MozillaWiki

Thunderbird:Autoconfiguration:ConfigFileFormat: Difference between revisions

Page Discussion

Thunderbird:Autoconfiguration:ConfigFileFormat (view source)

Revision as of 18:18, 18 April 2023

2,215 bytes added ,  18 April 2023
spelling
(→‎OAuth2: <oAuth2>)
(spelling)
 
(14 intermediate revisions by 2 users not shown)
Line 1: Line 1:
Author: [[User:BenB|Ben Bucksch]]. Please do not change this doc without checking with the author.
Author: [[User:BenB|Ben Bucksch]]. Please do not change this doc without checking with the author.


This page is the authorative specification of the config file that the Mozilla ISPDB and config services at ISPs return.
This page is the authoritative specification of the config file that the Mozilla ISPDB and config services at ISPs return.


It is XML, with a clearly defined format, to be stable and usable by other mail clients, too. Update Aug 2010: In fact, [http://projects.gnome.org/evolution/ Evolution] and [http://userbase.kde.org/KMail KMail] and [http://www.kontact.org Kontact] now use it, too.
It is XML, with a clearly defined format, to be stable and usable by other mail clients, too. Update Aug 2010: In fact, [http://projects.gnome.org/evolution/ Evolution] and [http://userbase.kde.org/KMail KMail] and [http://www.kontact.org Kontact] now use it, too.
Line 22: Line 22:
       <displayShortName>GMail</displayShortName>
       <displayShortName>GMail</displayShortName>


      <!-- type=
          "imap": IMAP
          "pop3": POP3
          -->
       <incomingServer type="pop3">
       <incomingServer type="pop3">
         <hostname>pop.example.com</hostname>
         <hostname>pop.example.com</hostname>
         <port>995</port>
         <port>995</port>
        <socketType>SSL</socketType>
           <!-- "plain": no encryption
           <!-- "plain": no encryption
                 "SSL": SSL 3 or TLS 1 on SSL-specific port
                 "SSL": SSL 3 or TLS 1 on SSL-specific port
                 "STARTTLS": on normal plain port and mandatory upgrade to TLS via STARTTLS
                 "STARTTLS": on normal plain port and mandatory upgrade to TLS via STARTTLS
                 -->
                 -->
        <socketType>SSL</socketType>
         <username>%EMAILLOCALPART%</username>
         <username>%EMAILLOCALPART%</username>
             <!-- "password-cleartext",
             <!-- Authentication methods:
                "plain" (deprecated):
                "password-cleartext",
                           Send password in the clear
                           Send password in the clear
                           (dangerous, if SSL isn't used either).
                           (dangerous, if SSL isn't used either).
                           AUTH PLAIN, LOGIN or protocol-native login.
                           AUTH PLAIN, LOGIN or protocol-native login.
                 "password-encrypted",
                 "password-encrypted",
                "secure" (deprecated):
                           A secure encrypted password mechanism.
                           A secure encrypted password mechanism.
                           Can be CRAM-MD5 or DIGEST-MD5. Not NTLM.
                           Can be CRAM-MD5 or DIGEST-MD5. Not NTLM.
Line 55: Line 58:
                 "none":
                 "none":
                           No authentication
                           No authentication
                  Compatibility note: Thunderbird 3.0 accepts only "plain" and "secure". It will ignore the whole XML file, if other values are given. -->
                -->
         <authentication>password-cleartext</authentication>
         <authentication>password-cleartext</authentication>
         <pop3>
         <pop3>
Line 71: Line 74:
         <hostname>smtp.googlemail.com</hostname>
         <hostname>smtp.googlemail.com</hostname>
         <port>587</port>
         <port>587</port>
         <socketType>STARTTLS</socketType> <!-- see above -->
         <socketType>STARTTLS</socketType> <!-- see <incomingServer> -->
         <username>%EMAILLOCALPART%</username> <!-- if smtp-auth -->
         <username>%EMAILLOCALPART%</username> <!-- if smtp-auth -->
             <!-- smtp-auth (RFC 2554, 4954) or other auth mechanism.
             <!-- smtp-auth (RFC 2554, 4954) or other auth mechanism.
Line 105: Line 108:
         <password>optional: the user's password</password>
         <password>optional: the user's password</password>
       </outgoingServer>
       </outgoingServer>
      <identity>
        <!-- needed? -->
        <!-- We don't want Verizon setting "Organization: Verizon"
              for its customers -->
      </identity>
      <!-- see description. Not yet supported, see bug 564043. -->
      <inputField key="USERNAME" label="Screen name"></inputField>
      <inputField key="GRANDMA" label="Grandma">Elise Bauer</inputField>


       <!-- Add this only when users (who already have an account) have to
       <!-- Add this only when users (who already have an account) have to
Line 122: Line 115:
           Not yet implemented, see bug 586364. -->
           Not yet implemented, see bug 586364. -->
       <enable
       <enable
          visiturl="https://mail.google.com/mail/?ui=2&amp;shva=1#settings/fwdandpop">
        visiturl="https://mail.google.com/mail/?ui=2&amp;shva=1#settings/fwdandpop">
          <instruction>Check 'Enable IMAP and POP' in Google settings page</instruction>
        <instruction>Check 'Enable IMAP and POP' in Google settings page</instruction>
          <instruction lang="de">Schalten Sie 'IMAP und POP aktivieren' auf der Google Einstellungs-Seite an</instruction>
        <instruction lang="de">Schalten Sie 'IMAP und POP aktivieren' auf der Google Einstellungs-Seite an</instruction>
       </enable>
       </enable>


Line 143: Line 136:


     </emailProvider>
     </emailProvider>
    <!-- Syncronize the user's address book / contacts. Not implemented. Thunderbird uses RFC 6764 to do auto discovery. -->
    <!-- TODO: delete this section!! -->
    <addressBook type="carddav">
      <username>%EMAILADDRESS%</username>
        <!-- Authentication methods. See also <incomingServer>.
              "http-basic":
                        Authenticate to the HTTP server using
                        WWW-Authenticate: Basic
              "http-digest":
                        Authenticate to the HTTP server using
                        WWW-Authenticate: Digest
              "OAuth2":
                        OAuth2. Uses the same token as for email.
              -->
      <authentication>http-basic</authentication>
      <serverURL>https://contacts.example.com/remote.php/dav<serverURL>
    </addressBook>
    <!-- Syncronize the user's calendar. Not implemented. Thunderbird uses RFC 6764 to do auto discovery. -->
    <!-- TODO: delete this section!! -->
    <calendar type="caldav">
      <username>%EMAILADDRESS%</username>
      <authentication>http-basic</authentication> <!-- see <addressBook> -->
      <serverURL>https://calendar.example.com/remote.php/dav<serverURL>
    </calendar>
    <!-- Upload files, allowing the user to share them. Not implemented.
        This can be used for Thunderbird's FileLink feature,
        or to set up a file sync folder on the user's desktop. -->
    <!-- TODO: delete this section!! Obsoleted by RFC 6764. -->
    <fileShare type="webdav">
      <username>%EMAILADDRESS%</username>
      <authentication>http-basic</authentication> <!-- see <addressBook> -->
      <serverURL>https://share.example.com/remote.php/dav<serverURL>
    </fileShare>


     <!-- This allows to access the webmail service of the provider.
     <!-- This allows to access the webmail service of the provider.
Line 185: Line 214:
       </loginPageInfo>
       </loginPageInfo>
     </webMail>
     </webMail>
    <!-- see description. Not yet supported, see bug 564043. -->
    <inputField key="USERNAME" label="Screen name"></inputField>
    <inputField key="GRANDMA" label="Grandma">Elise Bauer</inputField>


     <clientConfigUpdate url="https://www.example.com/config/mozilla.xml" />
     <clientConfigUpdate url="https://www.example.com/config/mozilla.xml" />
Line 238: Line 271:
A server using OAuth2 auth looks this:
A server using OAuth2 auth looks this:
<pre>
<pre>
  ...
     <incomingServer type="imap">
     <incomingServer type="imap">
       <hostname>imap.gmail.com</hostname>
       <hostname>imap.gmail.com</hostname>
Line 245: Line 279:
       <authentication>OAuth2</authentication>
       <authentication>OAuth2</authentication>
       <authentication>password-cleartext</authentication>
       <authentication>password-cleartext</authentication>
      <oAuth2>
        <issuer>login.yahoo.com<issuer>
        <scope>mail-w<scope>
        <authURL>https://api.login.yahoo.com/oauth2/request_auth</authURL>
        <tokenURL>https://api.login.yahoo.com/oauth2/get_token</tokenURL>
      <oAuth2>
     </incomingServer>
     </incomingServer>
  </emailProvider>
  <oAuth2>
    <issuer>login.yahoo.com</issuer>
    <scope>mail-w</scope>
    <authURL>https://api.login.yahoo.com/oauth2/request_auth</authURL>
    <tokenURL>https://api.login.yahoo.com/oauth2/get_token</tokenURL>
  </oAuth2>
</pre>
</pre>


Line 257: Line 293:


Note that there are two `<authentication>` elements. This allows a fallback, in case a client does not support OAuth2 or does not have a client key for this OAuth2 issuer and therefore cannot authenticate with this issuer.
Note that there are two `<authentication>` elements. This allows a fallback, in case a client does not support OAuth2 or does not have a client key for this OAuth2 issuer and therefore cannot authenticate with this issuer.
Scope: If we set up email, address book, calendar, and webdav, we do *not* want the user go have to go through 4 authentication processes. Yet, a provider might use different scopes for email and calendar, and that is in line with the OAuth2 spec. The solution is to combine several scopes, using [https://tools.ietf.org/html/rfc6749#section-3.3 spaces as separator], in a single auth request. [https://stackoverflow.com/questions/8449544/multiple-scope-values-to-oauth2/51437063#51437063 The order is important]. That's why we deliberately do not make the scope specific to a service or server, but to the entire configuration. We don't want the user to have to authenticate several times in a row. This is a requirement from the end user.


= TODO =
= TODO =
Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1232888...1246173"