This is silly, but Google OAuth2 fails at the last step (after clicking "Allow") if a local web server is running (on localhost I guess). Workaround is to stop the web server during the OAuth2 process -- you can then restart it just fine.

I got bitten by this with several Google calendars I use for work, for which I guess the OAuth2 token expired recently. Subsequently I got spammed with authentication requests, and my calendars stop working properly.

The OAuth2 flow only showed the final "Allow" part, but clicking on it redirected my to my company's homepage. This added to the confusion, because the Google account I use uses my company's email, so my first guess was that the OAuth2 flow incorrectly assumed it had to finish on the email domain's website (or using some missing DNS records from it). But actually it was just my local webserver performing the redirection, but as I had set it up recently to work on my company's website, it was quite confusing -- especially as it redirected to the actuel website, for which I had a temporary local DNS entry when I worked on it last month.
I ended up messing up with TB cookies, vainly trying to finish the OAuth2 flow using cURL (I didn't document myself on the flow, and was pessimistic I could do so without a proper OAuth2 client anyway -- but I had a set of query parameters on the incorrect redirection so I guessed that just maybe if the query was made to the right place it might give me the One cookie I needed), and even trying to re-add some calendars, but nothing helped -- obviously.

Anyway, I have no clue why TB does this, but I luckily finally found this QA post when I was about to ask it out of sheer despair -- not sure why I didn't find if before, maybe my queries were a bit too specific and this one didn't show up.

Ça a l'air d'une opération toute bête, mais utiliser Icedove comme client de flux Atom/RSS en provenance de sites HTTPS non vérifiés par une autorité installée est très subtil. Simplement essayer d'ajouter le flux ne va pas marcher avec le très subtil et mensonger message d'erreur « L'adresse de flux est introuvable ».

L'utilisateur naïf va tenter d'importer le certificat dans les préférences après avoir vérifié trois fois que son adresse est correcte, mais c'est sans compter que comme Firefox, il n'utilise que le CN pour les exceptions manuelles [1].

Donc, pour ajouter une exception qui marche, on va procéder en deux étapes :

1. Ajouter l'exception dans Firefox pour qu'il l'ajoute dans son cert_override.txt
2. Copier l'entrée générée par Firefox dans le fichier du même nom dans la conf de Icedove.

Vraiment subtil mais ça marche.

[1] Ou même que ça ne marche pas du tout, je ne suis pas sûr puisque ça n'a pas ajouté d'entrées dans le fichier d'exceptions. Enfin bref.