Mozilla Connect

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

If you remove the token you will be going through the entire oauth authorisation process on every start.  Your provider will have remembered the authorisation,  But Thunderbird will not have.  I really do not see much advantage in forcing yourself to go through multiple pages of authorisations for each start and each account.

However, you can use a batch file to simply delete all the stored passwords files on exit each time to try out how much fun it is.  Delete if they exist logins.json, key3.db, key4.db and  signons.sqlite  Some of those files are obsolete but may well still be present.

For security ofcourse.

If you can login somewhere, you should also be able to logout. As Thunderbird does not have a logout option, removing the token is the next best thing.

And of course I can write a script for that, but I shouldn't have to. For basic authentication, Thunderbird does not remember my login credentials and does not log me in automatically. I want the same for OAuth authentication.

And I don't mind authenticating every time. That is exactly what I want. It's a small price to pay for added security.

I agree with @DonGaz that for certain important email accounts, forcing a login when starting Thunderbird is desirable. If someone has brief access to my laptop it's too easy to request a password reset for some website, fire up Thunderbird and and receive the password reset link.

Following @MattAuSupport's suggestion I created a batch file Thunderbird.cmd and started it with a desktop icon with the command below avoiding the black cmd.exe window.

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "start Thunderbird.cmd -WindowStyle Hidden"

The Thunderbird.cmd file contains this:

@echo off
rem We don't save new logins in thunderbird so we copy a good saved logins file
rem over the current one and a good cookies database file over the current one

set tbpdir=C:\Users\MyUser\AppData\Roaming\Thunderbird\Profiles\xyz12345.default-release
set loginsf=%tbpdir%\logins.json
set loginsfg=%tbpdir%\logins_good.json
set cookiedb=%tbpdir%\cookies.sqlite
set cookiedbg=%tbpdir%\cookies_good.sqlite
set tbexe=%ProgramFiles(x86)%\Mozilla Thunderbird\thunderbird.exe

cd /D %tbpdir%
copy /Y %loginsfg% %loginsf% > NUL
copy /Y %cookiedbg% %cookiedb% > NUL
start "" /WAIT "%tbexe%"
timeout /T 3 /NOBREAK
copy /Y %loginsfg% %loginsf% > NUL
copy /Y %cookiedbg% %cookiedb% > NUL

To use this you must set variable tbpdir  to your own thunderbird profile directory. Also in the thunderbird GUI delete saved passwords and cookies until you are getting prompted to login to the account in question when starting thunderbird. Do not login and quit thunderbird. Copy logins.json to logins_good.json and copy cookies.sqlite to cookies_good.sqlite.

This way everytime you start thunderbird your saved passwords are in the same good state where the critical email account you use to receive password reset links is the only one requiring a login.