Closed Bug 1914745 Opened 3 months ago Closed 3 months ago

Oauth for existing office365 smtp and pop accouts stopped working

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
Thunderbird 130
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: 6jju4k002, Unassigned)

References

Details

(Keywords: dupeme)

Sometime around the install of 130b2, the SMTP and POP Oauth2 authenticated office 365 accounts stopped working.

Symptom:

  • Timeout on POP and SMTP connections.
  • After digging into the TLS encrypted data via Wireshark, I saw that Thunderbird wasn't responding with the Oauth token, and the connection would timeout. I didn't manage to look at the connections to login.microsoftonline.com to request new Oauth token, so I don't know if that was silently failing or not.
  • In the wireshak logs, I have confirmed that no packets were lost in the relevant parts of the tcp sessions.
  • Have checked the thunderbird console logs and saw nothing out of the ordinary.

Logs available:

  • I have wireshark logs, but don't want to publish share these on public bug tracking system.
  • I can add copy of the TLS streams, with sensitive info redacted.
  • Nothing significant seen in the thunderbird console log.

Possible work around:

  • As I needed to access e-mail, I downgraded to mainline release thunderbird, and oauth started working, including raising Oauth2 prompts for Microsoft's 2fa login. (Didn't enter, as wanted to check some more networking issues on beta first)
  • Strangely enough returned to beta to do additional tests on bug, and everything started working, and could validate in Wireshark that all was working: requests for token sent to login.microsoftonline.com, and the token returned sucessfully used in POP and SMTP.

Conclusion:

  • While this bug was present, could repeat on every attempt, after TB downgrade and upgrade, would work on every attempt.
  • I'm presuming this means that Thunderbird will continue to work, possibly till something changes in office 365, such as requiring a 2fa login, possibly triggering the bug again, so maybe in a month or so issue could return.
Component: General → Security
Keywords: dupeme
Summary: Oauth for existing office365 smtp and pop accouts stoopped working → Oauth for existing office365 smtp and pop accouts stopped working

Does deleting the OAuth2 scopes help? See bug 1912556 comment #27.

Rob, see comment 1?

(In reply to Francesco from comment #1)

Does deleting the OAuth2 scopes help? See bug 1912556 comment #27.

To be clear, after switching to a release build and back to beta everything works.
I have been trying to repeat the bug but now cannot.

What I have tried to repeat this bug:

  • I have tried to repeat with a backup profile from January 2023, and couldn't. Nor did I see behaviour from bug 1912556. This includes multiple restarts.

As it seems that the session times out in 90 days, I can't see this repeating any time soon. If you know of where I can find information on when session times out from the tokens I'd be extremely interested.
Also can't rule out this being an temporary, un-observed (by me) change in token renewal my Microsoft, interacting badly with Thunderbird.

Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → INCOMPLETE
See Also: → 1914624, 1912556
You need to log in before you can comment on or make changes to this bug.