[Users] [Bug 4627] New: Passwords are shown incorrectly in Account preferences after OAuth2 setup

David Fletcher David at megapico.co.uk
Fri Sep 23 11:59:21 CEST 2022


>After OAuth2 setup for accounts all passwords started to show incorrectly.
>Lengths of the passwords became too big. It's also a problem to decode
>passwords from passwordstorerc and passwordstorerc.bak using old method for
>such accounts. Unsetting OAuth2 also don't help to recover passwords.

I think this is just the intended behaviour of OAuth2 being seen.

A user's password is no longer stored when using OAuth2 - that's why
it's seen as more secure since the password that would also unlock
other documents and services is not stored in the desktop software any
more. The password field is instead used to store the OAuth2 token,
which is of limited time validity and specific to just a mail login,
therefore of lower security value.

The OAuth2 token is usually much longer than the original password.
Decoding an OAuth2 token will not retrieve the original password.

The only way I can see this being a real bug is if the OAuth2 token is so
long that the password field cannot accommodate and store it correctly.
If that's happening it would require a fix to lengthen the maximum
string length that field could store.

Best regards, David.


More information about the Users mailing list