Confirmed users
596
edits
Thunderbird:Autoconfiguration:ConfigFileFormat: Difference between revisions
Thunderbird:Autoconfiguration:ConfigFileFormat (view source)
Revision as of 12:13, 29 June 2024
, 29 June 2024Revert unauthorized changes my mkmelin. This has become a generic Internet standard implemented by at least 10 different email programs, and it's no longer specific to Thunderbird.
(→OAuth2: remove <oAuth2> element that is not supported, and no plans to support either) |
(Revert unauthorized changes my mkmelin. This has become a generic Internet standard implemented by at least 10 different email programs, and it's no longer specific to Thunderbird.) |
||
| Line 1: | Line 1: | ||
Author: [[User:BenB|Ben Bucksch]]. Please do not change this doc without checking with the author. | Author: [[User:BenB|Ben Bucksch]]. Please do not change this doc without checking with the author. | ||
This page is the | This page is the authorative specification of the config file that the Mozilla ISPDB and config services at ISPs return. | ||
It is XML, with a clearly defined format, to be stable and usable by other mail clients, too. Update Aug 2010: In fact, [http://projects.gnome.org/evolution/ Evolution] and [http://userbase.kde.org/KMail KMail] and [http://www.kontact.org Kontact] now use it, too. | It is XML, with a clearly defined format, to be stable and usable by other mail clients, too. Update Aug 2010: In fact, [http://projects.gnome.org/evolution/ Evolution] and [http://userbase.kde.org/KMail KMail] and [http://www.kontact.org Kontact] now use it, too. | ||
| Line 137: | Line 137: | ||
</emailProvider> | </emailProvider> | ||
<!-- | <!-- Syncronize the user's address book / contacts. Not yet implemented. --> | ||
<addressBook type="carddav"> | |||
<username>%EMAILADDRESS%</username> | |||
<!-- Authentication methods. See also <incomingServer>. | |||
"http-basic": | |||
Authenticate to the HTTP server using | |||
WWW-Authenticate: Basic | |||
"http-digest": | |||
Authenticate to the HTTP server using | |||
WWW-Authenticate: Digest | |||
"OAuth2": | |||
OAuth2. Uses the same token as for email. | |||
--> | |||
<authentication>http-basic</authentication> | |||
<serverURL>https://contacts.example.com/remote.php/dav<serverURL> | |||
</addressBook> | |||
<!-- Syncronize the user's calendar. Not yet implemented. --> | |||
<calendar type="caldav"> | |||
<username>%EMAILADDRESS%</username> | |||
<authentication>http-basic</authentication> <!-- see <addressBook> --> | |||
<serverURL>https://calendar.example.com/remote.php/dav<serverURL> | |||
</calendar> | |||
<!-- Upload files, allowing the user to share them. Not yet implemented. | |||
This can be used for Thunderbird's FileLink feature, | |||
or to set up a file sync folder on the user's desktop. --> | |||
<fileShare type="webdav"> | |||
<username>%EMAILADDRESS%</username> | |||
<authentication>http-basic</authentication> <!-- see <addressBook> --> | |||
<serverURL>https://share.example.com/remote.php/dav<serverURL> | |||
</fileShare> | |||
<!-- This allows to access the webmail service of the provider. | <!-- This allows to access the webmail service of the provider. | ||
| Line 233: | Line 264: | ||
= OAuth2 = | = OAuth2 = | ||
Due to a | Due to a defficiency in the OAuth2 spec, the client is usually required to send a client credential key, which in turn requires the client to be registered and approved by the email provider. Unfortunately, this not only allows email providers to block specific email clients (which is contrary to the idea of Open-Source), but also makes it impossible to support arbitrary OAuth2 servers. That's why Thunderbird is forced to hardcode the servers that it supports and the respecive client keys. That means that you cannot use OAuth2 for your own server. Only the servers listed on [https://searchfox.org/comm-central/source/mailnews/base/src/OAuth2Providers.jsm OAuth2Providers.jsm] will work. | ||
A server using OAuth2 auth looks this: | A server using OAuth2 auth looks this: | ||
| Line 247: | Line 278: | ||
</incomingServer> | </incomingServer> | ||
</emailProvider> | </emailProvider> | ||
<oAuth2> | |||
<issuer>login.yahoo.com</issuer> | |||
<scope>mail-w</scope> | |||
<authURL>https://api.login.yahoo.com/oauth2/request_auth</authURL> | |||
<tokenURL>https://api.login.yahoo.com/oauth2/get_token</tokenURL> | |||
</oAuth2> | |||
</pre> | </pre> | ||
Note that the `<oAuth2>` contents are not yet supported by Thunderbird. They are planned to be supported later, removing the need to hardcode these parameters. As of today, `<authentication>OAuth2</authentication>` is supported. | |||
Note that there are two `<authentication>` elements. This allows a fallback, in case a client does not support OAuth2 or does not have a client key for this OAuth2 issuer and therefore cannot authenticate with this issuer. | Note that there are two `<authentication>` elements. This allows a fallback, in case a client does not support OAuth2 or does not have a client key for this OAuth2 issuer and therefore cannot authenticate with this issuer. | ||
Scope: If we set up email, address book, calendar, and webdav, we do *not* want the user go have to go through 4 authentication processes. Yet, a provider might use different scopes for email and calendar, and that is in line with the OAuth2 spec. The solution is to combine several scopes, using [https://tools.ietf.org/html/rfc6749#section-3.3 spaces as separator], in a single auth request. [https://stackoverflow.com/questions/8449544/multiple-scope-values-to-oauth2/51437063#51437063 The order is important]. That's why we deliberately do not make the scope specific to a service or server, but to the entire configuration. We don't want the user to have to authenticate several times in a row. This is a requirement from the end user. | |||
= TODO = | = TODO = | ||