Purpose of authentications option home manager

AliSot2000 · April 12, 2026, 10:45pm

Hello everyone!

So I’ve been trying to setup Thunderbird with home manager. You can guess the quality of the documentation if I say “I’ve been working on this for the past two days”.

In any case, thanks to LLMs, I’ve been able to work around the strong limitations of home manager in this case. (Databases and Profiles, … both didn’t give strong answers was to what option does, when it is necessary and in conjunction with what it needs to be provided.)

In any case, I managed to work around the problem. The thing I needed to achieve was to set the Authentication Method to OAuth2 by adding:

accounts.email.accounts."outlook-account".thunderbird.settings = id : {
    "mail.server.server_${id}.authMethod" = 10;  
    "mail.smtpserver.smtp_${id}.authMethod" = 10; 
};

The option accounts.email.accounts.<name>.imap.authentication confused me. It supports OAuth2 with xoauth2 - I’m assuming x is coming from xorg and some tooling there performing the OAuth flow. But setting it, does not map to Thunderbird. Thunderbird stays at Plain Password.

And this is as far as my rough googling got me. This post is meant as two things:
a) Information if someone encounters the same issue.
b) If you know more about it.

→ Is this just an unfinished feature and Thunderbird support will follow?
→ Is this a remnant of another feature that got removed because it is e.g. deprecated?
→ Does this belong to other email scope application just not Thunderbird?

The description that’s available is sparse to say the least:

Description

The authentication mechanism.

Type

null or string or one of “anonymous”, “apop”, “clear”, “cram_md5”, “digest_md5”, “gssapi”, “login”, “ntlm”, “plain”, “xoauth2”

Yeah, if anyone can shine a light on this issue that’d be awesome. Otherwise I found a workaround. Not pretty but works.

Best

AS2k

magicquark · April 12, 2026, 11:51pm

The accounts.email.accounts.<name>.imap.authenticationoption was added in August 2025 in this PR:

github.com/nix-community/home-manager

accounts.email: add 'davmail' flavor

master ← bmrips:davmail-account-flavor

opened 11:17AM - 04 Aug 25 UTC

bmrips

+45 -4

### Description Add `davmail` as an email account flavor. In order to do so, I …needed to add an option to configure IMAP's and SMTP's authentication mechanism. ### Checklist - [x] Change is backwards compatible. - [x] Code formatted with `nix fmt` or `nix-shell -p treefmt nixfmt deadnix keep-sorted --run treefmt`. - [x] Code tested through `nix-shell --pure tests -A run.all` or `nix build --reference-lock-file flake.lock ./tests#test-all` using Flakes. - [ ] Test cases updated/added. See [example](https://github.com/nix-community/home-manager/commit/f3fbb50b68df20da47f9b0def5607857fcc0d021#diff-b61a6d542f9036550ba9c401c80f00ef). - [x] Commit messages are formatted like ``` {component}: {description} {long description} ``` See [CONTRIBUTING](https://nix-community.github.io/home-manager/#sec-commit-style) for more information and [recent commit messages](https://github.com/nix-community/home-manager/commits/master) for examples. - If this PR adds a new module - [ ] Added myself as module maintainer. See [example](https://github.com/nix-community/home-manager/blob/a51598236f23c89e59ee77eb8e0614358b0e896c/modules/programs/lesspipe.nix#L11).

It was added specifically for davmail.

The thunderbird module was added in November 2022 and while it has had updates since then, it does not appear to have been updated to support this new option.

It might be worth opening an issue upstream to let the maintainers know, or you could submit a PR to update the documentation and/or incorporate it into the thunderbird module.

bmrips · April 13, 2026, 3:28pm

That sums it up perfectly. I added the authentication option because I needed it to support davmail. It is up to the mail clients to process this option and up until now, nobody added support for this option in Thunderbird.

AliSot2000 · April 13, 2026, 8:22pm

I hate to disappoint but I’m not that far yet with my nix journey. But yes, I will consider adding that once my system is finally fully configured and everything I need to work is working. Thunerbird seems to be wonky at the moment to say the least.

And I suspect the week I spent learning about home manager accounts, configs, Thunderbird, etc was in vane and I’m going to just add it as a program and not let home manager do anything. The big lesson learned for me was, anything outside plain password authentication with an account in Thunderbird (like anything that wants OAuth2 for example) just does not work. That’s sad to say the least but it is what it is.

I’ll annoy you guys on the forum, if I run into more issues

Best

AS2k

AliSot2000 · April 14, 2026, 1:02pm

I just found a new issue:

The .thunderbird/profiles.ini is a link pointing to home-manager-files. Additionally, home manger defaults to use StartWithLastProfile=1 and maybe I’m blind but I couldn’t find an option for that to change it.

Given that you need to have a default profile, it effectively locks you in to only use that profile and attempting to change the options in the ui or opening anything other than the default profile will result in Thunderbird crashing because it could not write to the profiles.ini file.

… I’m starting to suspect that Thunderbird is a poor candidate for home manager. LLM said home manager is a bootstrapping tool in the case for Thunderbird. While this is a good idea in theory, it fails if you have ro file linked in place by home manager that need to be written to.

… Just throwing this out here, if anyone also encounters this issue.