Using OAuth2 with Thunderbird and Gmail

To use Thunderbird to access your Gmail account, Google will tell you that you must allow “Insecure apps” in your Google security settings. However, since version 38, Thunderbird has supported Oauth2 with Gmail, so you don’t have to enable “Insecure apps”. Google just doesn’t tell you that.

Here I will show you how to change the authentication method on existing accounts from using a saved password, to using a key, namely Oauth2. It allows controlled access for an app, to a set of features that you allow. In this case it will be for just your emails, not your entire Google account like it does now.

Once you start the process, you won’t be able to use the email account within Thunderbird until you complete it.

Change settings to OAuth2

In Thunderbird, go to Account Settings in the menu. Under the Gmail account that you want to enable Oauth2 for, go to Server Settings. Select Oauth2 from the drop down menu next to Authentication method.

Set in account settings

Do the same for sending mail, by going to the Outgoing Server on the left side, selecting the Gmail account, and selecting Oauth2 from the drop down menu next to Authentication method.

Save the changes by hitting Ok.

Remove saved passwords

Now that we’ve made the changes, we need to removed the saved passwords. Otherwise Thunderbird may keep on trying to use the old passwords. Go to your saved passwords at Preferences > Security > Saved Passwords.

Set in account settings

Open this up and remove any entries related to this Gmail account for incoming and outgoing passwords. There should be two.


Next, restart Thunderbird.

Get the OAuth2

When Thunderbird starts back up, it will show you a prompt for your password. This is actually a web portal that is asking for your user name and password to log in, so you can grant access to Thunderbird.

Go ahead and log in.

Set in account settings

Once you have logged in, Google will ask for your permission to allow Thunderbird to access your emails.

Set in account settings

Click “Allow” (otherwise this will have all been for nothing…)

And you’re done! Doing this once will enable both the incoming and outgoing emails to work.

Turn off “Allow insecure apps”

If Thunderbird was the only application that was logging in with your password, you should be able to go into your Google account security settings and change “Allow Insecure Apps” to off.

If it’s not, there’s nothing to worry about, as in the event that any other app tries to use a password to login, you’ll get notified, and then you can decide to turn it back off or fix the setup for that app. (And logging in to Gmail with your password doesn’t count in this case. That will always be enabled).


That’s it. Now you have Thunderbird connecting to your Gmail with a key, and it can only access your email.