Currently using OAuth2 for Thunderbird

You're still using OAuth2 for authentication for Yahoo. With PKCE, a more secure auth handshake method is being used.

When being prompted for re-authentication make sure cookies are allowed in Thunderbird.

Also, Firefox isn't involved here.

Also, Firefox isn't involved here.

?? I can't log in from the Firefox browser so how come Firefox isn't involved??

Please try a private browser window/tab and I may be better able to answer your question.

Currently using OAuth2 for Thunderbird

You're still using OAuth2 for authentication for Yahoo. With PKCE, a more secure auth handshake method is being used.

When being prompted for re-authentication make sure cookies are allowed in Thunderbird.

Unfortunately PKCE isn't offered as an option in the drop down list and the auto setup is selecting OAuth2. I did a grep for both OAith2 and PKCE in the thunderbird Dir and both appear to be in the binary file omni.ja, but only OAuth2 is in libxul.so. When doing an ignore case grep the results are the same for OAuth2, but PKCE occures in 6 files :- crashhelper, libmozsandbox.so, libxul.so, omni.ja, pingsender, thunderbird-bin Don't know if that is relevant? How can I access PKCE if it isn't listed?

I've had the same problem on Mint installed on an Intel iMac I'm thinking Yahoo isn't compatible with more secure browsers as I can't log on with the Brave browser on a Zorin workstation either.

I've tried to use a private window in Firefox and get the same errors.

Did you see this? https://github.com/thunderbird/knowledgebase-issues/issues/117 I looked at the article history to see what comment went with the change that put the banner up there. So this is an internal change to the use of oauth, nothing else and you get not involvement except to allow authentication using your username and password when that version comes out.

The code change is unique to Thunderbird which is why Firefox is not relevant. That you have the issue with both, I would be tempted to look at the container that cannonical use for their snap packages. My guess is the container does not have some security privilege that is required. The Thunderbird team rolled out a snap package, but is has all sort of issues with security.

Firefox snap bugs abound. https://bugzilla.mozilla.org/show_bug.cgi?id=snap https://bugzilla.mozilla.org/show_bug.cgi?id=1780424

Thunderbird does not appear to have a snap meta bug like firefox, but these search results are mostly open SNAP package issues. https://bugzilla.mozilla.org/buglist.cgi?resolution=---&classification=Client%20Software&classification=Developer%20Infrastructure&classification=Components&classification=Server%20Software&classification=Other&query_format=advanced&product=Thunderbird&short_desc=snap&short_desc_type=allwordssubstr

Thanks Matt for your detailed response.

I don't think it is a Snap issue as I downloaded the file thunderbird-147.0.2.tar.xz from the Thunderbird download site. I don't think this is a Snap?

The problem is occurring when the pop up browser window appears to confirm my username and password, ie a browser window, is that still part of Thunderbird, or is that using Firefox code?

I should also point out that I am accessing the Yahoo account from scratch, I've not used Yahoo for a long time. I'm Only going back to it to help out a friend that I've migrated to Thunderbird, so they and I are signing into Yahoo from Thunderbird for the first time.

Anyway, my Yahoo account seems to be locked out now as I can't sign in from Chrome either now!! I suspect too many failed logins for now.

I'll try again tomorrow...

Thanks Matt for your detailed response. I don't think it is a Snap issue as I downloaded the file thunderbird-147.0.2.tar.xz from the Thunderbird download site. I don't think this is a Snap? The problem is occurring when the pop up browser window appears to confirm my username and password, ie a browser window, is that still part of Thunderbird, or is that using Firefox code?

While folks tend to refer to things as using Firefox code, it is more about responsibility for maintenance than source. Thunderbird is built on the Mozilla platform as is Firefox, both programs share a lot of code, however the Mozilla platform is developed and maintained by the Firefox team. SO to get back to your questions. It is not all that relevant. The browser windows used in oAuth au8thentications while served by their respective email site owners owners are displayed and executed in Windows put up by Thunderbird.

I should also point out that I am accessing the Yahoo account from scratch, I've not used Yahoo for a long time.

That should not matter one way or the other.

I'm Only going back to it to help out a friend that I've migrated to Thunderbird, so they and I are signing into Yahoo from Thunderbird for the first time. Anyway, my Yahoo account seems to be locked out now as I can't sign in from Chrome either now!! I suspect too many failed logins for now. I'll try again tomorrow...

Check that cookies are allowed in Thunderbird settings. That is one thing that frequently causes issues as the process uses cookies. Given you are using Linux and folk generally install far more things in Linux than they need, have you got a web development environment installed or even web server software. The oauth authentication stream ends by passing the key to Thunderbird via the localost. Both Webserver software and development environments routinely consume packets to the localhost, so Thunderbird would not get the results. Bottom line is ensure you do not have any other application monitoring and consuming packets on the ports used (HTTP and HTTPS last I looked)