Unable to sign to gmail with thunderbird


I run fresh install of Fedora 31. It turns out I cannot set up IMAP account in gmail that supposed to use my G-Suite account (custom domain, not gmail).

After providing my name, email address and password correct settings are detected:

IMAP - imap.gmail.com 993 ssl/tls oauth2
SMTP - smtp.gmail.com 465 ssl/tls oauth2
Username is my full email address

Next a standard Google login page is loaded, where I provide email again, password, a code from 2FA, next I accept that Thunderbird will have access to gmail and next I’m getting an error “Unable to log in at server. Probably wrong configuration, username or password”.

I’m pretty sure username/password is ok, since I can login over web.
App-specific password is not fixing it, although I’ve not used it in a while since Thunderbird is loading “Google sing-in” page.
On Feodra 30 (a day before) all was working fine.
I was trying to change authentication from oauth2 to other possibilites like normal/encrypted password, but that did not help as well.

Does anyone hit the same/similar issue with F31?


I’m not yet running F31 and hardly ever open Thunderbird to access my gmail.com account (preferring to just use the web interface), but since this used to be working for you I’m willing to assume you’re doing all the right things and the problem is elsewhere.

A troubleshooting thought: Do you have Gnome Online Accounts also linked to that same G-Suite login, and does that work as expected? I don’t know that it would fix anything with Thunderbird (I doubt it), but it might provide some insights.

Another thought: It might be worth deleting the account in Thunderbird, revoking Thunderbird’s permission to access your account (https://myaccount.google.com/permissions for Google accounts, not sure if it’s the same for G-Suite), then trying the whole setup over again from scratch. Could be the issue is on the Google end, if something changed in how Thunderbird makes use of its acquired permissions.

Thunderbird is basically the only 3rd party app that I’m using with Google account, and I’ve tried to delete-it-all and start from scratch - no luck.
The Gnome online account works just fine - checked a sec ago, but it did not change a thing with Thunderbird.
I think I will try to downgrade Thunderbird and try to use old bits of binaries.

Poop, yeah it sounds like there’s an issue with Thunderbird then.

Bright side: If that works, then you’ve got a clear demonstration that the problem is something to do with the latest Thunderbird release (and/or its Fedora packaging), so hopefully the package owners should be able to track that down.

Yeah, I wouldn’t have expected it to, but it does [mostly] rule out any weird firewall issues or whatever.

Just out of curiosity: After you try setting up Thunderbird, sign in, and then it fails to reach sign in to the IMAP server, does it appear on the third-party app permissions list? (If nothing else, the answer to that question should help narrow the problem down to something in Thunderbird’s Google authentication, vs. an IMAP client issue.)

No, it has never re-appeared on the list, once I deleted it from it.

A VM with Fedora 30 (live cd) has the same symtoms, so maybe it’s not Thunderbird version :confused:

Looks like I’m not alone with this problem:

Google (and Yahoo) have decided to not allow “insecure” e-mail “applications”. I recently ran into this problem with Yahoo.

To overcome you’ll need to sign in (with the web-browser) and change your account settings such that insecure “apps” are allowed. For Yahoo one needs to create a “pin” (I’m not 100% sure it was called pin) for the insecure app and use this instead of the password.

Hope this helps.

It’s not possible to “allow insecure apps” in Google if 2FA is enabled. There is no option I will disable 2FA. It was working yesterday, on F30. Today on F31 it doesn’t work.

I’ve found a workaround.
Use freshly generated application password + normal password authentication.
I don’t like it but as for now it has to help.

That’s not a recent change, though, and AIUI Thunderbird is not an “insecure app”, or at least it shouldn’t be. That’s why it displays an actual Google sign-in page, instead of trying to collect usernames and passwords itself. (Which Google have rightly moved to prevent from actually working, as it is insecure and they offer Oauth2 sign-in for exactly that reason.)

That seems significant. Sounds like something is breaking in Thunderbird’s Google app sign-in process, preventing it from establishing Oauth2 credentials as a secure app.

Hm. I guess I’m wrong about that, reading through Mozilla’s “Thunderbird and Gmail” document. It does open a web sign-in dialog if necessary, but only after collecting the user’s email address and password for the IMAP settings. If that information is still correct, that’s definitely gonna drop it down below Google’s secure app standards, yeah. It should never be asking for your account password.


Also, the reporter of Mozilla’s bug regarding Thunderbird sign-in to GMail eventually got so tired of all the internal railing against Oauth2 and anti-Google conspiracy theories being bandied about by Mozilla people that he closed the bug with this note. And that is pure comedy gold right there.

This bug has evidently become a chat thread for the mentally ill instead of a Thunderbird feature request, so I’m closing it because I’m tired of it polluting my inbox.

(It was reopened by one of those Mozilla people, with a stern finger-waggle at the tinfoil hatters. Oooh, exactly 5 years ago today.)

There is a bug officially opened against Thunderbird, related to OAuth2. It has been fixed in ver. 62.2.1.
A f32 Thunderbird installed from rawhide brings a relief.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.