I went to get my email yesterday using SeaMonkey Mail over IMAP.
Google logged me out of OAuth and then SeaMonkey said it failed to fetch my mail.
So I tried to log back in and it said I had an “insecure app” and to try again with another “app”.
After playing around with the User Agent again, I noticed that Firefox 106’s would work, but since Mozilla releases Firefox versions every 6 weeks, and Google is obviously making it impossible to continue logging in using the older version after another week or so, I decided to play around with User Agents until I found something that worked.
It turns out Firefox 102’s user agent doesn’t work for OAuth even though it’s an ESR.
So I decided to fake a Thunderbird “102.12” on “Windows 10” UA.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0
I don’t know if Google logs you out and pops up an “insecure app” alert over minor revisions to Thunderbird, but it’s likely. The current release is actually 102.4 according to the Web site. This 102.12 bogus UA would therefore probably buy me about 8-9 months before I have to come back and bump it again.
You can use this value for these “new string”s in about:config
general.useragent.override.google.com
and
general.useragent.override.google.com
And that should be the last you hear about Google for a while.
You will obviously have to come back and bump it again sometime next year.
My guess is that when the next major version is out, use that followed by “.12.0 at the end of the Thunderbird part at the end, but not on the Gecko version.
OAuth is turning into a major usability disaster and there’s not any guarantee that simple UA hacks will keep SeaMonkey working. Google could actually resort to testing browser features that it knows are only in the latest “supported” applications. ⬆