I have been successfully using Thunderbird (TB) with gmail for years, including via OAuth2 after gmail started requiring it. However, recently one of my gmail accounts … (read more)
I have been successfully using Thunderbird (TB) with gmail for years, including via OAuth2 after gmail started requiring it. However, recently one of my gmail accounts stopped working. This seems to have happened when gmail incorrectly thought that I was attempting access from a new client or a new computer and required that OAuth2 authorization be re-established. Now any attempt to access the account from Thunderbird (receiving or sending mail) results in the OAuth2 pop-up window requesting that I allow Thunderbird to access my gmail account. I select "allow", the pop-up closes, and Thunderbird shows "Host contacted, sending login information..." but it never succeeds. After about 2 minutes, it times out with no further message. I have a second gmail account configured in the same instance of Thunderbird, and it continues to work without difficulty; for that account, gmail has not required that OAuth2 authorization be re-established. I am running TB 114.4.1 on Windows 10. I have ensured that cookies are enabled in TB and local storage of passwords in TB is disabled. In my Google account (the one that does not work in TB), I see that access for Thunderbird has been enabled.
I have tried many things, including moving my TB profile to a different folder and uninstalling/installing TB cleanly (no pre-existing profile). Attempting to set up the gmail account in the new installation fails in the same way, when trying to get OAuth2 authorization. Attempting to set up the other gmail account, which was previously working, now also fails. By moving my old profile back to its normal location and re-installing TB, I can get back to where I was (one gmail account works, the other fails).
I have access to another computer, belonging to a friend, also running Windows 10 and having TB installed. In that instance of TB, I tried creating an account tied to the gmail account that is not working in my computer. There I was able to set up OAuth2 access successfully. That TB installation is old, running version 91.7.0. I tried installing TB 91.7.0 on my computer, but there the OAuth2 authorization process still fails.
I have read RFC 6749, which describes how OAuth2 works. It says:
"The abstract OAuth 2.0 flow illustrated in Figure 1 describes the
interaction between the four roles and includes the following steps:
(A) The client requests authorization from the resource owner. The
authorization request can be made directly to the resource owner
(as shown), or preferably indirectly via the authorization
server as an intermediary.
(B) The client receives an authorization grant, which is a
credential representing the resource owner's authorization,
expressed using one of four grant types defined in this
specification or using an extension grant type. The
authorization grant type depends on the method used by the
client to request authorization and the types supported by the
authorization server.
(C) The client requests an access token by authenticating with the
authorization server and presenting the authorization grant.
(D) The authorization server authenticates the client and validates
the authorization grant, and if valid, issues an access token.
(E) The client requests the protected resource from the resource
server and authenticates by presenting the access token.
(F) The resource server validates the access token, and if valid,
serves the request."
Apparently the failure is occurring at step (C) or (D). Either TB fails to request the token correctly, or the authorization server fails to issue the token. Step (B) succeeds; the pop-up requests my username and password, and those are accepted; if I intentionally type the wrong password, it fails.
I still have access to my mail in the problematic gmail account using gmail's web client, but I really need access via a client on my own computer, preferably TB, so that I can store messages locally and sort/access them in more flexible ways.
Please help. I've been struggling with this for many weeks, and I've spent countless hours trying to fix it.
--Larry