Incoming server error for Yahoo Mail on more than one device

[tommyt]

Woke up this morning to see this red highlighted error message on at least two devices for one particular Yahoo Mail account: "Incoming server login error: Please grant the permission to access email in the account".
On the same devices I have one other Yahoo derivative account for the sbcglobal.net domain that is having no issue. Other devices (Amazon tablet using its native email client) are able to access the Yahoo account with no problem.
Do I need to go through all my devices with AquaMail (the older AquaMail "Pro" product) and re-establish or reconfigure that account? Strange if so.

Additional: This is using my home Wi-Fi network in all cases mentioned. The version of the AquaMail app is 1.55.2. I made no updates to the AquaMail app that coincide with the error message appearing. On one Android device I updated the Gboard app and the Speech Recognition app.

Even more: It looks like for some reason, for just the yahoo.com domain account, going Settings>Manage Accounts>choose the account>Account setup, then another selection takes you outside the AquaMail app online to Yahoo Mail where you can Agree to let the AM app have access to the Yahoo account. There are two areas of Agreeing (Profile and Yahoo Maill), but agreeing to one appears to Agree to all. This has allowed AM to resume retrieving my messages from Yahoo. I just wonder why this happened the way it did. It'd be nice to be able to simply go to Yahoo Mail on the web and grant any needed permissions to a given app brand client, and it would apply globally. We'll see how this holds up over time.
Situation appears to be resolved for now.

I had this same version of the AM app on five different smartphones. All exhibited the same login error, and responded to the new granting of permissions described earlier. There must be a periodic qualification required by Yahoo for certain third party apps to verify this permission. There was no heads up for it, however.

[Martin - Aqua Mail Support]

Hello tommyt.

What happened is tied to Yahoo’s OAuth (authentication) system and how it manages app permissions for third-party email clients like Aqua Mail.

Yahoo periodically expires or revokes “tokens” that apps use to access accounts through secure sign-in (OAuth). These tokens are time-limited for security reasons, especially if:

1. Yahoo updates its authentication or privacy policies,
2. The app hasn’t refreshed the token recently,
3. There’s a change in the device’s system components (like Play Services, keyboard, or security modules), or Yahoo runs a security audit or account integrity check.

When that happens, Aqua Mail can no longer authenticate automatically, and Yahoo requires you to re-authorize the connection, which is why you were redirected to Yahoo’s login page to “grant permission to access email.” Once you re-approved it, a new token was issued, and Aqua Mail resumed normal operation.

This kind of re-authorization doesn’t affect all Yahoo-related domains (like sbcglobal.net or att.net) at the same time, because those use slightly different authentication endpoints. It also explains why other apps (like the native Amazon mail client) weren’t affected, they use their own tokens or a different connection type.

There’s no problem on your side or in Aqua Mail itself, this is expected behavior when Yahoo rotates or expires OAuth credentials. Unfortunately, Yahoo doesn’t send alerts about these events, so users only notice when access is interrupted.

Re-authorizing in Aqua Mail is the correct and only needed step. Once renewed, your connection should remain stable until Yahoo enforces the next token refresh, which may be months or even years down the line.