Closed Bug 1798875 Opened 2 years ago Closed 1 year ago

migrate Office365 accounts to OAuth2 authentication (password only, Less secure apps will not work starting Oct 1, 2022)

Categories

(Thunderbird :: General, task, P1)

Product:
Thunderbird
Component:
General
Platform:
Unspecified
All
Type:
task

Tracking

(thunderbird_esr91 wontfix, thunderbird_esr102+ affected, thunderbird107 affected)

Status:
RESOLVED FIXED
Milestone:
108 Branch
Tracking Flags:
Tracking Status
thunderbird_esr91 --- wontfix
thunderbird_esr102 + affected
thunderbird107 --- affected

People

(Reporter: wsmwk, Assigned: leftmostcat)

References

(Depends on 1 open bug)

Details

(Whiteboard: [TM:102.5.1])

Attachments

(1 file)

Bug 1798875 - migrate Microsoft email accounts to OAuth2. r=#thunderbird-reviewers
48 bytes, text/x-phabricator-request
Details | Review

+++ This bug was initially created as a clone of Bug #1757713 +++

Add a migration that goes through imap/pop3/smtp accounts and, if Office365, migrate them to using OAuth2 instead of "password". Bug 1757713 did similar things for Google.

We should want to do this quickly, as the longer it takes to ship, the more users are broken, complaning, and posting support requests.

Do we have multiple domains to consider?

Bug 1757713 comment 18 mentioned one - "I have 2 gmail accounts from which one worked, the other did not. The older account used pop.googlemail.com which is still a valid and working domain. You should extend the migration to support this old domain, too (and perhaps automatically migrate from googlemail.com to gmail.com)."

status-thunderbird107: --- → affected
status-thunderbird_esr102: --- → affected
status-thunderbird_esr91: --- → wontfix
OS: Unspecified → All

I'm a little unsure how we deal with this. Microsoft's OAuth2 setup leaves us in a really bad way; all MS email addresses end up using the same domain as far as I can tell, but do not have the same level of service. With the configuration we have in 102.x, we can't support personal email addresses. Bug 1685414 fixes that, but it might leave some people using organizational/Active Directory emails in the cold because their administrators need to specifically approve the application. The only way I can see that we can keep from messing things up for people is to only migrate AD accounts, but I don't know of any hard and fast rules that will let us tell the difference.

Should be possible to check the identity emails as well, and if it's outlook.office365.com but @hotmail.com, @outlook.com, @msn.com etc, then don't migrate at this point. See getIdentitiesForServer

See Also: → 1799642
Assignee: nobody → leftmostcat
Status: NEW → ASSIGNED
tracking-thunderbird_esr102: --- → +
Keywords: checkin-needed-tb
Target Milestone: --- → 108 Branch

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/c42da0c84049
migrate Microsoft email accounts to OAuth2. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED
Whiteboard: [TM:102.5.1]

We won't be building shipping 102.5.1 until ~2 weeks from now, which got me thinking...

If Rob is willing, do we want a 102 candidate build#1 with the patch so enterprises and others who want can try it? We could messasge to the enterprise list and planning.

FWIW I have roughly a dozen active TB users in my personal address book who are on at least one of those lists, who could potentially test.

Flags: needinfo?(rob)
Flags: needinfo?(leftmostcat)

Per Wayne via Matrix: there may still be issues. we don't want to build with that patch

Flags: needinfo?(rob)
Flags: needinfo?(leftmostcat)
See Also: → 1843487
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: