3.1 OAuth2 Users

About OAuth2 authentication method

If you've got 2FA authentication then there is a possibility of your provider supporting OAuth2 authentication.

As of 2023, some providers may ONLY support OAuth2 authentication.

To make things easier (i.e. avoid manual account configuration), you might want to set the preference mailnews.auto_config_url to a value that contains the XML file for your provider. If you're concerned about contacting the Mozilla server, you could set this to some server that you control as long as the XML file for your provider is present.

Gmail

Gmail now requires JavaScript for authentication. When you add a Gmail account to Thunderbird this option is presented when Thunderbird requests the auto configuration file.

OAuth2 authentication should be used and is preferred to using less secure methods of authentication such as application specific passwords.

• javascript.enabled must be set to true

Once authenticated you can revert this preference to default.

Microsoft Office 365

To have OAuth2 working with an Office365 mail account, you will need to modify the following preferences:

• network.cookie.cookieBehavior to 1 (TB-user.js' default = 2)
• javascript.enabled to true (TB-user.js' default = false)

Once authenticated you can revert these preferences to default.

Yahoo

To make OAuth2 working with a Yahoo mail account, you will need to modify the following preferences:

• network.cookie.cookieBehavior to 1 (TB-user.js' default = 2)
• network.http.referer.XOriginPolicy to 0 (TB-user.js' default = 2)
• network.http.sendRefererHeader to 2 (TB-user.js' default = 0)
• javascript.enabled to true (TB-user.js' default = false)
• if you want to use the visual captcha, permissions.default.image to 3 (TB-user.js' default = 2)
• if you rather use the audio captcha, dom.webaudio.enabled to true (TB-user.js' default = false)

Once authenticated you can revert these preferences to default.