Please note: This applies to both POP and IMAP mail accounts. If you use 'Authentication Method: OAuth2' for incoming and outgoing server settings then you do not need to use 2FA. User name = full email address.

So unless you have a reason for 2FA, I would stop that setting in gmail.

Make sure gmail incoming and outgoing Authentication is set up to use OAuth2.

Then Check cookies are allowed. In Thunderbird menu app icon > Preferences > Privacy & Security WEb Content Select checkbox 'Accept cookies from sites'

Restart Thunderbird.

When prompted by gmail to enter password - you enter the normal one.

Thank you for your reply. I use 2FA for security reasons and I would rather stick with it ideally. Authentication via OAuth2 seems to happen just fine actually, it's only the final step that doesn't seem to work, the one where I grant Thunderbird permissions for the scope. Cookies were already enabled but I cleared them and "switched them on and off", but that did not make any difference. Based on this screenshot from the error console, it looks like there might be something odd with how Thunderbird handles (or doesn't) the response from the OAuth2 flow.

What's the proxy setting" It should be 'No proxy'.

https://support.mozilla.org/en-US/questions/1323481

Thank you for sharing that. I just tried it; I disabled the proxy in the settings and restarted Thunderbird, but the exact same behaviour is happening, resulting in the same errors in the console. At this stage, it is probably worth me repporting this as a bug – where is the best place for me to do that? On https://bugzilla.mozilla.org perhaps?

I doubt this is a bug, otherwise every Mac user with a gmail account would report it. Do you have any security/AV app that acts on TB or the TB profile folder? You could try running OS X in safe mode to test the effect of startup apps on TB performance.

I don't believe I have any security software interfering with Thunderbird or its profile folder. Actually my Gmail account was working perfectly well before. The only thing that changed is that I moved from using 2FA with TOTP to using security keys, but that is handled by Google in their OAuth2 flow and that seems to work just fine. I thought that the `NS_ERROR_NOT_IMPLEMENTED` from my screenshot above suggested it's an issue with Thunderbird, but I might be barking up the wrong tree of course.

Although I don't use 2FA myself, I have seen reports where it works in TB with gmail OAuth2 by the user entering a code sent by text message. Using security keys might not be fully supported by TB, but I don't have any direct knowledge of this. A user managed to implement a Yubikey with TB 32-bit on W10. Search Bugzilla for 2FA and see if there are any relevant reports.

Thank you for sharing this, it's actually quite interesting and I might start using OpenPGP with my security keys, but it's not strictly relevant in the context of this bug I would say. Yes, Gmail 2FA usually works fine for me too, so it might be down to the fact that I switched to using a security key, or it might be something different altogether. I have just opened a bug – let's see where that goes: https://bugzilla.mozilla.org/show_bug.cgi?id=1761097

Please test and report back on the information posted in that bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1761097#c17 general.useragent.compatMode.firefox - if false toggle setting to true

That setting is within Thunderbird and Firefox, so test altering in Thunderbird first and if still fails then alter in Firefox and retest. It would be good to know what results you get.

I just tried again after altering that setting in Firefox 101.0.1, following this article, but I still get the same issue. I also replied on the bug report.