Automatic Conversion of Google mail accounts to OAuth 2.0 Authentication

Thunderbird 91.8.0, released 5th April 2022, converts the authentication method of Gmail accounts to OAuth 2.0 to help users comply with Google's requirement of OAuth 2.0 for Gmail logins. These changes are required by Google.

How to avoid or correct an OAuth failure caused by rejected cookies

First, verify your general setting for cookies in Thunderbird:

• Do ≡ > Preferences > Privacy & Security > Web Content.
• Look at the checkbox Accept cookies from sites.

If Accept cookies from sites is not checked, do one of the following and then go through the OAuth login process again:

• Create an exception to accept cookies from Google:
  • Click the nearby Exceptions… button to open the Exceptions - Cookies dialog.
  • In the Address of website input box, enter https://accounts.google.com.
  • Pick Allow, then Save Changes.
• Alternatively, accept all cookies:
  • Set the checkmark for Accept cookies from sites.

After you have gone through the OAuth process, if you prefer, you can again reject cookies, because receiving and sending mail will work with cookies rejected. But rejecting all cookies or removing the exception has the disadvantage that when the OAuth token for Gmail access expires at some date in the future, the OAuth dialog will show up and fail again until you accept the required cookies.

For greater detail about cookies, see the article Privacy panel - Remote content and cookie settings in Thunderbird.

How to avoid or correct an OAuth failure caused by disabled javascript

• Do ≡ > Preferences > General > Config Editor.
• Paste this into the Search preference name searchbox: javascript.allow.mailnews.
  • If you see a search result line with javascript.allow.mailnews which contains false, you must change it to true by clicking the Toggle button to the right.
  • If you see a line with javascript.allow.mailnews which contains true or a + button at the end of the line, then no change is needed.

Check if the proper authentication tokens have been saved

• Do ≡ > Settings > Privacy & Security > Passwords> Saved Passwords.
  • If account authentication was set to OAuth2 and the OAuth login was successful, you should see entries for each username (gmail account) of the form

oauth://accounts.google.com (https://mail.google.com/ …)

Note: The oauth entry is an OAuth2 authentication token, and not a password.

• If account authentication was set to OAuth2 and OAuth login was not successful, check your password entries for providers of the following form and delete them:

imap://imap.gmail.com (imap://imap.gmail.com)

smtp://smtp.gmail.com (smtp://smtp.gmail.com)

If you're still having problems, you can ask a question in Thunderbird support.