migrate google accounts to OAuth2 authentication (password only, Less secure apps will not work starting May 30, 2022)
Categories
(Thunderbird :: General, task, P1)
Tracking
(thunderbird_esr91+ fixed, thunderbird99 fixed)
People
(Reporter: mkmelin, Assigned: leftmostcat)
References
()
Details
Attachments
(2 files)
|
48 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-beta+
|
Details | Review |
|
5.40 KB,
patch
|
mkmelin
:
review+
wsmwk
:
approval-comm-esr91+
|
Details | Diff | Splinter Review |
https://support.google.com/accounts/answer/6010255?hl=en
Less secure apps & your Google Account
To help keep your account secure, starting May 30, 2022, Google will no longer support the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password. For more information, please continue reading.
We should add a migration that goes through imap/pop3/smtp accounts and, if google, migrate them to using OAuth2 instead of "password", since that will not work soon.
Bug 1670892 did similar things for Yahoo.
|
Reporter | |
Updated•2 years ago
|
|
||
Updated•2 years ago
|
|
Assignee | |
Comment 1•2 years ago
|
||
|
||
Updated•2 years ago
|
|
|
Reporter | |
Comment 2•2 years ago
|
||
When the patch is ready, you can set the checkin-needed-tb keyword on the bug, and someone will land it soon.
I need something to land now, so going to grab this one.
|
|
Reporter | |
Comment 3•2 years ago
|
||
Actually, seems the test fails so will hold off on landing
./mach test comm/mail/base/test/unit/test_oauth_migration.js
|
|
Assignee | |
Updated•2 years ago
|
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/c89c8b223f3c
migrate Google accounts to oauth2. r=mkmelin
|
||
Comment 5•2 years ago
|
||
Comment on attachment 9266634 [details]
Bug 1757713 - migrate Google accounts to oauth2. r=mkmelin
[Triage Comment]
Approved for beta
|
||
Comment 6•2 years ago
|
||
| bugherder uplift | ||
Thunderbird 99.0b2:
https://hg.mozilla.org/releases/comm-beta/rev/85ac455794de
|
|
Assignee | |
Comment 8•2 years ago
|
||
[Approval Request Comment]
User impact if declined:
Starting at the end of May, users using "Less secure apps" setting of Gmail and cleartext passwords in Thunderbird will receive incorrect password errors and would need to manually migrate Gmail accounts to use OAuth.
Testing completed (on c-c, etc.):
Patch is present in 99b2, unit tests present.
Risk to taking this patch (and alternatives if risky):
Migration may fail and/or cause side effects in using Gmail. Possibility for user confusion when presented with Google OAuth authorization window.
|
|
Reporter | |
Comment 9•2 years ago
|
||
Comment on attachment 9269948 [details] [diff] [review] Bug_1757713___migrate_Google_accounts_to_oauth2__r_mkmelin.diff Review of attachment 9269948 [details] [diff] [review]: ----------------------------------------------------------------- Looks reasonable to me!
|
|
||
Comment 10•2 years ago
|
||
Comment on attachment 9269948 [details] [diff] [review]
Bug_1757713___migrate_Google_accounts_to_oauth2__r_mkmelin.diff
[Triage Comment]
Approved for esr91
|
|
||
Updated•2 years ago
|
|
|
||
Comment 11•2 years ago
|
||
| bugherder uplift | ||
Thunderbird 91.8.0:
https://hg.mozilla.org/releases/comm-esr91/rev/525d4941f487
|
||
Comment 12•2 years ago
|
||
I don't see any checking that cookies are available. Is that occurring somewhere?
Some Linux distributions appear to set the default to off, as do some "We will protect your privacy" and antivirus programs in windows for the flow to succeed some cookies are required.
|
|
||
Comment 14•2 years ago
|
||
Query for potentially related new bug reports https://mzl.la/3JEjbcJ
|
|
||
Comment 15•2 years ago
|
||
Interesting twist at https://support.mozilla.org/en-US/questions/1373955 "The installation must have looked at my email address being @gmail.com and assumed that the authentication method needed to change to OAuth2. HOWEVER, while my email address IS @gmail.com, my imap server is my own server, not gmail's. The Thunderbird update process should instead look at the actual imap server address to determine if the auth method should be changed, not the domain of the email address. "
|
|
Assignee | |
Comment 16•2 years ago
|
||
That assumption is incorrect; the OAuth2 migration would only occur if the incoming hostname ended with "imap.gmail.com".
|
|
Reporter | |
Comment 17•2 years ago
|
||
And how can someone have @gmail.com on their own server?? (In real usage.)
|
||
Comment 18•2 years ago
|
||
The migration is incomplete. I have 2 gmail accounts from which one worked, the other did not. The older account used pop.googlemail.com which is still a valid and working domain. You should extend the migration to support this old domain, too (and perhaps automatically migrate from googlemail.com to gmail.com).
|
||
Comment 19•2 years ago
|
||
had the same problem. I solved it since I had a second computer that still had an slightly older TB on it. No bug in the older version, OAuth was configured without no issues at all, even for a completely new account. then I just migrated (copied) my TB account folder to the machine with the actual Tb 91.9.1 (64-Bit) on ubuntu version and obviously, it had copied the working OAuth token, too. Working fine now, but there seems to be a bug in the Tb 91.9.1 (64-Bit) on ubuntu version that need to be fixed in the next update, please
|
|
Assignee | |
Comment 20•2 years ago
|
||
This is very late, sorry, but I've filed bug 1799322 to address googlemail.com.
Description
•