2024725 - add a custom scheme application handler for OAuth redirects

Status: ASSIGNED

(Thunderbird :: Account Manager, enhancement, P1)

Description

[Justin Tracey [:jtracey]]

Bug 2019793 added the ability to use the system browser for OAuth, which involves running a small server listening on the redirect target to extract the response. This works for OAuth providers that permit the default http://localhost[:available port] target, but not all providers do (Yahoo! and AOL in particular). One way around this for those providers is to use a custom scheme (e.g., thunderbird://) for the redirect target, and register Thunderbird as the application handler for that protocol, so that the redirect causes Thunderbird to open the link.

If we do this, it will have to be in addition to the existing http listener, since Google does not allow custom redirect targets any more.

One problem to be aware of is that this will cause issues with systems that have multiple instances of Thunderbird installed—only one application can be associated with the protocol, so if it's associated with the user's copy of release Thunderbird, it will fail if they try to log in on their copy of beta. If all the relevant providers permit unlimited custom schemes, one possible way to mitigate this is by using distinct schemes for the different channels (thunderbird://, tb.beta://, tb.daily://, tb.build://, etc.), which would address the most common scenario, if not the underlying problem.

Comment 1

[Geoff Lankow (:darktrojan) [OOO, back 7 Apr]]

Attachment: WIP: Bug 2024725 - Protocol handler (proof of concept)

Registers a new 'birdbrain' protocol with the OS, and sets Thunderbird as the handler when setting
Thunderbird as the default handler for mail. Thunderbird will then handle URLs of the form
'birdbrain://component/arguments' where 'component' is the name of a component registered in the
category manager. The '/arguments' are passed to the observe function on the component.