thunderbird-user.js: [BUG] Can't add Yahoo account to Thunderbird (OAuth2 + ReCaptcha)

Hello,

Describe the bug Not really a bug I guess, but I would like to add a Yahoo account to a Thunderbird profile with thunderbird-user.js & user.js-overrides from 12bytes.org.

After configuration of the account in TB, a webpage pops up displaying Yahoo’s login screen (OAuth2). It first asks for the email address (pre-filled field), then I click “Next” and it displays the following error message within the page “Oops, something went wrong”.

The URL of this page is of the following format (portions with braces are actually replacing some tokens in original URL): https://login.yahoo.net/account/challenge/recaptcha/recaptcha-script?src=oauth&client_id={clientIDToken}--&redirect_uri=http%3A%2F%2Flocalhost&done=https%3A%2F%2Fapi.login.yahoo.com%2Foauth2%2Fauthorize%3F.scrumb%3D0%26client_id%3D{clientIDToken}--%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%26response_type%3Dcode%26scope%3Dmail-w&sessionIndex=QQ--&acrumb={smallToken}&display=login&authMechanism=primary&lang=en-US&siteKey={siteKeyToken}&recaptchaLang=en&recaptchaDomain=www.google.com

It looks like a ReCaptcha issue, also I’ve tried what is advised at the top of this thread :

privacy.resistFingerprinting - false
privacy.firstparty.isolate.restrict_opener_access - false
privacy.firstparty.isolate - false
dom.targetBlankNoOpener.enabled - false
dom.webaudio.enabled - true
and google.com/recaptcha & gstatic.com/recaptcha 3rd party stuff whitelisted in extensions
also google likes 3rd party cookies for their services to run
also don't mess with windows.name (script, CanvasBlocker: whitelist it)

More precisely I set the 5 first prefs as indicated, and authorized all cookies (not sure what are extensions’ whitelist and window.name referring to). But no success.

Environment

  • Thunderbird version used (X.Y.Z) : 102.7.1
  • thunderbird user.js template version used (X.Y or commit SHA) : 102.1
  • Operating system and version : Linux Mint 21

Additional context This happens on a freshly created TB profile with thunderbird-user.js and user.js-overrides applied using arkenfox’s updater.sh (in which I modified the update URL so that it points to this repo and not arkenfox’s) and prefsCleaner.js

Checklist

  • I can confirm the bug is due to thunderbird user.js template and not an overridden preference nor an add-on ;
  • I have searched for [SETUP-*] tags and read them up ;
  • I have searched the GitHub project (issues and Wiki) for my issue.

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Comments: 16 (8 by maintainers)

Most upvoted comments

Thank you very much for your messages and congratulations for your achievements ! 🎉

The OAuth2 wiki page has been updated with your additions 🙏

Bye, see you around 👋

+1
HorlogeSkynet on Mar 6, 2023

Yes I do… 🙄

Took some time but eventually paid off, and you were right in focusing on CSP errors. Thank you for your support & guidance.

Here is the magical recipe to perform Yahoo Oauth. One can ignore all what was said hereinabove and just apply the following (tested on a fresh TB profile with thunderbird-user.js v102.1 alone, as well as together with 12bytes.org’s user.js-overrides v102r2):

user_pref("network.cookie.cookieBehavior", 1);      // required for Yahoo Oauth = 1 (accept same-origin cookies) / default TB-user.js = 2 (block all cookies)
user_pref("network.http.referer.XOriginPolicy", 0); // required for Yahoo Oauth = 0 (always send cross-origin referrer) / default TB-user.js = 2 (send cross-origin referrer only if hosts match) 
user_pref("network.http.sendRefererHeader", 2);     // required for Yahoo Oauth = 2 (send referer header when clicking on a link or loading an image, and set document.referrer for the following page. ) / default TB-user.js = 0 (never send the Referer header or set document.referrer)         
user_pref("javascript.enabled", true);              // required for Yahoo Oauth = true / default TB-user.js = false
user_pref("permissions.default.image", 3);          // only required for Yahoo Oauth if image captcha (and not audio) is chosen = 3 (prevent third-party images from loading)/ default TB-user.js = 2 (block all images from loading)
user_pref("dom.webaudio.enabled", true);            // only required for Yahoo Oauth if audio captcha (and not picture) is chosen = true ()/ default TB-user.js = false

Notes:

  • Only one of the two last prefs is mandatory (depending on whether you prefer visual or audio captcha)
  • Once the OAuth was performed, all preferences can be reset to TB-user.js default’s and emails will still continue to synchronize, at least until potential OAuth token’s expiration.

Successfully tested TB account config:

  • Incoming:
    • Protocol: IMAP
    • Hostname: imap.mail.yahoo.com
    • Port: 993
    • Connection security: SSL/TLS
    • Authentification method: Oauth2
    • Username: {full email address}
  • Outgoing:
    • Protocol: SMTP
    • Hostname: smtp.mail.yahoo.com
    • Port: 465
    • Connection security: SSL/TLS
    • Authentification method: Oauth2
    • Username: {full email address}
+1
oleole39 on Mar 5, 2023

This issue won’t be resolved and one may encounter it in the future

I am fine with digging further the issue, but I am likely to need guidance 😃

I am wondering whether we should focus on the NS_ERROR_NOT_IMPLEMENTED errors or rather the CSP ones 🥲

I have just tried looking at the debugging output when adding an account to TB which I knew was working with standard thunderbird-user.js without any tweaking, but here with the same prefs setup than the previous debug log. It still works and here is the debug output leading to successful integration of the account to Thunderbird.

Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow]", result: 2147746065, filename: "resource://devtools/server/actors/targets/window-global.js", lineNumber: 422, columnNumber: 0, data: null, stack: "get window@resource://devtools/server/actors/targets/window-global.js:422:5\n_windowReady@resource://devtools/server/actors/targets/window-global.js:1408:24\nwatch@resource://devtools/server/actors/targets/window-global.js:1676:25\n_onDocShellCreated/<@resource://devtools/server/actors/targets/window-global.js:954:32\nexports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:103:22\n", location: XPCWrappedNative_NoHelper }
ThreadSafeDevToolsUtils.js:82:13
Missing resource in locale fr: messenger/messenger.ftl
Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow]", result: 2147746065, filename: "resource://devtools/server/actors/targets/window-global.js", lineNumber: 422, columnNumber: 0, data: null, stack: "get window@resource://devtools/server/actors/targets/window-global.js:422:5\n_windowReady@resource://devtools/server/actors/targets/window-global.js:1408:24\nDebuggerProgressListener.prototype.onWindowCreated<@resource://devtools/server/actors/targets/window-global.js:1782:23\nexports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:103:22\n", location: XPCWrappedNative_NoHelper }
ThreadSafeDevToolsUtils.js:82:13
Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow]", result: 2147746065, filename: "resource://devtools/server/actors/targets/window-global.js", lineNumber: 422, columnNumber: 0, data: null, stack: "get window@resource://devtools/server/actors/targets/window-global.js:422:5\n_willNavigate@resource://devtools/server/actors/targets/window-global.js:1474:22\nDebuggerProgressListener.prototype.onStateChange<@resource://devtools/server/actors/targets/window-global.js:1883:25\nexports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:103:22\n", location: XPCWrappedNative_NoHelper }
ThreadSafeDevToolsUtils.js:82:13
Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow]", result: 2147746065, filename: "resource://devtools/server/actors/targets/window-global.js", lineNumber: 422, columnNumber: 0, data: null, stack: "get window@resource://devtools/server/actors/targets/window-global.js:422:5\n_windowReady@resource://devtools/server/actors/targets/window-global.js:1408:24\nDebuggerProgressListener.prototype.onWindowCreated<@resource://devtools/server/actors/targets/window-global.js:1782:23\nexports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:103:22\n", location: XPCWrappedNative_NoHelper }
ThreadSafeDevToolsUtils.js:82:13
Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow]", result: 2147746065, filename: "resource://devtools/server/actors/targets/window-global.js", lineNumber: 422, columnNumber: 0, data: null, stack: "get window@resource://devtools/server/actors/targets/window-global.js:422:5\n_windowDestroyed@resource://devtools/server/actors/targets/window-global.js:1441:24\nDebuggerProgressListener.prototype.observe<@resource://devtools/server/actors/targets/window-global.js:1827:25\nexports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:103:22\n", location: XPCWrappedNative_NoHelper }
ThreadSafeDevToolsUtils.js:82:13
Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow]", result: 2147746065, filename: "resource://devtools/server/actors/targets/window-global.js", lineNumber: 422, columnNumber: 0, data: null, stack: "get window@resource://devtools/server/actors/targets/window-global.js:422:5\nget originalWindow@resource://devtools/server/actors/targets/window-global.js:496:5\n_docShellToWindow@resource://devtools/server/actors/targets/window-global.js:1033:7\n_docShellsToWindows/<@resource://devtools/server/actors/targets/window-global.js:1053:29\n_docShellsToWindows@resource://devtools/server/actors/targets/window-global.js:1053:8\n_notifyDocShellsUpdate@resource://devtools/server/actors/targets/window-global.js:1063:26\nDebuggerProgressListener.prototype.onStateChange<@resource://devtools/server/actors/targets/window-global.js:1875:25\nexports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:103:22\n", location: XPCWrappedNative_NoHelper }
ThreadSafeDevToolsUtils.js:82:13
Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow]", result: 2147746065, filename: "resource://devtools/server/actors/targets/window-global.js", lineNumber: 422, columnNumber: 0, data: null, stack: "get window@resource://devtools/server/actors/targets/window-global.js:422:5\n_navigate@resource://devtools/server/actors/targets/window-global.js:1532:24\nDebuggerProgressListener.prototype.onStateChange<@resource://devtools/server/actors/targets/window-global.js:1918:27\nexports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:103:22\n", location: XPCWrappedNative_NoHelper }
ThreadSafeDevToolsUtils.js:82:13
Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow]", result: 2147746065, filename: "resource://devtools/server/actors/targets/window-global.js", lineNumber: 422, columnNumber: 0, data: null, stack: "get window@resource://devtools/server/actors/targets/window-global.js:422:5\nget originalWindow@resource://devtools/server/actors/targets/window-global.js:496:5\n_docShellToWindow@resource://devtools/server/actors/targets/window-global.js:1033:7\n_docShellsToWindows/<@resource://devtools/server/actors/targets/window-global.js:1053:29\n_docShellsToWindows@resource://devtools/server/actors/targets/window-global.js:1053:8\n_notifyDocShellsUpdate@resource://devtools/server/actors/targets/window-global.js:1063:26\nDebuggerProgressListener.prototype.onStateChange<@resource://devtools/server/actors/targets/window-global.js:1875:25\nexports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:103:22\n", location: XPCWrappedNative_NoHelper }
ThreadSafeDevToolsUtils.js:82:13
    reportException resource://devtools/shared/ThreadSafeDevToolsUtils.js:82
    makeInfallible resource://devtools/shared/ThreadSafeDevToolsUtils.js:109
TypeError: this.transport is null
    send resource://devtools/server/devtools-server-connection.js:99
    _sendEvent resource://devtools/shared/protocol/Actor.js:72
    initialize resource://devtools/shared/protocol/Actor.js:46
    _emit resource://devtools/shared/event-emitter.js:242
    emit resource://devtools/shared/event-emitter.js:186
    emit resource://devtools/shared/event-emitter.js:330
    _notifyDocShellDestroy resource://devtools/server/actors/targets/window-global.js:1088
    _onDocShellDestroy resource://devtools/server/actors/targets/window-global.js:968
    observe resource://devtools/server/actors/targets/window-global.js:931
    observe resource://devtools/server/actors/targets/parent-process.js:130
    changeRemoteness resource:///modules/MailE10SUtils.jsm:81
    loadURI resource:///modules/MailE10SUtils.jsm:54
    loadRequestedUrl chrome://messenger/content/browserRequest.js:141
    onload chrome://messenger/content/browserRequest.xhtml:1
event-emitter.js:257:19
NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow] window-global.js:422
Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow]", result: 2147746065, filename: "resource://devtools/server/actors/targets/window-global.js", lineNumber: 422, columnNumber: 0, data: null, stack: "get window@resource://devtools/server/actors/targets/window-global.js:422:5\n_windowReady@resource://devtools/server/actors/targets/window-global.js:1408:24\nDebuggerProgressListener.prototype.onWindowCreated<@resource://devtools/server/actors/targets/window-global.js:1782:23\nexports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:103:22\n", location: XPCWrappedNative_NoHelper }
ThreadSafeDevToolsUtils.js:82:13
Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow]", result: 2147746065, filename: "resource://devtools/server/actors/targets/window-global.js", lineNumber: 422, columnNumber: 0, data: null, stack: "get window@resource://devtools/server/actors/targets/window-global.js:422:5\n_windowDestroyed@resource://devtools/server/actors/targets/window-global.js:1441:24\nDebuggerProgressListener.prototype.observe<@resource://devtools/server/actors/targets/window-global.js:1827:25\nexports.makeInfallible/<@resource://devtools/shared/ThreadSafeDevToolsUtils.js:103:22\n", location: XPCWrappedNative_NoHelper }
ThreadSafeDevToolsUtils.js:82:13
NS_ERROR_NOT_IMPLEMENTED: Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIRequest.name] 3 OAuth2.jsm:170
NS_ERROR_NOT_IMPLEMENTED: Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIRequest.name] OAuth2.jsm:170
Not showing popup notification password with the message Save login for {domain}? browserRequest.js:12:13
NS_ERROR_NOT_IMPLEMENTED: Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIRequest.name] OAuth2.jsm:170
NS_ERROR_NOT_IMPLEMENTED: Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIRequest.name] 2 OAuth2.jsm:170
NS_ERROR_NOT_IMPLEMENTED: Component returned failure code: 0x80004001 (NS_ERROR_NOT_IMPLEMENTED) [nsIRequest.name] OAuth2.jsm:170
TypeError: this.transport is null
    send resource://devtools/server/devtools-server-connection.js:99
    _sendEvent resource://devtools/shared/protocol/Actor.js:72
    initialize resource://devtools/shared/protocol/Actor.js:46
    _emit resource://devtools/shared/event-emitter.js:242
    emit resource://devtools/shared/event-emitter.js:186
    emit resource://devtools/shared/event-emitter.js:330
    _notifyDocShellDestroy resource://devtools/server/actors/targets/window-global.js:1088
    _onDocShellDestroy resource://devtools/server/actors/targets/window-global.js:968
    observe resource://devtools/server/actors/targets/parent-process.js:140
event-emitter.js:257:19
    _emit resource://devtools/shared/event-emitter.js:257
    emit resource://devtools/shared/event-emitter.js:186
    emit resource://devtools/shared/event-emitter.js:330
    _notifyDocShellDestroy resource://devtools/server/actors/targets/window-global.js:1088
    _onDocShellDestroy resource://devtools/server/actors/targets/window-global.js:968
    observe resource://devtools/server/actors/targets/parent-process.js:140
NS_ERROR_NOT_AVAILABLE: Component returned failure code: 0x80040111 (NS_ERROR_NOT_AVAILABLE) [nsIDocShell.domWindow] window-global.js:422
Loading failed for the <script> with source “chrome://global/content/netError.js”. neterror:128:4
[Exception... "Component returned failure code: 0x80520012 (NS_ERROR_FILE_NOT_FOUND) [nsIMsgAccountManager.loadVirtualFolders]"  nsresult: "0x80520012 (NS_ERROR_FILE_NOT_FOUND)"  location: "JS frame :: chrome://messenger/content/msgMail3PaneWindow.js :: loadPostAccountWizard :: line 928"  data: no] msgMail3PaneWindow.js:928:20
PROPFIND{domain_URL}/.well-known/carddav
[HTTP/1.1 405 Not Allowed 227ms]

HTTPS-Only Mode: Not upgrading insecure request “http://ocsp.globalsign.com/{certificateID}” because it is exempt.
PROPFIND{domain_URL}
[HTTP/1.1 405 Not Allowed 32ms]

mail.setup: 
Exception { name: "NS_ERROR_FAILURE", message: "Address book discovery failed", result: 2147500037, filename: "resource:///modules/CardDAVUtils.jsm", lineNumber: 423, columnNumber: 0, data: null, stack: "detectAddressBooks@resource:///modules/CardDAVUtils.jsm:423:13\n", location: XPCWrappedNative_NoHelper }
accountSetup.js:2466
PROPFIND{domain_URL}/.well-known/caldav
[HTTP/1.1 405 Not Allowed 114ms]

PROPFIND{domain_URL}
[HTTP/1.1 405 Not Allowed 122ms]

PROPFIND{domain_URL}
[HTTP/1.1 405 Not Allowed 116ms]

PUT{domain_URL}
[HTTP/1.1 405 Not Allowed 114ms]

mail.setup: NoneFoundError: 
    DetectionError resource:///modules/calendar/utils/calProviderDetectionUtils.jsm:20
    <anonymous> resource:///modules/calendar/utils/calProviderDetectionUtils.jsm:31
    detect resource:///modules/calendar/utils/calProviderDetectionUtils.jsm:164
accountSetup.js:2589
This page is in Quirks Mode. Page layout may be impacted. For Standards Mode use “<!DOCTYPE html>”. 7 MimeMessage.jsm:621:24
<Provider> does not support changing `store` on the fly. It is most likely that you see this error because you updated to Redux 2.x and React Redux 2.x which no longer hot reload reducers automatically. See https://github.com/reactjs/react-redux/releases/tag/v2.0.0 for the migration instructions. react-redux.js:881:13

There are plenty of NS_ERROR_NOT_IMPLEMENTED as well, looking the same than in previous debug log. As the result is successful, that makes those errors less likely to be the ones blocking the Yahoo Oauth. However no CSP error there so they may well be an issue.

Referring to Yahoo’s debug log from previous post, do you know whether we can exclude from the investigation the warnings about:

  • cookies, complaining at the beginning they have no “proper same site attribute” ?
  • WebGL issues ? maybe related to canvas extraction in the first log, with the remaining mention in all Yahoo logs of transform-origin: 0 0?

you can try to narrow down the guilty preference by using dichotomy (only keep the first half of preferences enforced and repeat the process on other “halves” according to the result of the previous iteration…). Not very effective but sometimes relevant.

Do you refer to all thunderbird-user.js’ modified prefs as base set of prefs to analyze ?

+1
oleole39 on Mar 1, 2023
Read more comments on GitHub
← hoppscotch: Cannot "Get schema" on GraphQL page
hyprgrass: Unable to get gestures to work →