Gmail with Thunderbird using OAUTH2 - not Connecting nor creating a Cookie
This is my first post. But I have been reading and benefiting from all the expertise I have found here for many years! Thanks to all!
Trying to plan ahead for the Gmail OAUTH2 change, I upgraded to Tbird 91.9.0.
My Account Settings all transferred to the new version. I do have multi Gmail accounts, as well as other email accounts, but from other posts here, this should matter.
While I am a long term Tbird user, I am a newbie with OAUTH2. I can't seem to connect. So I am writing here for help!
My setup: - Dell notebook running W10 - internet connection strong - am using a Netgear Nighthawk Hotspot Router, which works great with
everything else, so I really doubt that is an issue
- testing without a firewall; running McAfee - resetting Tbird account back to "Normal Password", then Gmail connects
Incoming Server set to IMAP: imap.gmail.com:993 w SSL/TLS and OAuth2 Outgoing: smtp.gmail.com:465 w SSL/TLS and OAuth2
I have been consistently testing with the same gmail account: - YES, I know my password; it works with both the Gmail web interface,
or after going back to "Normal Password" instead of OAUTH2
- allow any Alert emails via Gmail Web Interface, repeatedly. - Ran Captcha ... many times! In case someone else reading here needs this, it is here: https://accounts.google.com/b/0/DisplayUnlockCaptcha and you must be logged into the Gmail Web Interface when running this. I have learned to take a pause after running this, for it do its thing.
If Toad-Hall is reading this, I found your list of steps here very helpful: https://support.mozilla.org/en-US/questions/1375558 Worth repeating for others who are struggling, like me.
As recommended here: https://support.mozilla.org/en-US/questions/1373706 Cookies: all cleared Remembered Passwords: all cleared
Also looked at this: https://support.mozilla.org/en-US/questions/1375702 Originally, my cookies WERE blocked. I did need to change my Web Content as recommended in this post:
Selected: Remember web sites and links I've visited Selected: Accept cookies from sites Accept third-party cookies: Always Keep until : they expire Not selected: 'Send web sites 'Do not track'.....
Also: In Privacy and Security -> Web content -> Exceptions, added: https://accounts.google.com set to 'Allow' and Saved Changes. Then exit Tbird, took a short pause, started Tbird again, per the advice to properly update the files.
Should I be doing BOTH of these? This post shows options: https://support.mozilla.org/en-US/kb/automatic-conversion-google-mail-accounts-oauth20 So if I Select to accept cookies, should I also set the Exception??? I have tested various combinations of these settings, but not seeing a cookie.
In Tbird, when testing to connect, I see:
"Sign in with your Google Account" Enter my account password (I see an error msg here when I typo the password, no error when entered correctly) Also, have checked "Stay Signed In" while trying to Authorize, as recommended. then click Allow on the second screen.
After a few seconds, keep seeing popup in lower right corner of screen: "Authentication failure while connecting to server imap.gmail.com" Sometimes, this msg does not popup, which seems odd to me, but it still fails: Cookies: still empty Password: still empty
I keep updating and reading and updating the setups and testing again, but no cookies for me!
I admit I have gotten off track, testing and reading posts:
Thought my problem might involve Certificates for a while, but now do not think OAUTH2 is using Certificates. Right?
Thought for a bit it might be Javascript disabled, but I am NOT seeing the popup window that shows this error, from this post: https://support.mozilla.org/en-US/questions/1373379 refers to: https://support.mozilla.org/en-US/questions/1286410 Did find my way to Config editor: https://support.mozilla.org/en-US/questions/1349136 Followed this advice: "Click the 3-bar menu icon, Preferences, and find Config. editor at the bottom of the General section. Or, type editor in the search box at the top of Preferences." Then searched for "Javascript" and found most of settings were true, like javascript.enabled is "true". Should everything that a search for javascript finds be set to true? Since I do not see the error msg, I believe this is not my problem.
Stans posted another helpful summary here:
https://support.mozilla.org/en-US/questions/1375538
"After you've changed your accounts to OAuth2, delete all records of your Google
Account passwords from Thunderbird's password vault (Saved Passwords). With OAuth2,
your passwords are not stored by Tbird. Instead, an OAuth2 token (a long string of
meaningless characters) is stored in the password field. That's what you should see
after completing the OAuth2 process for each of your accounts. You have to do it twice,
once for incoming and once for outgoing server. Also, you must allow cookies in
Thunderbird's Preferences, otherwise it won't work."
If I am following this correctly, after testing to try and authenticate, I should see a Cookie and a Saved Password being created but they are not.
Think this is my problem!
In Gmail web interface, I am not sure of some settings:
In Manage Your Google Account -> Security:
1. Should Sign-in 2-step verification be on/off? (its off) 2. Third Party apps w access shows Tbird (think this is new, don't recall it before) 3. Allow Less Secure App: turn off (was On for normal pswd; either way fails w OAUTH2) (think I have tested all combinations of the above, with no success) I welcome suggestions on how I should set these to connect with OAUTH2.
I feel like I am getting close here, but I am stuck. Is there anything else, maybe something I have not heard about, like Captcha, that I should try?
Have I missed a setting somewhere? Suggestions???
Meadowlark13
Выбранное решение
Let's see if this is due to something corrupted in session, password files etc.
Menu app icon > More Troubleshooting Information Under 'Application Basics' - Profile Folder - click on 'Open Folder' This opens a new window showing the contents of your current in use profile name folder.
Exit Thunderbird now - this is important.
Some time ago, it was discovered the pkcs11.txt was causing an issue. It makes you wonder if this has returned.
Look for the following files and delete them.
- cert8.db - obselete file
- key3.db - obselete file
- pkcs11.txt
- secmod.db - obselete file
- session.json
- xulstore.json
NOTE: For this first test do NOT delete:
- key4.db
- cert9.db
- logins.json
Because we need to find out if this is the pkcs.txt file issue first.
Start Thunderbird New pkcs11.txt, session.json, xulstore.json files will get created.
Прочитайте этот ответ в контексте 👍 1Все ответы (20)
After reading all that I have to ask question because I am confused.
This McAfee has been a problem child since 2012 to my knowledge. (A long time hey) so the first thing is to actually get rid of it for testing. Have you rebooted your device in safe mode (no wifi in safe mode, so break out the cord) this reduces the startup and windows modules to a minimum and allows diagnosis to occur without all the start up dross. Does the setup work in safe mode? What if you also start Thunderbird in Troubleshooting mode (hold the left shift key) will work then?
Note that if you have a VPN that in itself may cause mail issues as the likes of Google think they know where you live (you told them) and a VPN masks that, instead pretending you are somewhere else. A red flashing light to software detecting hacking.
It is also possible you have other software on localhost that is getting in the way. One guy was running a web server as he was a developer. The netstat -b command from an admin command prompt (windows key +X) will show what is listening on localhost 127.0.0.1
Hi Matt! Thank you for your prompt reply!
Sorry about rambling on. Will try to be more concise. I, too, am confused.
I have used VPN(s) in my past, my working past, but you did make me think back and check. Since I purchased this notebook, no VPN has been installed on it. (In our new world of WFH via VPNs, GMail w Tbird might have issues connecting through a VPN? Surprising.)
I am not a developer. No webserver running.
My physical setup may make Safe Mode testing tricky: I decided to "cut the cord"! Seemed like a good idea at the time, less mess and actually cheaper than my old ISP. Own lots of cables. BUT the Netgear Nighthawk does NOT have a physical ethernet port. When I first had the Nighthawk, I tested everything I could imagine and it just worked. I canceled my old ISP connection a couple of months ago, trying save money, so I can't test with it.
Trying to test clean this morning:
From Gmail web interface: saw no new Alerts; ran Captcha again just because Start Thunderbird in Troubleshooting mode (holding Left Shift key) - didn't check either of the boxes went through the Login popups CONNECTED! - no cookies were saved but did see a saved password - sent myself an email and could read new email - surprised I only had to login the once; not again for Outgoing server? Closed Tbird Back to Gmail web interface: New email: "Mozilla Thunderbird Email was granted access to your Google Account" - I confirmed this Start Thunderbird (without troubleshooting mode) - prompted for login again - got same auth failure popup - no cookies AND saved password Disappeared
Also: Tools -> Add-On Manager -> Extensions shows no Extensions installed
Can you please expand on "(windows key +X)"? I tried my keyboard key with the windows rectangle icon (I am icon challenged) together with Shift for capital X, but nothing happened. Not surprising as many shortcut keys give unique results on this Dell.
I found Windows Start (lower left corner) -> Windows System -> Command Prompt then Right click, slide cursor over More, select Run in administrator
Unsure if that will show the same info. If this may be helpful, just let me know and I will post the netstat results here.
Think the connection from Troubleshooting mode is a good sign. Am I correct to assume this connection implies the problem is not the Nighthawk?
Not sure why the Password vanished went testing again outside of Troubleshooting Mode. Or if that matters.
Feels like I am getting closer.
Meadowlark13, who was still not so concise
windowskey+x (I use upper case just to make it obvious when typing that is is part of the "statement", ) Windows really does not do case very well at all, except to mess up if you use shift. Go figure. It opens the "windows 8" charms menu which lists some handy system utilities that are difficult to locate on the start menu.
However a command prompt with admin privileges is what is needed.
However the command prompt may not be needed if things work in safe mode (troubleshooting mode) for Thunderbird. Despite there being no addons showing, my guess is you are getting some hidden ones injected from elsewhere. Most likely an anti virus. What product to you have installed?
if you go to the troubleshooting information on the help menu and scroll down there is a heading for "security software" what shows there?
Got it: command prompt with admin privileges.
Looks like the same menu as right clicking on the Windows icon in lower left corner of screen. Nice Tip!
Troubleshooting Information! Another great find for me.
Have McAfee LiveSafe installed, but have both the Firewall and the AntiVirus OFF to test. (I know this can be problematic.) I tested by turning the FW Off, then the AV Off, checking that they looked off, shutdown, restart, check they still looked off, testing gmail connection again and it did NOT connect.
In this testing state, copied from "Troubleshooting Information" requested below:
Add-ons
Name
Type
Version
Enabled
ID
Amazon.com extension 1.1 true amazondotcom@search.mozilla.org
Bing
extension
1.0
true
bing@search.mozilla.org
DuckDuckGo
extension
1.0
true
ddg@search.mozilla.org
Google
extension
1.0
true
google@search.mozilla.org
Wikipedia (en)
extension
1.0
true
wikipedia@search.mozilla.org
Security Software
Type: Name
Antivirus:
Antispyware:
Firewall:
So I am seeing nothing listed under Security Software.
In Troubleshooting Information, I have not tried "Clear startup cache" button. Could that help/hurt?
Could it be a clue that when testing the connection in Troubleshooting Mode, I still do not see a cookie or a password being created in Preferences?
Meadowlark13 said
Got it: command prompt with admin privileges. Looks like the same menu as right clicking on the Windows icon in lower left corner of screen. Nice Tip!
It is, so I learn something as well.
We never stop learning. Now I would like to learn how to get my email to connect with oauth2.
Did the info pasted above from Troubleshooting Information generate any ideas?
Also asked these questions:
Meadowlark13 said
In Troubleshooting Information, I have not tried "Clear startup cache" button. Could that help/hurt? Could it be a clue that when testing the connection in Troubleshooting Mode, I still do not see a cookie or a password being created in Preferences?
Matt,
Is it bad form here to ask a second question before you have had time to respond to the previous one? Hope not! This one may be easier.
After more testing, I have another question.
I may not understand what I see in Preferences. Does it show: 1. all preferences for Tbird OR 2. preferences for only the selected Account OR 3. preferences for only the selected Account AND separately for Troubleshooting mode
I was thinking it was all of Tbird, but now thinking it could be #3?
After more testing and retesting again carefully:
- test Tbird in Troubleshooting Mode, seemed to quietly connect, NO Google prompt for pswd, Preferences HAS a saved pswd (dated 5/7/22? must be saved from the first time I tried to connect in Troubleshooting Mode), can read, send, read new.
- test Tbird, immediate Google prompt for pswd, Preferences has NO password (which I was expecting to see, like in Troubleshooting mode from same Account)
Been spinning all day testing Tbird, testing Tbird in Troubleshooting Mode; testing with Firewall On/Off, testing with Firewall OFF and AV on/off, then with different options. So far, nothing but Troubleshooting Mode seems to create a pswd and connect.
No option has created a cookie, which feels wrong to me, but as long as the saved pswd shows up and it connects, maybe I shouldn't care. Unless is this a clue.
Lets simplify this just a little. Turn on the menu bar. Right click the toolbar and select menu bar
Now go to the tools menu.
You have account settings. For per account preferences. You have preferences for global preferences. Some things are duplicated in account settings, but there are not many.
Troubleshooting mode does not load add-ons, suppresses advanced graphics and some other things that I have struggled to define for years. It is particularly poorly documents even in the source code. And that is mostly Mozilla platform code. It does appear from my experience to prevent a fairly common practice with anti virus product to inject hidden add-ons into the running application. Oh the joy of being so sure you are entitled to mess with everything.
The "cookie" is simply used to manage the oauth page flow, it passes the results to the next page. Once the thing is completed and the oAuth: entry appears in your saved passwords, you are basically connected to google for life. I have never needed to manually refresh the passwords in years.
Personally I do suggest you clear the local cache. If for nothing else than is can help with IMAP accounts as the cache is heavily used for IMAP mail bodies where the body is not stored locally. Basically all caches need an occasional clean out in my opinion. I would also be not at all surprised is the password dialog, which is not a HTML page only refreshes when the dialog loads, so changes on the fly will not appear. But I have not tested that to be sure.
You might also want to try uninstalling McAfee, you will still have Defender, and to be honest that is all I am using these days. I dropped my paid AV almost a year ago.
Thanks for your reply!
Matt said
Lets simplify this just a little. Turn on the menu bar. Right click the toolbar and select menu bar
Already was checked. I find this the easiest way to see Account Settings.
Matt said
You have account settings. For per account preferences. You have preferences for global preferences. Some things are duplicated in account settings, but there are not many.
Ok, think I understand this better.
I will get busy testing the above suggestions ... after coffee.
I use Norton 360 and after an update, it installed a VPN and auto switched it on. This cause me problems. So I switched it off and all worked ok again.
Does your Mcafee have a VPN and is it activated?
When McAfee VPN is installed, you can easily turn it on or off without opening Total Protection or LiveSafe. Here's how:
- Click Show hidden icons in the bottom right of the taskbar.
- Right-click the McAfee Total Protection icon in the list.
- Turn off VPN
Mcafee may also control the Firewall, so make sure Firewall has Thunderbird as an allowed app.
Mcafee may also have a tracker/cookie scan/cleaner option. I'm wondering if Mcafee is cleaning up eg: session files, passwords and cookies etc from Thunderbird, which may explain why they exist and then disappear. Perhaps there is a way of exclusing (typo..maybe even 'excluding') any 'Thunderbird profile' folder from any scanning.
Изменено Toad-Hall
I am having this same problem with OAuth2. Anytime I enable OAuth2 on a GMail account it gets an authenication failure to imap.gmail.com. No passwords saved. Less Secure Access turned OFF in Google Account. OAuth2 | SLS/TLS | 993 All cookies accepted.
Nothing I can think of doing is making any difference. OAuth2 always fails. This will become a nightmare come May 30 if this is happening to many of us.
I've opened a Thunderbird bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1768542
Hi Toad-Hall! Thanks for the ideas.
Quick update: still not connecting and no password created
More Results / Ramblings follow.
From Toad-Hall's suggestions:
Yup, McAfee LiveSafe also installed a VPN. I have never run a VPN on this notebook. My taskbar icon was not hidden and right-clicking confirms VPN is OFF.
When I am saying "testing" mode, from McAfee LiveSafe gui: - turning off FW, shutdown and restart, confirming FW is OFF - repeat this again to ensure McAfee AV Real-Time Scanning is OFF. I have seen McAfee be persistent, but a restart (not just a reboot) seems to clear it for me. - test Tbird connection; same pop-up error (which appears intermittently). Only in Troubleshooting mode is a password generated and saved. - after testing, turn McAfee services ON (also manually scanning local drive to stay safe) - McAfee Cleaner is "scheduled" to run once a week so should not interfere with testing, especially because the pswd from Troubleshooting disappears quickly
From Matt's suggestions:
From Troubleshooting Info, click Clear Startup Cache. From "testing" environment, same pop-up error. I typically clear caches, too, but just discovered this one.
I just keep coming back to never seeing a Cookie. When this works and connects, I know I should see the saved password. Should I see a Cookie? I understand with the saved password I shouldn't need to keep the cookie any longer, but before I manually clear it, should it be there?
However, Toad-Hall, you said a new term for me: "Thunderbird Profile"
Been searching and reading here on these boards (yeah, again). Found this: Thunderbird (v91.3.0): passwords work only in troubleshoot mode, but I have no add-ons https://support.mozilla.org/en-US/questions/1356469 which refers to here (from 2021 with version 91.1): https://support.mozilla.org/en-US/questions/1350009 (I admit this got very technical for me!) This sentence has my attention: "I would guess that the layout is broken, and the password checkbox is not being read. This probably was a result of re-using a profile used in an older version of TB"
This absolutely describes me. Am a long term Tbird user. Not sure, but think this install is from 2016. <pause for laughter here> Upgraded, but recently upgraded to version 91.9.0. Yes, jumping some versions.
Found great doc: "profile manager create and remove thunderbird profiles" (yeah, I noticed the Authors) https://support.mozilla.org/en-US/kb/profile-manager-create-and-remove-thunderbird-profiles
I have never created another Profile, but getting desperate enough to consider trying this option. I could create an alternate profile, recreate my test gmail account there and config it the same. If I follow, this would recreate layouts, fixing any broken layouts, any pesky .db files, etc. I could even live with my gmail accounts only in the new profile and my other emails in the old default profile. Does this sound reasonable? Or am I just lost here?
Are "Profiles" a commonly used and supported feature?
Sorry for rambling on. Meadowlark13 (for Greno: I am into week 2 of trying to get this to connect)
Выбранное решение
Let's see if this is due to something corrupted in session, password files etc.
Menu app icon > More Troubleshooting Information Under 'Application Basics' - Profile Folder - click on 'Open Folder' This opens a new window showing the contents of your current in use profile name folder.
Exit Thunderbird now - this is important.
Some time ago, it was discovered the pkcs11.txt was causing an issue. It makes you wonder if this has returned.
Look for the following files and delete them.
- cert8.db - obselete file
- key3.db - obselete file
- pkcs11.txt
- secmod.db - obselete file
- session.json
- xulstore.json
NOTE: For this first test do NOT delete:
- key4.db
- cert9.db
- logins.json
Because we need to find out if this is the pkcs.txt file issue first.
Start Thunderbird New pkcs11.txt, session.json, xulstore.json files will get created.
Изменено Toad-Hall
Are you using Windows 10 or have you updated to Windows 11 ?
Meadowlark13, Toad-Hall: I'm just going to lurk here and see if you make any progress. I've tried to two days to get OAuth2 working without any success. I'm running Fedora 36 (fresh install) and Thunderbird 91.9.0 using my existing profile (50+G of emails). I have many email accounts with lots of archived emails and creating a brand new profile is not an option for me and shouldn't be necessary. Everything is working with this one exception of OAuth2. Password access still working with Less Secure Access turned ON in Google Account. But that is going to end in less than 3 weeks when Google forces it off.
Now back to your regularly scheduled program... Good luck! :-)
Toad-Hall said
Are you using Windows 10 or have you updated to Windows 11 ?
Windows 10. Just double checked.
Toad-Hall,
Per your request above and typing carefully:
This will change the whole Profile? Not just the active Account??? I am going to be extremely frustrated if all my non-gmail accounts stop connecting!
Doing anything manually with .db and .json files makes me nervous.
What is the "Menu app icon"? (I am icon challenged) I tried the 3 horizontal bars in the top right corner, but no "More Troubleshooting". Maybe the 3 bars -> select "Help > " for submenu to appear -> More Troubleshooting Information?
From top toolbar, pulled down Help -> More Troubleshooting, which I hope is what I want. Under 'Application Basics' - Profile Folder, clicking "Open Folder" created a new window, which appears to be a File Manager.
Exit Tbird.
Sorting by date, there are some old files here. (I spy abook files. Thought I had permanently lost my address book with the upgrade, but maybe there is hope. This is off topic here.)
There is NO pkcs11.txt to delete. Only see 4 *.txt files (sorting by Type), none starting with p. BTW secmod.db was dated from 2016.
Deleted 5 of 6 files above (except no pkcs11.txt) See the 3 other files and did not touch them.
Launch Tbird (noticed initial window looks different)
Expecting "pkcs11.txt, session.json, xulstore.json files will get created." See new pkcs11.txt, xulstore.json NO session.json Exit Tbird see sessions.json
I did NOT relaunch the Open Folder above, because I left it open. Just in case this makes a difference. (did click "Refresh" from the arrow that circles clockwise)
You did not say to test the connection here or to hold at this point. Am standing by.
Изменено Meadowlark13
re :There is NO pkcs11.txt to delete.
Well that may be the problem, it should have been there. Why it was not there is unknown.
After start Thunderbird you say - See new pkcs11.txt - That is good.
Now see if all is working ok with gmail.
Изменено Toad-Hall
re : Maybe the 3 bars -> select "Help > " for submenu to appear -> More Troubleshooting Information?
Yes, that is correct- sorry, that was my error, I should have stated it was under Help. Using the top 'Menu Bar' toolbar is perfectly ok - I use it, but not everyone has it enabled hence why I mentioned the 'menu app icon' (3 lines).
Toad-Hall,
re : Now see if all is working ok with gmail.
Maybe. My test account with gmail using oauth2 CONNECTED! No prompts to enter Goggle password. I see a Saved Password!
This account now has a batch of gmail Alerts. Am very familiar with clearing these ;-) A very hopeful sign! Let me test a bit longer. Will update later.
Was so anxious to test, I forgot to turn off McAfee FW and AV, and it still connected.
If this fixed my problem, Toad-Hall, I LUV YOU!
Meadowlark13