Thunderbird 91.9.0: Enabling OAuth2 keeps popping up Google Account login despite having logged in. Thunderbird should detect and warn if pkcs11.txt missing/corrupted.
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
People
(Reporter: greno, Unassigned)
References
(Blocks 1 open bug)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:83.0) Gecko/20100101 Firefox/83.0
Steps to reproduce:
Installed Fedora 36
Enabled FlatHub repo
Installed Thunderbird 91.9.0
Pointed it at my fully working existing .thunderbird
Everything works EXCEPT:
Actual results:
one gmail account keeps popping up a Google Account login window even though I'm logged in to that account.
Expected results:
All accounts need to stay logged in.
After dealing with dozens of these popups just saw a very brief flash message about authentication failure .... imap.???. This was not happening on my previous Thunderbird version using this exact same profile. I checked over in Firefox and yep, I'm logged into all my google accounts including this one. I can see all my email in web gmail for all my google accounts.
I found the cause of the problem. The account that was popping up had its setting changed to OAuth2 instead of Normal Password like all the others. I haven't gone into settings to make any changes so I do not know how this would be set like that.
Now, all the gmail accounts are going to have to be changed to OAuth2 prior to end of May because Google is taking away the relaxed setting in the accounts. I hope that doesn't mean every gmail account will get authentication failure and be unable to login.
|
||
Comment 3•3 years ago
|
||
Help > release notes points to a reference article https://support.mozilla.org/en-US/kb/automatic-conversion-google-mail-accounts-oauth20
Also, Have you posted this issue in support? https://support.mozilla.org/en-US/questions/new/thunderbird/form
I checked and I already accept all cookies.
I tried going to that other link but it wants some kind of login I don't have.
I've been trying to get OAuth2 working this morning without any luck.
Everytime I enabled it on a gmail account I get an authenication failure for imap server.
I have no saved passwords. I type them in everytime TB restarts.
I have turned off Less Secure Access in the Google Account settings.
And yet still, I get this incessant popup window asking me to log into my Google Account.
Annoying and blocking.
Posting this info as problem has been identified in Support Forum.
It occured in Windows 10 OS and Linux Fedora 36 OS.
https://support.mozilla.org/en-US/questions/1376290
Users find they can start in Thunderbird Safe Mode and get gmail access using OAuth2 , but not in normal Mode.
Typically, cookies and saved passwords may seem to disappear.
It is being discovered that the 'pkcs11.txt' file does not exist. For some reason it has been erased from profile - not sure, but possible this relates to update to 91.9.0
FIX:
Menu app icon > Help > More TRoubleshooting Information
Under Application Basics' - Profile Folders - click on 'Open Directory' (Linux) or 'Open Folder' (Windows)
You will see window showing contents of profile name folder.
Exit Thunderbird now - this is important
Look for the following files and delete them.
cert8.db - obselete file
key3.db - obselete file
pkcs11.txt - this file may be missing as seems to be being reported in these cases - if you see it delete it
secmod.db - obselete file
session.json
NOTE: do NOT delete the following:
key4.db
cert9.db
logins.json
Start up Thunderbird
pkcs11.txt and session.json get created.
Oauth2 Authentication should now work.
Verified. The described workaround is good. All my gmail accounts can now use OAuth2.
Some fix to or check by TB is still probably needed to account for this scenario.
The question that needs checking out is what is causing the pkcs.txt file to be erased/removed from the profile name folder and how common is this problem?
It has been established that it is not OS specific.
It may be that long time installs like mine that tend to stay on one version of Thunderbird for quite a while (for stability reasons) and then upgrade jumping quite a few versions may lack files like pkcs11.txt that were created in the interim. TB needs to check for the existence of all files that it needs to successfully run.
|
||
Comment 10•3 years ago
|
||
My feeling here is that the issue is users who have jumped to V91 and missed the V68 watershed which modified the password store and cleaned up after. The only couple I have encountered updated Thunderbird because their POP account did not support OAuth.
We still need a profile validator that can be passed over a profile to find corruption / mismatch file version. Ever since I have been involved with Thunderbird, support folk have been asking users to try a new profile and then offering advice for migrating content to the new profile when the issue goers away. Thunderbird should be able to determine if the profile has issues, and if not fix them, offer constructive ideas. Far to much time is spent trying to work out is hardware acceleration is the issue, or a file is missing or corrupt.
|
||
Comment 11•3 years ago
|
||
Another person solved non connection Oauth2 issue also by deleting stated files.
But in this case, the 'pkcs.txt' file was still visible in profile name folder, so perhaps corrupted ?
https://support.mozilla.org/en-US/questions/1375702#answer-1504477
|
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
||
Comment 12•1 year ago
|
||
Ramona, can you reproduce this with a current version when pkcs11.txt is missing?
|
|
||
Updated•2 months ago
|
Description
•