GMail Oauth2 fails; setting Normal password works. Are the choices mislabeled?
I'm on Windows TB version 91.10.0. Concerned that Google might cut me off if I was not using their recommended authentication, I looked up the issue and found Automatic Conversion of Google mail accounts to OAuth 2.0 Authentication. My account settings were still showing "Normal password", so I changed to OAuth2. That prompted me to log in with the Google dialog, but error messages in the Activity manager said that authentication failed. I diligently followed all the steps in the article, checking for disabled javascript or cookies and deleting the IMAP and SMTP passwords. No luck.
Then I tried deleting my account and recreating it. Auto configuration found setting for my workspace domain, showing OAuth2. The Google dialog popped up, and I entered my email and password, but the TB auto configuration pane showed that authentication had failed.
At that point, I switched to manual configuration and chose normal password, which had been working before. Again the Google authentication dialog popped up, suggesting that it was actually using OAuth2 anyway. This time everything worked. After an hour or two of research and experimentation, I was back where I started - should have left well enough alone.
Is there some setting in my Google account that I'm missing? Does Thunderbird use OAuth2 correctly even though the UI says normal password is selected?
It's June 24th 2022. I hope that Goggle doesn't shut me off in this configuration, because nothing else works, and I would have to quit using Thunderbird (which I've been using for nearly two decades).
All Replies (2)
Please run through everything in the order listed.
- Select 'Menu app icon' > 'Preferences' > 'Privacy & Security '
Under 'Web Content'
- Select 'Accept cookies from sites'
- click on 'Show cookies'
Do you see any 'google' cookies - if yes, what do you see?
Did you make an exception? If no then make an exception, if yes, is that exception still displaying?
- Click on 'Exceptions..' button
- Enter: https://accounts.google.com
- Set to 'Allow'
- click on 'Save Changes'
Now check the passwords.
- Scroll to 'Passwords' section
- Click on 'Saved Passwords'
- Click on 'Show Passwords'
- Make a note of the password
- Select the mailbox://(if pop) or imap:// (if imap) and smtp:// lines and click on 'Remove'.
- Do you see an Oauth:// token - if yes remove it.
- Click on Close
Now check accounts:
- Right click on gmail pop/imap account name in Folder Pane and select 'Settings'
This opens the Account Settings in new tab The pop/imap account name should be selected Look bottom right for Outgoing Server (SMTP)
- Click on 'Edit Server _SMTP' button
- Set Authentication Method : OAuth2
- make sure 'User name' is full gmail email address
- Click on OK
Now set the incoming authentication:
- select 'Server Settings' for gmail account
- Set Authentication Method : OAuth2
- make sure 'User name' is full gmail email address
This next stage is to remove files that may be causing an issue as you have been swapping back and forth.
- Menu app icon ≡ > Help > More Troubleshooting Information
- Under 'Application Basics' - Profile Folder - click on 'Open Folder'
This opens a new window showing the contents of your current in use profile name folder.
Exit Thunderbird now - this is important.
Look for the following files and delete them.
- cert8.db - obselete file
- key3.db - obselete file
- pkcs11.txt (This should exist but some people find it is missing)
- secmod.db - obselete file
- session.json
- xulstore.json
NOTE: Do NOT delete these at this point:
- key4.db
- cert9.db
- logins.json
If cookies were not being saved then do you use any program like CCleaner, WiseCleaner or even an Anti-Virus can offer to clean out file? If yes, then you need to make Thunderbird profile name folder exempt from scanning as you do not want anything being cleaned up. Please do this now.
Do you run a localhost server eg: Apache or similar? If yes, then switch it off now. Please note you can turn it on again after the gmail tokens have been set up.
Do you use a VPN ? If yes then switch it off. I use Norton 360 Anti-Virus and I discovered that after an update, it had installed and auto switched on a VPN. It caused no end of issues.
Finally Start Thunderbird
Gmail will prompt you to enter gmail email address and normal password you use to access webmail account. Follow instructions. It will ask this to allow Thunderbird to access server.
If all goes well, an Oauth token will get stored in Thunderbird - same place as passwords and from then onwards Thunderbird will use it to access server.
Please check the 'Privacy & Security' Passwords section to see if cookies are being saved and whether an oauth token for gmail is now stored. Report back on what you find.
Gewysig op
Wow! Thank you for such a timely and incredibly detailed reply! In summary, I failed, gave up and created a new profile which worked wonderfully. I will be trying again to convert several other Thunderbird installations to OAuth2, so I'll post what I find with other users including Mac and Linux installations. --- I followed your instructions scrupulously, wanting to provide the best possible information for others as well as straightening out my own configuration. Along the way, I did find that I had a localhost web server running - a Docker Desktop container which I then shut off. I do not have any "cleaner" programs that would be messing with my profile. I don't have a VPN in the sense of a global one that redirects all my traffic.
Let me cut to the chase. Upon deleting all those cookies and saved passwords, stopping Thunderbird, and deleting the old files as you instructed, I then restarted Thunderbird and found it to be completely unable to save passwords - non-gmail IMAP and SMTP accounts, an LDAP server - as well as being unable to log in to Google.
At that point I gave up and created a new profile - awesome experience! Thunderbird has come a long way! My Google workspace address worked perfectly, choosing OAuth2, finding my calendars and address book (wow! no need for Provider for Google Calendar now or did it set it up for me?). My IMAP account for work on Rackspace worked automatically, as expected.
The only thing that tripped me up, causing me to dump the new profile and start again, is that I wanted maildir instead of mbox storage. --- Anyway, I really appreciate the instructions, and I will try converting a number of other installations, carefully documenting each step.