Yahoo oauth management

Question

Yahoo oauth management

Closed this issue 4 years ago · 9 comments

Ouack23 commented 4 years ago

Hello, I'm trying to get a functioning Yahoo mail address management in Thunderbird 78.5.0 (32 bits).

I have KPXC 2.6.2 and keepassxc-mail 0.1.4.

Yahoo is using Oauth2 with the following servers :

oauth://imap.mail.yahoo.com
oauth://smtp.mail.yahoo.com

I have in my keyring two entries for my Yahoo address :

Webmail :
- Login : yahoo email address
- URL : https://login.yahoo.com
- Password : account password
OAuth :
- Login : yahoo email address
- URL : oauth://imap.mail.yahoo.com
- Secondary URL (Browser integration panel) : oauth://smtp.mail.yahoo.com
- Password : the oauth token that I got from Thunderbird password manager after adding the mail account.

I removed the Oauth token from TB, but now the oauth entry from KPXC is not working at all and TB keeps redirecting me to the browser page for yahoo manual login (in order to re-add the oauth token to TB keyring).

Is it supposed to work ? If yes, do you know what have I been doing wrong ?
Thanks for reading and for your wonderful work :)

Answer 1 · 2020-11-18T19:36:20.000Z

I have to look into the details of how oauth works with imap and smtp servers in Thunderbird. Up to now I only tested oauth in combination with a calendar.

Answer 2 · 2021-03-01T22:27:00.000Z

Please try keepassxc-mail-0.1.6.2.zip. If it still does not work please have a look a the console (Ctrl + J) and see if you something with "got credential request:".

Answer 3 · 2021-03-07T12:42:49.000Z

Version 0.1.7 is released.

Answer 4 · 2021-03-10T10:14:24.000Z

Hi, sorry for the late reply...

I installed 0.1.7 today.

I edited my yahoo entry to include oauth://login.yahoo.com as secondary URL.
When I launch TB, I successfully get the "allow password access to my KPXC yahoo entry" window but when I click "Allow", I get a HTTP 400 (Bad Request) response.
What you send :

POST /oauth2/get_token HTTP/1.1
Host: api.login.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.1
Accept: */*
Accept-Language: fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Origin: null
Content-Length: xxxx
DNT: 1
Connection: keep-alive

Yahoo answer :

HTTP/1.1 400 Bad Request
Date: Wed, 10 Mar 2021 10:06:58 GMT
Cache-Control: no-store
Cache-Control: no-cache
Cache-Control: must-revalidate
Pragma: no-cache
Expires: 0
Content-Type: application/json
Content-Length: 93
Server: ATS
Age: 0
Connection: close
Strict-Transport-Security: max-age=15552000

Answer 5 · 2021-03-10T22:50:48.000Z

Interesting... it worked for me with gmail (I have no Yahoo account and do not want to give them my phone number).

To which of your entries did you add the oauth URL?

Answer 6 · 2021-03-11T10:54:40.000Z

I understand. Since I created my address a long time ago I never had to give my phone number but maybe now it is mandatory (such a shame ...)

I deleted the oauth token entry, so it was my main mail entry with :

login = email address
URL = https://login.yahoo.com
password = email password
Secondary URL = oauth://login.yahoo.com

I think the oauth URL is OK because I saw in the console :

got credential request: Object { login: "xxxxx@yahoo.fr", host: "oauth://login.yahoo.com" }

Are you compliant with https://developer.yahoo.com/oauth2/guide/flows_authcode/#step-4-exchange-authorization-code-for-access-token ? Are previous steps required ?

Answer 7 · 2021-03-11T11:35:37.000Z

Ah.. this explains it. You need to use the oauth token entry. I do not do the actual oauth procedure - this is done by Thunderbird.

Answer 8 · 2021-03-11T11:41:00.000Z

Wow OK now it works !
So, I guess we should document it somewhere ? Do you want me to write something ?

Answer 9 · 2021-03-11T22:35:06.000Z

Would be great if you would write something. Maybe we should start filling the wiki.