migrate Office365 accounts to OAuth2 authentication (password only, Less secure apps will not work starting Oct 1, 2022)
Categories
(Thunderbird :: General, task, P1)
Tracking
(thunderbird_esr91 wontfix, thunderbird_esr102+ affected, thunderbird107 affected)
People
(Reporter: wsmwk, Assigned: leftmostcat)
References
(Depends on 1 open bug)
Details
(Whiteboard: [TM:102.5.1])
Attachments
(1 file)
(deleted),
text/x-phabricator-request
|
Details |
+++ This bug was initially created as a clone of Bug #1757713 +++
Add a migration that goes through imap/pop3/smtp accounts and, if Office365, migrate them to using OAuth2 instead of "password". Bug 1757713 did similar things for Google.
We should want to do this quickly, as the longer it takes to ship, the more users are broken, complaning, and posting support requests.
Reporter | ||
Comment 1•2 years ago
|
||
Do we have multiple domains to consider?
Bug 1757713 comment 18 mentioned one - "I have 2 gmail accounts from which one worked, the other did not. The older account used pop.googlemail.com which is still a valid and working domain. You should extend the migration to support this old domain, too (and perhaps automatically migrate from googlemail.com to gmail.com)."
Reporter | ||
Updated•2 years ago
|
Assignee | ||
Comment 2•2 years ago
|
||
I'm a little unsure how we deal with this. Microsoft's OAuth2 setup leaves us in a really bad way; all MS email addresses end up using the same domain as far as I can tell, but do not have the same level of service. With the configuration we have in 102.x, we can't support personal email addresses. Bug 1685414 fixes that, but it might leave some people using organizational/Active Directory emails in the cold because their administrators need to specifically approve the application. The only way I can see that we can keep from messing things up for people is to only migrate AD accounts, but I don't know of any hard and fast rules that will let us tell the difference.
Comment 3•2 years ago
|
||
Should be possible to check the identity emails as well, and if it's outlook.office365.com but @hotmail.com, @outlook.com, @msn.com etc, then don't migrate at this point. See getIdentitiesForServer
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 4•2 years ago
|
||
Updated•2 years ago
|
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/c42da0c84049
migrate Microsoft email accounts to OAuth2. r=mkmelin
Reporter | ||
Updated•2 years ago
|
Reporter | ||
Comment 6•2 years ago
|
||
We won't be building shipping 102.5.1 until ~2 weeks from now, which got me thinking...
If Rob is willing, do we want a 102 candidate build#1 with the patch so enterprises and others who want can try it? We could messasge to the enterprise list and planning.
FWIW I have roughly a dozen active TB users in my personal address book who are on at least one of those lists, who could potentially test.
Comment 7•2 years ago
|
||
Per Wayne via Matrix: there may still be issues. we don't want to build with that patch
Reporter | ||
Updated•2 years ago
|
Updated•2 years ago
|
Description
•