Are you using 128.2.2?

128.2.2 was withdrawn on Thursday because of google/gmail/oauth issues. If you are seeing such issues you can update to 128.2.3 using Help > About. If you do not see 128.2.3 you can download and install 128.2.1 https://ftp.mozilla.org/pub/thunderbird/releases/128.2.1esr/linux-x86_64/

No, I'm using 128.2.1esr-2 but I updated to 128.2.3esr-2. It asked for my oAuth2 credentials after the update but it did not resolve the issue.

re :Changing Auth method to Normal Password and then using app-specific password.

At this moment do you have both incoming and outgoing (smtp) server settings Authentication Method: set as 'Oauth2' ? If yes, then make sure you have swiched off the 2 step verification, otherwise data says expect app specific but settings say expect oauth.

Settings > Privacy & Security WEb Content Select 'Accept cookies from sites'

Make sure any VPN is switched off.

I'm presuming you have: switched off 2 step verification. There are no VPN You have switched off anything that can use localhost such as Apache Xampp Web Content accepts cookies and always allow third party cookies. You have Authentication Method: Oauth2 for both incoming server and smtp server. Correct Server Settings.

• Settings > Privacy & Security
• Passwords section
• Click on 'Saved Passwords'

• completely remove any saved password line for that outlook account.
• Whether it's imap:// or smtp:// or oauth://

Then restart Thunderbird.

Enter normal password (same one you use to access webmail) at prompt and then you get a second window where you click on 'Accept' to allow TB access to server.

Do you get to that second window? Is there an 'oauth://outlook account...' line in the saved passwords ?

All of your presumptions are correct, except for one - I don't know what you mean by switching off 2 step verification. Is that a setting in Thunderbird or are you talking bout the 2factor on the Microsoft account?

In saved passwords, there are 3 oauth: 2 for fastmail, which I left alone, and 1 for login.microsoft.com. I removed it and restarted Thunderbird. Upon the restart, a new authentication window popped up. I entered my credentials. It then prompted for my 2 factor. I entered that. The window disappears, I DO NOT get a second window that has "Accept to allow TB". I've seen that window before on other devices, but it is not prompting now.

I sent a test email from another email client, I received it fine in Thunderbird. I attempted to send an email from Thunderbird, same error.

I went back into Saved Passwords and a new oauth://login.microsoft.com for today was created.

All of your presumptions are correct, except for one - I don't know what you mean by switching off 2 step verification. Is that a setting in Thunderbird or are you talking bout the 2factor on the Microsoft account?

In saved passwords, there are 3 oauth: 2 for fastmail, which I left alone, and 1 for login.microsoft.com. I removed it and restarted Thunderbird. Upon the restart, a new authentication window popped up. I entered my credentials. It then prompted for my 2 factor. I entered that. The window disappears, I DO NOT get a second window that has "Accept to allow TB". I've seen that window before on other devices, but it is not prompting now.

I sent a test email from another email client, I received it fine in Thunderbird. I attempted to send an email from Thunderbird, same error.

I went back into Saved Passwords and a new oauth://login.microsoft.com for today was created.

All of your presumptions are correct, except for one - I don't know what you mean by switching off 2 step verification. Is that a setting in Thunderbird or are you talking bout the 2factor on the Microsoft account?

In saved passwords, there are 3 oauth:// 2 for fastmail, which I left alone, and 1 for login.microsoft.com. I removed it and restarted Thunderbird. Upon the restart, a new authentication window popped up. I entered my credentials. It then prompted for my 2 factor. I entered that. The window disappears, I DO NOT get a second window that has "Accept to allow TB". I've seen that window before on other devices, but it is not prompting now.

I sent a test email from another email client, I received it fine in Thunderbird. I attempted to send an email from Thunderbird, same error.

I went back into Saved Passwords and a new oauth://login.microsoft.com for today was created.

This is the url in saved passwords:

oauth://login.microsoftonline.com (https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access)

re : ...... but I created an app password.....I don't know what you mean by switching off 2 step verification. Is that a setting in Thunderbird or are you talking bout the 2factor on the Microsoft account?

https://support.microsoft.com/en-gb/account-billing/how-to-use-two-step-verification-with-your-microsoft-account-c7910146-672f-01e9-50a0-93b4585e7eb4

If you turn on two-step verification, you’ll get a security code to your email, phone, or authenticator app every time you sign in on a device that isn't trusted.

App passwords are only available if you use two-step verification.

2 step verification and the creation of an 'app specific password' has nothing to do with Thunderbird - it is all set up via Microsoft webmail account.

You would create an 'app specific password' which you would use in Thunderbird instead of the normal password.

If you have switched on 2 step verification and created an app specifc password then in Thunderbird you need to use: Account Settings > Server Settings for that outlook account - you must use 'Authentication Method: Normal Password' AND set the same 'Authentication Method: Normal Password' in the Outgoing SMTP server settings.

However - IF in Thunderbird you want to use 'Authentication Method: Oauth2' for both incoming and outgoing server settings then you cannot use the 'app specific password' and you must switch off 2 step verification via your webmail account.

Then in Thunderbird at the prompt you will get asked for password and that means the normal password you use to logon to webmail - not the app specific password. Click on 'Sign in' then you should see the next window - click on 'Accept' Clicking on the 'Accept' button means you are allowing Thunderbird as a trusted app.

See image below

How to check list of 'trusted/allowed devices and apps' Not sure exactly if this has been slightly altered but....

1. Sign in to Outlook.com 2. Click your user icon at top right 3. Click "View Account". This takes you to an account overview page on account.microsoft.com 4. Click "Security & Privacy" on the menu bar 5. There is an "Apps & Services" section there. Click the "Manage permissions" link in this section. 6. You'll see a list of connected apps, you can click Edit to view/remove their access to your account

If you see Mozilla Thunderbird then you could remove it. In Thunderbird Remember to remove saved oauth and anything else for that account from saved passwords. then restart Thunderbird and you should get asked to sign in and then prompted to 'Accept'.

I read a bit more about using app-specific passwords with O365 accounts. It seems "basic authentication" has been disabled so OAuth2 is now required (https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online). I confirmed this by creating an app-specific password and using it with "Normal Password". I was unable to add the account.

So I switched back to the Thunderbird default of using 'Authentication Method: Oauth2' for both incoming and outgoing server settings. I removed the account, the OAuth credentials, and revoked/removed the app from the Microsoft account (see attached). The only thing I didn't do was remove the authenticator from the account. I restarted Thunderbird, added the account, went through the login process, and it asked for permission to link Thunderbird with my account (the second pop-up we were looking for). I logged in successfully and messages started downloading immediately. However, the issue remains when authenticating/sending messages via the SMTP server.

I can't entirely agree that using OAuth requires the removal of the authenticator from my Microsoft account unless, of course, it's a Thunderbird-specific requirement. Authenticating the IMAP server in Thunderbird works fine. Authenticating the SMTP server using OAuth2 works in 3 other non-thunderbird email clients. I don't see why IMAP would authenticate but SMTP would not. I also do not feel comfortable removing 2 factor from this account for security reasons so if this is a requirement to use Thundbird, unfortunately, I will have to find another solution.

I feel there is a bug with Thunderbird. I'll admit I'm not very technical, but the fact is that everything is configured correctly and IMAP works. The account works correctly in eMclient for PC / MAC, Mail (for android) all of which use OAuth2 to authenticate.

One final thing to note - Fastmail.com is configured using OAuth2 and works correctly in Thunderbird with 2 factor/authenticator attached to the account.

Thanks for all the detail. Note however we find it's not useful to compare to fastmail, it tends not the have odd issues that the others ISP have.

Understood, I will refrain from doing so in the future. Thank you both for your assistance, let me know if there is anything further I can provide.

I'm asking you to do a test using info offered in a bug report.

See info : https://bugzilla.mozilla.org/show_bug.cgi?id=1912556#c27

In Thunderbird Settings > General Scroll to bottom and click on 'Config Editor'

Search for : oauth2.scope

Please copy the info and paste into this forum, so we have a record of what you removed.

then do this: check the 'mail.server.server<NN>.oauth2.scope' pref and fix it, or remove it (should get auto-recreated). You may also need to find the relevant old oauth login in the logins and delete it.

Also delete the oauth://...from the saved passwords.

Restart Thunderbird. Enter password at prompt etc.

Sure!

I searched and found oauth2.scope, see attached. I removed the two related to my O365 account.

I searched for mail.server.server<NN>.oauth2.scope and found it (attached), but I'm unsure how to fix or remove it. I can set a boolean, number, or string but I have no idea what to set it to. I don't see a remove or delete button.

"You may also need to find the relevant old oauth login in the logins and delete it." - What am I searching for specifically? I didn't know what to do here, so I did nothing.

I removed the oauth://, restarted, logged back in and got the same error.

re :I searched for mail.server.server<NN>.oauth2.scope and found it (attached), but I'm unsure how to fix or remove it.....I don't see a remove or delete button.

First image showing several scope for different servers. There seems to be two for outlook.

• mail.server.server4.oauth2.scope
• mail.smtpserver.smtp1.oauth2.scope

There are two icons on the far left - the 'bin' icon is a delete option - click on it to remove both of them. Then remove the saved oauth and/or any other saved password for outlook. Then restart Thunderbird and go through the usual process to login.

The other image just show you searching for : 'mail.server.server<NN>.oauth2.scope' which does not exist because the <NN> represents where a number would be inserted. So if you have inadvertantly managed to create this as a pref: 'mail.server.server<NN>.oauth2.scope' then delete it.

I've deleted those two scopes, removed the oauth, restarted, same issue.

The only thing I couldn't delete was the "mail.server.server<NN>.oauth2.scope" because as you mentioned, it does not exist. Or rather a number hasn't been set.

re:The only thing I couldn't delete was the "mail.server.server<NN>.oauth2.scope"

Instructions on how to remove that preference.

In Thunderbird

• Help > Troubleshooting Information
• Under 'Application Basics' - half way - Profile Folder - clickon 'Open Folder'

It opens in a new window showing contents of your 'profile name' folder.

• Exit Thunderbird now - very important.

• scroll down and locate 'prefs.js' file
• Open 'prefs.js' file using Notepad

• Scroll down and locate: mail.server.server<NN>.oauth2.scope
• Delete that line.
• Close up/remove the gap so no empty lines.
• Save file.

Start Thunderbird and that line is now gone.

I misunderstood your instructions. I was searching specifically for mail.server.server<NN>.oauth2.scope which doesn't exist in prefs.js What did exist is mail.server.server4.oauth2.scope which was removed in the Thunderbird GUI. See below, this is from the prefs.js AFTER the removal. It confirms that the line is no longer present.

user_pref("mail.server.server4.authMethod", 10); user_pref("mail.server.server4.check_new_mail", true); user_pref("mail.server.server4.clientid", "2df3f174-cbe4-4d36-8957-816b0ad8bacf"); user_pref("mail.server.server4.directory", "/home/nsasso/snap/thunderbird/common/.thunderbird/l6kwd9ch.default/ImapMail/outlook.office365.com"); user_pref("mail.server.server4.directory-rel", "[ProfD]ImapMail/outlook.office365.com"); user_pref("mail.server.server4.hostname", "outlook.office365.com"); user_pref("mail.server.server4.lastFilterTime", 28786390); user_pref("mail.server.server4.login_at_startup", true); user_pref("mail.server.server4.max_cached_connections", 5); user_pref("mail.server.server4.moveTargetMode", 1); user_pref("mail.server.server4.name", "myemail@mydomain.com"); user_pref("mail.server.server4.namespace.personal", "\"\""); user_pref("mail.server.server4.nextFilterTime", 28786400); user_pref("mail.server.server4.oauth2.issuer", "login.microsoftonline.com"); user_pref("mail.server.server4.port", 993); user_pref("mail.server.server4.serverIDResponse", "(\"name\" \"Microsoft.Exchange.Imap4.Imap4Server\" \"version\" \"15.20\")"); user_pref("mail.server.server4.socketType", 3); user_pref("mail.server.server4.spamActionTargetAccount", "imap://myemail@outlook.office365.com"); user_pref("mail.server.server4.spamActionTargetFolder", "imap://myemail@outlook.office365.com/Junk Email"); user_pref("mail.server.server4.storeContractID", "@mozilla.org/msgstore/berkeleystore;1"); user_pref("mail.server.server4.timeout", 29); user_pref("mail.server.server4.type", "imap"); user_pref("mail.server.server4.userName", "myemail@mydomain");

re: I've deleted those two scopes, removed the oauth, restarted, same issue.

Did you get prompted by microsoft to enter password and then in next window click on 'Accept'? Or something else ?

Access Config Editor again and post what you see for...

• mail.server.server4.oauth2.scope
• mail.smtpserver.smtp1.oauth2.scope

Yes it pompted for my password in a new window. No it do not ask me to "accept" anything. The login window just disappears and the messages start downloading. I'm sure its because I'm not deleting the app from my Microsoft account during each test. However, I removed it once during a previous test, and it prompted me to "accept". Also, note that smtp1.outh2.scope did NOT appear in the perf.js file until I attempted to send an email.

user_pref("mail.server.server4.oauth2.scope", "https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access");

user_pref("mail.smtpserver.smtp1.oauth2.scope", "https://outlook.office.com/IMAP.AccessAsUser.All https://outlook.office.com/POP.AccessAsUser.All https://outlook.office.com/SMTP.Send offline_access");