possible. There is no point having a simple setup if the user has to jump through hoops to get it to work for them.
|
|
Assignee | |
Comment 5•3 years ago
•
|
||
There is no point having a simple setup if the user has to jump through hoops to get it to work for them.
Agreed. But we need to verify that.
I am not even sure we still need separate secrets for AOL and Yahoo, let alone Verizon
Neither am I - could be, might not be. And help docs are often wrong, including at Yahoo. That's why testing is crucial before we change anything at all.
|
|
Assignee | |
Comment 6•3 years ago
|
||
FYI, what's blocking this bug is that we need somebody with an AT&T account, who can either give us (or me) their password (e.g. of a secondary email account), or work actively and swiftly with us to do a number of tests, interactively with us.
|
||
Comment 7•3 years ago
|
||
Thanks Matt. I just made the change to the "Maximum number of server connections to cache" to 3. Will monitor it and report.
Yes - I would like to help with the ATT experience. My email address is one that I have had for many years (20?). And is now "Yahoo Currently" when ATT took over.
Lance
lancebb@sbcglobal.net
|
|
||
Comment 8•3 years ago
|
||
Changing the "Maximum number of server connections to cache" to 3 did it. The disconnect messages have stopped. I only see one very rarely now.
Also - Yes - I would like to help with the ATT experience. My email address is one that I have had for many years (20?). And is now "Yahoo Currently" when ATT took over. lancebb@sbcglobal.net
|
|
Assignee | |
Comment 9•3 years ago
|
||
I would like to help with the ATT experience.
Thanks. I contacted you per email to make an interactive session to get to the bottom of this.
|
|
||
Comment 11•3 years ago
|
||
After I changed the "Maximum number of server connections to cache" to 3 about 30 days ago, the problem has pretty much gone away! YES! It has shown up once or twice - but it does not repeat and overall it has stopped appearing. Thanks!
|
|
Assignee | |
Comment 12•3 years ago
•
|
||
Status:
- Yahoo already is using OAuth2 successfully by default since a while.
- Thunderbird already has OAuth2 configs specific for AT&T, separate from Yahoo, so it should be possible to enable and use OAuth2 for AT&T.
- Objective in this bug is to change the ISPDB config for AT&T to OAuth2 by default, from the current password authentication.
ISPDB:
TODO:
- Test fresh mail account setup using OAuth2 for AT&T, with Lance, a real user who has a working account.
- Change the ISPDB to default to OAuth2 for AT&T
|
|
Assignee | |
Comment 13•3 years ago
•
|
||
@Lance: Are you using OAuth2 authentication or password auth? You can see that in your account server settings. If you're using OAuth2, you would see an AT&T website when you log in using Thunderbird.
|
|
||
Comment 14•3 years ago
|
||
Right now I am using a password.
I see there is an option for 0Auth2 in the "Server Settings/Authentication method" drop-down menu. However, both the "Connection security" and the "Authentication method" are grayed out. I can select "0Auth2". Should I select 0Auth2 and then restart Thunderbird? I won't be locked out will I? I could change it back to "Normal password" if needed - right?
|
|
||
Comment 15•3 years ago
|
||
In a comment earlier, on 3-14-21 at 18:30 PDT by Ben, it was stated that "Password auth works more reliably, the user never has to re-enter the password." It is my experience that I am required to reenter my password every time I restart Thunderbird.
|
||
Comment 16•3 years ago
•
|
||
(In reply to Lance Beebe from comment #15)
In a comment earlier, on 3-14-21 at 18:30 PDT by Ben, it was stated that "Password auth works more reliably, the user never has to re-enter the password." It is my experience that I am required to reenter my password every time I restart Thunderbird.
I'm aware this is going a bit off topic as this would be answered in a Support Forum request, but....
If you need to reenter normal password each time, then you need to check the following.
When you enter password - select the checkbox to allow Password Manager to remember the password before you click on OK.
Then password is remembered and you can see it via Preferences > Privacy & Security > Passwords section click on 'Saved Passwords' > 'Show Passwords'.
If you are doing this, but passwords keep being cleared then maybe you are running Cleanup Software like 'CCLeaner or WiseCleaner or even some Anti-Virus products have the ability, which keeps removing session and password files. If you use such software then make any Thunderbird profile folder or file exempt.
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
Description
•