OAuth2 Authentication for Yahoo, AOL and ATT

Thunderbird Thunderbird Last updated: 6 hours ago 100% of users voted this helpful

NEW! Update to secure PKCE authentication settings, March 2026

You may have been asked in Thunderbird to log in your Yahoo, ATT or AOL accounts, or seen a notice with the title Upcoming Account Change. This is the result of Thunderbird, as of version 148.0 on February 22, 2026, switching to a more secure authorization protocol known as OAuth2 with PKCE. Below are instructions to assist you in the log in process.

In addition to enhanced security, this update also allows you to access Yahoo, AOL, and ATT calendars and address books in Thunderbird, which is a major new benefit to users. If you need more information, see OAuth2 Authorization below.

You have only one account

If you have only one account, then no change is needed in Thunderbird for PKCE to work. You just log in ("authenticate") by providing your email account and account password (App passwords do not work with OAuth2), and then confirm that Thunderbird may access data on the provider's servers (AOL, ATT, Yahoo, etc). This is a normal and safe process. If you have difficulty, please see Detailed Troubleshooting Steps below.

You have more than one account

If you have more than one account, such as one AOL account and one Yahoo account, to allow PKCE to work you must:

Configure a Thunderbird preference to make multiple accounts work

More details about preferences at: Config Editor.

  1. Click > Settings > General.
  2. Scroll down to the bottom and click Config Editor….
  3. Click Accept the risk and continue if that appears.
  4. Type mailnews.oauth.usePrivateBrowser into the search box.
  5. Click on the Toggle Config Editor Toggle button to change the value to true.
  6. Quit Thunderbird Click > Quit and then restart it.
  7. Retry logging in to your accounts (Yahoo, ATT, AOL).

If you have difficulties, please see Detailed Troubleshooting Steps below.

OAuth2 Authorization

OAuth2 is the default authentication method for accessing Yahoo provided services and partner providers like AOL and ATT. The provider (not Thunderbird) presents to you several dialogs that look like web pages, asking for account username and account password, asking for agreement to terms of service, and requesting authorization for the types of provider data you wish Thunderbird to be permitted to access, such as mail, calendar, and contacts.

OAuth2 dialog sequence

You will be shown dialogs for some or all of the following as part of the authentication process:

  1. Provide your username, email or mobile. Username is your email address.
  2. Provide your Account Password (do not use an "App Password").
  3. Optionally, agree to Terms of Service.
  4. Optionally, choose a method to confirm "Is it really you?" by sending a code to your phone or backup email address and then enter the code sent into a followup dialog.
  5. Grant permission to Thunderbird Mail to access some or all of the following data: mail, contacts, calendar.

At the end of the authentication process:

  • An access token is sent from your provider, which is then stored by Thunderbird in its list of passwords to allow future access to the server. A token is a string of characters to allow access from a specific client on a specific device - it is not a password. Tokens eventually expire, at a time determined by your provider, which requires you to again authenticate with your username and password. If you do not know your password, then you must use your provider's account pages in a web browser to create a new password, often called a "password reset".
  • Thunderbird sets the account's configuration according to the authentication settings you just provided.

Note: OAuth2 also requires javascript and cookies, which are enabled by default in Thunderbird.

Mail Settings

POP

Refer to Yahoo's help page for POP access settings and instructions for Yahoo Mail.

IMAP

Refer to Yahoo's help page for IMAP server settings for Yahoo Mail.

My sign-in attempt was prevented

If you get the Username or password invalid warning and the Sign-in attempt prevented email when you try to connect your Yahoo Mail with Thunderbird, Yahoo has blocked Thunderbird from connecting because it's a "less secure" non-Yahoo app.
Update: please read section Important Changes to Authentication Method Notice below.

In Thunderbird version 68.5 and up, you can change the POP server to pop.mail.yahoo.com (port 995).

Important Changes to Authentication Method Notice

If you currently have a POP or IMAP mail account in Thunderbird and receive an email from Yahoo that says:
"We’ve noticed that you’re using non-Yahoo applications (such as third-party email,calendar, or contact applications) that may use a less secure sign-in method. To protect you and your data, Yahoo will no longer support the current sign-in functionality in your application starting on 20 October 2020."

Check Thunderbird has cookies enabled.

  1. Click Thunderbird app menu > Settings > Privacy & Security.
  2. Tick ✓ Accept cookies from sites.
  3. Click Exceptions… next to Accept cookies from sites to make sure you are not blocking cookies from sites such as yahoo.com, aol.com or att.com.

Update the 'Authentication Method' for the POP3 or IMAP mail account.

  1. Click Thunderbird app menu > Account Settings.
  2. Click on the mail account name in the left sidebar for example nemo@thunderbird.net.
  3. Bottom right: click on Edit outgoing server….
  4. Set Authentication Method to OAuth2.
  5. Click OK.
  6. Click on Server Settings in the left sidebar for your mail account.
  7. Set Authentication Method to OAuth2.
  8. Click on OK.
  9. Quit Thunderbird: click > Quit, wait a few moments for background processes to complete and then start Thunderbird.

There will be a prompt from your Yahoo ISP partner to log in. This is done with an OAuth 2.0 key exchange in Thunderbird which will authenticate the Thunderbird client in future logins.

Import Yahoo's Contact List to Thunderbird

  1. Open your Yahoo Mail account.
  2. On the right side of the screen (left if you are using the "classic mail"), select the Contacts icon. Your contact list will open.
  3. At the top of the list, click the Actions menu.
  4. In the menu, select Export....
  5. Select Netscape/Thunderbird and click Export Now.
  6. Save the yahoo_contacts.ldif file to your desktop or some other place where you can find it later.
  7. Open Thunderbird.
  8. Under Tools, select Import and then Address Books.
  9. Select Text file (LDIF, .tab, .csv, .txt), then click Next.
  10. Select the yahoo_contacts.ldif file that you previously saved.
  11. Your Yahoo! contacts will be imported as a separate yahoo_contacts address book.

Calendar

To configure the Thunderbird calendar with your Yahoo Calendar, follow the instructions at the page Sync or access your calendar on multiple devices and applications on the Yahoo support site.

Detailed Troubleshooting Steps

Please note that the following are unlikely to help resolve your problems: deleting accounts and adding them back, clearing cache, creating a new profile, and restoring your profile from backup.

Please check the following before asking for support

  1. With the password that failed when logging in when using Thunderbird, can you log in to your mail provider’s web interface (webmail)? If you are unable to log in to webmail, then the password is either not an account password or is no longer valid. The easiest way to solve this problem is to reset the account password using your provider’s website.
  2. Cookies must be enabled in Thunderbird: > Settings > Privacy & Security > Accept cookies from sites must be checked.
  3. Can you see the entire OAuth2 dialog panel (no action buttons are missing)? And no OAuth2 dialogs are hidden behind what you currently see?
  4. Are you in the country in which you normally use the account, and not using a VPN?
  5. Is the authentication method in > Account Settings > Server Settings set to OAuth2 for all AOL, ATT, and Yahoo accounts?

How to ask for support

If you are still having trouble, please post a support request at: https://support.mozilla.org/questions/new/thunderbird with:

  • Thunderbird version number. For example 148.0, 140.8.0esr, 149.0b1.
  • List of all your mail providers. For example: ATT, AOL, Yahoo, etc.
  • List all the steps you tried to resolve the issue, and please confirm you have checked everything in the Please check the following before asking for support section above.
  • Screenshots showing the failed attempts or the exact error message from your mail provider.

These fine people helped write this article:

Chris Ilias, Underpass, Tonnes, Teo, Roland Tanglao, Wayne Mery, Toad-Hall, Swarnava Sengupta, user669794, Lan, vesper, Mark Heijl, Angela Lazar, Jegesieslivt
Illustration of hands

Volunteer

Grow and share your expertise with others. Answer questions and improve our knowledge base.

Learn More