Open Bug 1867692 Opened 1 year ago Updated 1 year ago

Unable to sign in to multiple Microsoft accounts

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
Thunderbird 115
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: mzshap, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0

Steps to reproduce:

Background: I have a school provided student email and a school provided work email. Both are gmail, with authentication managed by Microsoft. In a browser, I can only ever be signed in to one of these accounts, attempting to sign into the other will simply redirect me to the signed in account. My usual work around is to use an incognito/private browsing session to access the other account. Multiple browser profiles works as well.

In Thunderbird I can add the first account without issue. I add my info, it finds an IMAP config, and I press done. It brings me to the popout mini-browser open to google sign in. Clicking next redirects me to the Microsoft sign in. After completing that, I am properly redirected back to the google permission request screen.

When attempting to add the second account, the google sign in opens like before and I input the second account email. But now, instead of taking me to the Microsoft sign in again, I can see it briefly go to a Microsoft url then immediately redirect to the google permission request, but for the first account, not the second account. Microsoft doesn't give me a chance to select a different account.

Actual results:

I cannot get Thunderbird to add the second account. Microsoft sees itself as already signed in and does not give me the chance to choose a different account. The authentication cannot proceed for the second account.

Expected results:

I should be able to add my second account.

I have been unable to find a work around. I tried changing my default browser from Firefox to Edge, but it seems the mini-browser is built in to Thunderbird. I have tried to grab the link from the mini-browser to paste it into a private browser but the first url goes away too quickly and redirects to a generic one that doesn't work on its own.

This is really more of a Microsoft problem, I don't understand why they have no process for users with multiple accounts. Google does this just fine and this has caused me no end of issues. That being said, I cannot find a mitigation to get this working in Thunderbird at all and I think there should be a way to address it.

I don't understand why your logging in to microsoft with google creds...
I guess your org is using a custom login screen. Bug 1834062.

It's the other way around, the org uses google workspace but the authentication is all handled by Microsoft.

So visit google product (gmail) -> redirected to microsoft auth -> redirected back to google product now signed in.

The issue is that when redirected to microsoft auth, it sees it's already signed in and doesn't offer to switch accounts, so simply redirects back to google with the original account info.

This post: https://techcommunity.microsoft.com/t5/tech-community-discussion/impossible-to-sign-in-with-different-user-account/m-p/2833192
has someone experiencing a similar issue on a Microsoft product. If you scroll down a bit one of their devs shares a flowchart that I assume is relatively similar here; google redirects to Microsoft and they do their nonsense then return with the authenticated UID.

I'm not sure how tied in the mini-browser is to Thunderbird's functionality. I think a quick fix would be to clear the cache on every launch, but this isn't possible if you are using it to keep mail accounts signed in, etc.

Component: Untriaged → Security
You need to log in before you can comment on or make changes to this bug.