I noticed that, when having two accounts configured on Thunderbird, both of them using the same Oauth2 provider, when the token used for one account is invalidated, you don't get a prompt to log in again. I have the feeling it is trying to use the token configured for the other account.
I configured Thunderbird with just one oauth2 account from my own IdP (I have built Thunderbird and added my own oauth2 provider, based on Keycloak. It works really well. ). I revoke the token, and then I get a prompt to log in again.
However, when I add another account from the same provider, it seems that Thunderbird no longer prompts me to authenticate again. It simply says that "Authentication failed" with the account which had its token revoked. My feeling is that, while Thunderbird does handle two tokens from the same provider, it doesn't seem to do a proper segregation of the accounts when authentication fails, not prompting the user to renew the token.
Independently of this bug, it would be nice to be able to force reauthentication. For example, when a token is invalid and I'm trying to send a mail, it asks me if I want to reenter password, instead of opening an oauth2 session for another login. I don't know if this was related to having two configured accounts with the same provider, though.
Hi,
I noticed that, when having two accounts configured on Thunderbird, both of them using the same Oauth2 provider, when the token used for one account is invalidated, you don't get a prompt to log in again. I have the feeling it is trying to use the token configured for the other account.
I configured Thunderbird with just one oauth2 account from my own IdP (I have built Thunderbird and added my own oauth2 provider, based on Keycloak. It works really well. ). I revoke the token, and then I get a prompt to log in again.
However, when I add another account from the same provider, it seems that Thunderbird no longer prompts me to authenticate again. It simply says that "Authentication failed" with the account which had its token revoked. My feeling is that, while Thunderbird does handle two tokens from the same provider, it doesn't seem to do a proper segregation of the accounts when authentication fails, not prompting the user to renew the token.
Independently of this bug, it would be nice to be able to force reauthentication. For example, when a token is invalid and I'm trying to send a mail, it asks me if I want to reenter password, instead of opening an oauth2 session for another login. I don't know if this was related to having two configured accounts with the same provider, though.