Gmail Oauth2 password pop-up requires Javascript to sign in
I am using Thunderbird 68.7 under Manjaro Linux 20.0 (Lysia).
I am trying to sign into two separate GMail accounts using IMAP/SMTP with Oauth2 for authentication. When TB attempts to connect, I am presented with an HTTPS sign-in pop-up window giving the standard GMail log in wizard. After entering my username, it then presents a window stating:
- The browser you're using doesn't support JavaScript, or has JavaScript turned off. To keep your Google Account secure, try signing in on a browser that has JavaScript turned on.*
Now, clearly I am not using a browser as such (even though TB has some ability to act as one for this sort of thing), and from what I have read, all JS scripting was removed from TB for security reasons.
I have also tried to sign into GMail using 'normal password', but it states that this would require a one time App Password. Needless to say, this is a PC, and no option for and AP (which IIUC is meant for use with mobile apps, and is specific to the recognized apps and registered devices), so this too seems to be a dead end.
Clearly, I am missing something. Is there anything else I need to do, or which I should try?
被采纳的解决方案
There are several javascript-related preferences in Config. editor, but if you haven't changed any, it shouldn't stop you from connecting. Try safe mode (Help/Restart with add-ons disabled), as some of your add-ons may be blocking the authentication, especially the Google ones.
If you change the authentication method to OAuth2, delete any passwords in Edit/Preferences/Security/Passwords/Saved Passwords, restart TB, and enter the password when prompted.
定位到答案原位置 👍 1所有回复 (6)
Javascript is disabled by default in TB, but in order for the OAuth process to complete, JS must be enabled in your system default browser. Cookies must also be enabled in TB Options/Privacy.
If you use normal password authentication, access by 'less-secure apps' must also be allowed in the Google account security settings. If two-step verification is on the account, an app password must be generated and entered in TB instead of the regular account password.
OAuth2 authentication makes it unnecessary to create an app password or allow less-secure apps.
http://kb.mozillazine.org/Using_Gmail_with_Thunderbird_and_Mozilla_Suite
from what I have read, all JS scripting was removed from TB for security reasons.
This is true for mail, but not for browser-like windows like RSS articles, or Google authentication prompts.
Have you somehow disabled Javascript in Thunderbird?
Are you running any kind of security add-on in Thunderbird which blocks Javascript?
由christ1于
@sfhowes - it does not seem to be behaving the way you described, in that it isn't shelling out to the default browser, but instead appears to be using TB's internal HTML browsing capabilities. I've tried setting the default to either Firefox or Chromium, but in both cases TB seems to handle it on it's own.
@christ1 - I don't believe I am running any such scripting manager in TB; my TB extensions are:
- Enigmail
- gContactSync
- Lightning
- Open Google Calendar
- Provider for Google Calendar
However, I normally do run NoScript with both Firefox and Chromium. I have tested this with the ad-blocking and script blocking extensions disabled in Firefox with FF as the default browser, and mean to make the same test with Chromium.
Is there a switch in TB for enabling or disabling Javascript? I know there was one in the past, but from what I read, this was supposedly removed in a release last summer.
选择的解决方案
There are several javascript-related preferences in Config. editor, but if you haven't changed any, it shouldn't stop you from connecting. Try safe mode (Help/Restart with add-ons disabled), as some of your add-ons may be blocking the authentication, especially the Google ones.
If you change the authentication method to OAuth2, delete any passwords in Edit/Preferences/Security/Passwords/Saved Passwords, restart TB, and enter the password when prompted.
I've made sure there were no saved passwords, and restarted in Safe Mode with add-ons disabled, but I got the same result.
I checked Config editor again, and lo and behold, there was a Javascript enable flag which was set to false. I am not sure how I missed that before, I had done a search on it previously and didn't see it. Anyway, it seems to be working now, so thank all of you for your help.