Gmail with Thunderbird using OAUTH2 - not Connecting nor creating a Cookie
This is my first post. But I have been reading and benefiting from all the expertise I have found here for many years! Thanks to all!
Trying to plan ahead for the Gmail OAUTH2 change, I upgraded to Tbird 91.9.0.
My Account Settings all transferred to the new version. I do have multi Gmail accounts, as well as other email accounts, but from other posts here, this should matter.
While I am a long term Tbird user, I am a newbie with OAUTH2. I can't seem to connect. So I am writing here for help!
My setup: - Dell notebook running W10 - internet connection strong - am using a Netgear Nighthawk Hotspot Router, which works great with
everything else, so I really doubt that is an issue
- testing without a firewall; running McAfee - resetting Tbird account back to "Normal Password", then Gmail connects
Incoming Server set to IMAP: imap.gmail.com:993 w SSL/TLS and OAuth2 Outgoing: smtp.gmail.com:465 w SSL/TLS and OAuth2
I have been consistently testing with the same gmail account: - YES, I know my password; it works with both the Gmail web interface,
or after going back to "Normal Password" instead of OAUTH2
- allow any Alert emails via Gmail Web Interface, repeatedly. - Ran Captcha ... many times! In case someone else reading here needs this, it is here: https://accounts.google.com/b/0/DisplayUnlockCaptcha and you must be logged into the Gmail Web Interface when running this. I have learned to take a pause after running this, for it do its thing.
If Toad-Hall is reading this, I found your list of steps here very helpful: https://support.mozilla.org/en-US/questions/1375558 Worth repeating for others who are struggling, like me.
As recommended here: https://support.mozilla.org/en-US/questions/1373706 Cookies: all cleared Remembered Passwords: all cleared
Also looked at this: https://support.mozilla.org/en-US/questions/1375702 Originally, my cookies WERE blocked. I did need to change my Web Content as recommended in this post:
Selected: Remember web sites and links I've visited Selected: Accept cookies from sites Accept third-party cookies: Always Keep until : they expire Not selected: 'Send web sites 'Do not track'.....
Also: In Privacy and Security -> Web content -> Exceptions, added: https://accounts.google.com set to 'Allow' and Saved Changes. Then exit Tbird, took a short pause, started Tbird again, per the advice to properly update the files.
Should I be doing BOTH of these? This post shows options: https://support.mozilla.org/en-US/kb/automatic-conversion-google-mail-accounts-oauth20 So if I Select to accept cookies, should I also set the Exception??? I have tested various combinations of these settings, but not seeing a cookie.
In Tbird, when testing to connect, I see:
"Sign in with your Google Account" Enter my account password (I see an error msg here when I typo the password, no error when entered correctly) Also, have checked "Stay Signed In" while trying to Authorize, as recommended. then click Allow on the second screen.
After a few seconds, keep seeing popup in lower right corner of screen: "Authentication failure while connecting to server imap.gmail.com" Sometimes, this msg does not popup, which seems odd to me, but it still fails: Cookies: still empty Password: still empty
I keep updating and reading and updating the setups and testing again, but no cookies for me!
I admit I have gotten off track, testing and reading posts:
Thought my problem might involve Certificates for a while, but now do not think OAUTH2 is using Certificates. Right?
Thought for a bit it might be Javascript disabled, but I am NOT seeing the popup window that shows this error, from this post: https://support.mozilla.org/en-US/questions/1373379 refers to: https://support.mozilla.org/en-US/questions/1286410 Did find my way to Config editor: https://support.mozilla.org/en-US/questions/1349136 Followed this advice: "Click the 3-bar menu icon, Preferences, and find Config. editor at the bottom of the General section. Or, type editor in the search box at the top of Preferences." Then searched for "Javascript" and found most of settings were true, like javascript.enabled is "true". Should everything that a search for javascript finds be set to true? Since I do not see the error msg, I believe this is not my problem.
Stans posted another helpful summary here:
https://support.mozilla.org/en-US/questions/1375538
"After you've changed your accounts to OAuth2, delete all records of your Google
Account passwords from Thunderbird's password vault (Saved Passwords). With OAuth2,
your passwords are not stored by Tbird. Instead, an OAuth2 token (a long string of
meaningless characters) is stored in the password field. That's what you should see
after completing the OAuth2 process for each of your accounts. You have to do it twice,
once for incoming and once for outgoing server. Also, you must allow cookies in
Thunderbird's Preferences, otherwise it won't work."
If I am following this correctly, after testing to try and authenticate, I should see a Cookie and a Saved Password being created but they are not.
Think this is my problem!
In Gmail web interface, I am not sure of some settings:
In Manage Your Google Account -> Security:
1. Should Sign-in 2-step verification be on/off? (its off) 2. Third Party apps w access shows Tbird (think this is new, don't recall it before) 3. Allow Less Secure App: turn off (was On for normal pswd; either way fails w OAUTH2) (think I have tested all combinations of the above, with no success) I welcome suggestions on how I should set these to connect with OAUTH2.
I feel like I am getting close here, but I am stuck. Is there anything else, maybe something I have not heard about, like Captcha, that I should try?
Have I missed a setting somewhere? Suggestions???
Meadowlark13
Chosen solution
Let's see if this is due to something corrupted in session, password files etc.
Menu app icon > More Troubleshooting Information Under 'Application Basics' - Profile Folder - click on 'Open Folder' This opens a new window showing the contents of your current in use profile name folder.
Exit Thunderbird now - this is important.
Some time ago, it was discovered the pkcs11.txt was causing an issue. It makes you wonder if this has returned.
Look for the following files and delete them.
- cert8.db - obselete file
- key3.db - obselete file
- pkcs11.txt
- secmod.db - obselete file
- session.json
- xulstore.json
NOTE: For this first test do NOT delete:
- key4.db
- cert9.db
- logins.json
Because we need to find out if this is the pkcs.txt file issue first.
Start Thunderbird New pkcs11.txt, session.json, xulstore.json files will get created.
Read this answer in context 👍 1All Replies (10)
greno said
Meadowlark13, Toad-Hall: I'm just going to lurk here and see if you make any progress. I've tried to two days to get OAuth2 working without any success. I'm running Fedora 36 (fresh install) and Thunderbird 91.9.0 using my existing profile (50+G of emails). I have many email accounts with lots of archived emails and creating a brand new profile is not an option for me and shouldn't be necessary. Everything is working with this one exception of OAuth2. Password access still working with Less Secure Access turned ON in Google Account. But that is going to end in less than 3 weeks when Google forces it off. Now back to your regularly scheduled program... Good luck! :-)
Hi greno Menu app icon > Help > More TRoubleshooting Information Under Application Basics' - Profile Folders - click on 'Open Directory' You will see window showing contents of profile name folder.
Exit Thunderbird now.
Look for the following files and delete them.
- cert8.db - obselete file
- key3.db - obselete file
- pkcs11.txt - please report back on whether this file is in profile or not.
- secmod.db - obselete file
- session.json
NOTE: For this first test do NOT delete:
- key4.db
- cert9.db
- logins.json
Start up Thunderbird and report back on results.
Toad-Hall,
Above you asked me to delete SIX files. Did you miss xulstore for greno???
RE: Look for the following files and delete them.
- cert8.db - obselete file
- key3.db - obselete file
- pkcs11.txt
- secmod.db - obselete file
- session.json
- xulstore.json
(also testing to use Bullets here)
[greno@renog13-lin01 xovpgkj0.default]$ mv cert8.db key3.db pkcs11.txt secmod.db session.json /tmp/tbprofile/ mv: cannot stat 'pkcs11.txt': No such file or directory [greno@renog13-lin01 xovpgkj0.default]$
Restarted Thunderbird and it created the pkcs11.txt file. Blew out all my tabs though. Just Inbox tab left.
I think this fixed it. Logged every account in and it's been 10 minutes and no popup for the one Google Account. Of course I now need to go moved all the other GMail accounts over to OAuth2. So it may be a day before I know if everything works. So far looks good. Was able to send and receive an email in the OAuth2 account.
Nice work Toad-Hall!
Just got done testing all the GMail Accounts in Thunderbird after making your changes and they're all over on OAuth2 now and working.
Please post your fix over in the Thunderbird bug I opened.
Thanks, Gerry
Meadowlark13 said
Toad-Hall, Above you asked me to delete SIX files. Did you miss xulstore for greno??? RE: Look for the following files and delete them.(also testing to use Bullets here)
- cert8.db - obselete file
- key3.db - obselete file
- pkcs11.txt
- secmod.db - obselete file
- session.json
- xulstore.json
No. I'd worked out which files were involved after your excellent feedback.
Toad-Hall said
Meadowlark13 said
Toad-Hall, Above you asked me to delete SIX files. Did you miss xulstore for greno??? RE: Look for the following files and delete them.(also testing to use Bullets here)
- cert8.db - obselete file
- key3.db - obselete file
- pkcs11.txt
- secmod.db - obselete file
- session.json
- xulstore.json
No. I'd worked out which files were involved after your excellent feedback.
Ah! Not sure how "excellent" it was, but I do try to follow the steps carefully and always send feedback. Ok, wordy feedback.
I promised an update here.
Summary: Gmail with Oauth-2 authentication is CONNECTING! I am so Happy!
Details:
Been testing, testing every combination of Read (both new mail and old mail)/Send/Reply/Reply-All/Forward that I can think of, between gmail accounts and between gmail and other emails. Everything worked!
Have converted all my Gmail Accounts to OAuth-2, both Incoming and Outgoing. (except last one, holding off for a few days just in case)
Also, set Less Secure App to OFF in Gmail web-interface for each account. Confirmed all Alerts in web-interface were cleared.
Shutdown and Restarted, just to be sure of a clean environment. Testing again, and all is working.
Have been noticing a couple unusual things.
Preferences -> Saved Passwords:
Noticed this pattern: - first account (that is the test account I have been beating on) prompted ONCE for Google passwd, saved the Password, since then has connected to Inbox without prompting - second account prompted TWICE (appears to be Incoming and Outgoing) - third account prompted ONCE and so on.
Also, that same pattern appears in Preferences -> Saved Passwords with the password(s) I see saved per account.
But I can connect to each Inbox, Read and Send from all Accounts. Since it works, I am not worrying this. Should I be?
Outgoing Servers:
I have unique Outgoing Server names linked to each Account, in each main Account Settings, scroll to bottom. Server Names setup in Account Settings -> scroll down to Outgoing Server.
BUT while I have been testing, this list of Outgoing Servers has names that vanish from the Account Settings list from time to time, including the non-gmail accounts. Weird (Scary?)
After panicking, checked Help -> More Thunderbird Info, where the Outgoing Servers are all still shown there, so not really worried. Maybe a GUI bug?
Mentioning this, as others may see this and post about "Outgoing Servers vanished". Not certain, but possibly related to the "active" servers in the current Tbird session.
I learned SO MUCH in this process!
I know this old gal has earned some more of these gray hairs. I would never have solved this problem without your help.
THANK YOU, Toad-Hall and Matt!!!
Meadowlark13
To help people who may have same problem and need to find a solution, could you mark my comment which starts: "Let's see if this is due to something corrupted in session, password files etc." as 'Chosen Solution'. Link: https://support.mozilla.org/en-US/questions/1376290#answer-1504106
It was on page one and the 13th comment in list - haha - lucky for some :)
People often search for 'Chosen Solutions' to see if it offers a solution for them, so marking as 'Chosen Solution' would be most helpful. Many thanks.
Modified by Toad-Hall
just wanted to post my experience trying to get gmail oauth2 to work with TB ... i've already posted this information a couple of other places but want to make sure folks can benefit from the DAYS i spent trying to get this to work ...
i've been running TB 45 forever and gmail oauth2 definitely didn't work for me with TB 45 on W7 x64 ... i first updated to 91.9 but still no dice ... deleting multiple suggested TB config files didn't solve the problem either ... i ultimately discovered that the problem was that NO passwords would save for any of my TB accounts, which of course includes oauth tokens that are now stored in the password file ... it was also NOT practical to recreate accounts from scratch since i had to fix this problem for many clients and myself, and many of us had multiple accounts configured in TB, with many of the accounts containing 30 GB or more emails that would have had to be reloaded from the servers, plus all local emails would be lost unless manually copied from saved profile folders ...
so here's what i finally came up with to get this upgrade to work reliably:
1. first make a backup copy of the local/thunderbird and roaming/thunderbird folders
2. next run TB 45, remove all addons, and exit (these addons are all going to be obsolete anyway, and removing them now cleans up prefs.js)
3. uninstall TB 45
4. empty local/thunderbird
5. delete everything in roaming/thunderbird except: prefs.js, Mail, ImapMail, virtualFolders.dat, folderTree.json, directoryTree.json, and *.mab files (most of the files and folders to be deleted are obsolete anyway, having been left behind as i upgraded TB over the years from TB 2 to TB 45, and any necessary ones will automatically be recreated by TB 91)
6. install TB 91.9 x64
7. run TB 91 and when the profile section box pops up, select the default profile, checking the box to remember it permanently
8. TB 91 will convert all gmail accounts to oauth, so popups for the oauth login procedure will occur for all gmail accounts, so go through the google oauth process for each of those, providing the required password and any subsequently requested secondary security verification information via smartphone SMS or secondary security email security code, and also indicate to all other google security verification emails that you are the one who initiated these activities ... also enter and save conventional passwords as well for non-gmail accounts ...
9. you can verify that all conventional passwords and oauth tokens got saved via viewing TB preferences/privacy & security/saved passwords
10. import contacts in all .mab files (which are obsolete and unrecognized by newer TBs)
10. nice addons are Phoenity Buttons, Phoenity Icons, riseofthetools, search button, lookout (fix version)
11. some old x86 TBs leave behind broken (and unnecessary) user registry keys regarding TB mailto protocols that will interfere with mailto protocol defaulting to the new TB, so these must be manually deleted for each logged in Windows user with:
[-HKEY_CURRENT_USER\Software\Classes\Thunderbird.Url.mailto]
&
[-HKEY_CURRENT_USER\Software\Classes\ThunderbirdEML]
12. TB font sizes can be changed by changing the value of font.size.systemFontScale from 100 to something larger (or smaller) in general/config editor ... Ctrl-mousewheel zooming can be activated via the config editor with "mousewheel.withcontrolkey.action true" ... nonetheless, it's EXTREMELY unfortunate that TB has dropped builtin zoom buttons and no addon exists for such buttons because i personally HATE the inefficiency of having to remove my hands from the mouse to perform keyboard zooming ... i guess we visually impaired folk don't matter much anymore ...
I had an identical problem following an update from a very old version of Thunderbird to the current version. I too discovered after a day of chenging things that authentication worked OK in trouble shooting mode but not in normal mode. Following the advice given above I deleted (well renamed in case I need to put them back :-) ) : cert8.db - obselete file key3.db - obselete file secmod.db - obselete file session.json xulstore.json
I also noted the absence of pkcs11.txt
On restart it all worked - and pkcs11.txt was created - Many thanks