Bug Report: safeStorage encryption unavailable on Wayland (Niri compositor) – OAuth account setup fails

Environment
∙ OS: CachyOS (Arch-based)
∙ Compositor: Niri (Wayland)
∙ Mailspring version: 1.17.3-6978bdc7
∙ Installation method: pacman
∙ Display server: Wayland (XDG_SESSION_TYPE=wayland)
∙ DBUS_SESSION_BUS_ADDRESS: unix:path=/run/user/1000/bus<!-- You’re reporting a bug in Mailspring.

• Please first check for existing discussions about this issue.
• Complete the template below.
• Remember that fixing bugs isn’t as easy as it looks!
  Read https://community.getmailspring.com/t/about-the-bug-reports-category
  →

Description

When attempting to add a Microsoft Outlook account via OAuth, Mailspring completes the OAuth flow in the browser (redirects to Mailspring) but fails to store the resulting token. The account is never added.
Root cause (from logs)
Electron’s safeStorage.encryptString is unavailable, preventing any token or password from being stored:Error: Error while encrypting the text provided to safeStorage.encryptString.
Encryption is not available.
Additionally: Mailspring encountered an error reading passwords from the keychain.
Error: Could not load libtidy.

To Reproduce…

Steps to reproduce the behavior:

1. Install Mailspring on CachyOS with Niri as Wayland compositor

2. Launch Mailspring

3. Attempt to add a Microsoft Outlook account via OAuth

4. Complete Microsoft login in browser – browser lands on Mailspring
   

5. Mailspring shows “Account not created” – account never appears

Attempted workarounds (all unsuccessful)
∙ mailspring --password-store=“gnome-libsecret” – safeStorage error persists
∙ mailspring --password-store=“basic” – safeStorage error persists
∙ echo “” | gnome-keyring-daemon --unlock before launch – no effect
∙ ELECTRON_OZONE_PLATFORM_HINT=wayland mailspring --no-sandbox --password-store=“gnome-libsecret” – no effect
∙ Verified org.freedesktop.Secret.Service is available and responding on D-Bus
∙ Verified xdg-mime handler for mailspring:// is correctly registered
∙ gnome-keyring-daemon is running with --components=pkcs11,secrets

Expected Behavior

After completing OAuth in the browser, the token should be stored securely and the account should be added successfully. Actual behavior:
safeStorage reports encryption as unavailable regardless of --password-store flag, causing all account setup to fail silently after OAuth completion.Additional notes:
libtidy is missing (libtidy.so not found). While likely unrelated to the OAuth issue, it should be noted.

Screenshots

Setup

• OS and Version:
  • Installation Method:
• Mailspring Version:

Additional Context

Hey there – This is a known issue with Electron apps on Wayland compositors where the keyring service isn’t fully configured. You can try launching Mailspring with the --password-store=gnome-libsecret flag after ensuring gnome-keyring and libsecret are installed and the daemon is running:

sudo pacman -S gnome-keyring libsecret
eval $(gnome-keyring-daemon --start --components=secrets)
export GNOME_KEYRING_CONTROL
mailspring --password-store=gnome-libsecret

If that doesn’t work, mailspring --password-store=basic will use a weaker encryption method but should get past the error. To make the flag permanent, edit the .desktop file to add the flag to the Exec line. Mailspring 1.19.1 also includes Wayland session detection improvements that may help — please update and let me know!

Pls see attempted workarounds