Closed Bug 1812090 Opened 2 years ago Closed 2 years ago

Microsoft Oauth authentication still broken in thunderbird v102.7.1

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
Thunderbird 102
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1810760

People

(Reporter: hvbakel, Unassigned)

References

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0

Steps to reproduce:

The latest Thunderbird 102.7.1 version released in the snap candidate channel to address the microsoft Oauth authentication issue in bug #1810760 does not fix the breakage that first became apparent in version 102.7.0. Although the test build originally provided in the aforementioned bug was able to successfully authenticate, the final version of the fix that made it into 102.7.1 does not.

Actual results:

Microsoft Oauth2 authentication to enterprise domains fails in Thunderbird v102.7.1.

Expected results:

Microsoft Oauth2 authentication to enterprise domains should have been fixed in the Thunderbird v102.7.1 build.

Depends on: 1810760

What happens if analogue to bug 1803739 comment #5 you set pref dom.security.secFetch.enabled to false? Then those Sec-* headers aren't sent out. Is the MS server happy with that?

I gave that a try but the authentication still fails with v102.7.1 and dom.security.secFetch.enabled set to false.

I have a similar experience, see bug 1812077.

Thanks for the report.

Beta should work if you guys want to try that. If not, you'll have to wait for a subsequent build. Sorry. It turns out something is wrong with the patch but only on the 102 branch.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Duplicate of bug: 1810760
Resolution: --- → DUPLICATE
Duplicate of this bug: 1812253
You need to log in before you can comment on or make changes to this bug.