Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Please explain how to set up Thunderbird PKCE authentication for Yahoo IMAP

jcoles
Making moves

‎25-02-2026 12:55 PM

Thunderbird 148 introduces PKCE, a more secure auth protocol. This should not have been done without warning as I have now lost access to email. Where are the instructions on how to set up PKCE?

My email is Yahoo with IMAP protocol. I use OAuth2 authentication. I see no PKCE option in the security settings. 

0 Kudos
9 REPLIES 9

wsm
Thunderbird Team
Thunderbird Team

‎25-02-2026 01:37 PM

As https://support.mozilla.org/en-US/kb/thunderbird-and-yahoo indicates, login prompts should be expected because Oauth tokens are subject to expiration/renewal by the mail provider at any time. 

0 Kudos

jcoles
Making moves
In response to wsm

‎25-02-2026 01:46 PM

But it rejects my password!

I have changed mailnews.oauth.usePrivateBrowser to true as you suggested, but I'll have to try login again later. I'm currently locked out for 30 minutes.

Important rule: Updates must never break anything.

0 Kudos

wsm
Thunderbird Team
Thunderbird Team

‎25-02-2026 02:00 PM

> But it rejects my password!

Does your password still work for web access?

0 Kudos

jcoles
Making moves
In response to wsm

‎25-02-2026 02:40 PM

Web access to what? Webmail? Attempts to access Yahoo webmail take me to Rogers Member Centre which also rejects the password. This might be a Rogers issue. Temporary I hope. I'll have to leave this for tomorrow. Too complex and stressful. Perhaps I'll just restore the older, usable Thunderbird.

0 Kudos

wsm
Thunderbird Team
Thunderbird Team
In response to jcoles

‎25-02-2026 03:08 PM

Thanks for the info.  FYI I have closed comments in the other discussion thread.

If your password fails in webmail, then what hope is there for the password to be accepted through Thunderbird?

If the password is no longer good then you'll need to reset it.

0 Kudos

wsm
Thunderbird Team
Thunderbird Team
In response to wsm

‎26-02-2026 03:12 AM

Any luck?

0 Kudos

jcoles
Making moves
In response to wsm

‎26-02-2026 04:14 AM - edited ‎26-02-2026 04:15 AM

Yes. Resetting the Rogers password fixed the problem. Should I click "Accept as solution"? If so, where? No single posting contains the whole context.

Rogers member centre, which I rarely visit, has stopped recognizing my password before, and it's the member centre login that TB 148 was demanding in the popup window I showed you before. The password cannot really have been invalid as TB on my Android phone and TB 147 on my laptop never lost email access. 

Perhaps the password reset has done something in OAuth2, which Rogers/Yahoo imposed on us a few years ago. I understand it's a hidden additional password layer and I remember it was tricky to set up and get working. Technology grows ever more convoluted and opaque. Eventually only hackers will be able to use it.

0 Kudos

wsm
Thunderbird Team
Thunderbird Team

‎01-03-2026 10:03 PM

> Important rule: Updates must never break anything.

Some triggered Rogers to renew your authentication token - Oauth tokens are subject to expiration/renewal by the mail provider at any time. That it happened during an update suggests that maybe they will require it again - not likely anything Thunderbird can do about it.

0 Kudos

jcoles
Making moves
In response to wsm

‎02-03-2026 04:47 AM

Yes, it was a confusing coincidence. Rogers' password reset process, secured with a texted code, resolved the problem. 

0 Kudos
Copyright © 2026 Khoros, LLC