horde · ralflang · May 20, 2026 · Mar 9, 2026
diff --git a/lib/Factory/Transport.php b/lib/Factory/Transport.php
@@ -51,7 +51,10 @@ public function create(array $transport)
             $auth = [];
         }
 
-        if (!isset($auth['password'])) {
+        $hasXoauth2 = isset($auth['xoauth2_token']) && 
+                      $auth['xoauth2_token'] instanceof \Horde\ManageSieve\Password\Xoauth2;
+
+        if (!$hasXoauth2 && !isset($auth['password'])) {
             $auth['password'] = $registry->getAuthCredential('password');
         }
         if (!isset($auth['username'])) {

diff --git a/lib/Transport/Timsieved.php b/lib/Transport/Timsieved.php
@@ -74,18 +74,39 @@ protected function _connect()
             : $this->_params['admin'];
 
         try {
-            $this->_sieve = new ManageSieve([
-                'user'       => $auth,
-                'password'   => $this->_params['password'],
-                'host'       => $this->_params['hostspec'],
-                'port'       => $this->_params['port'],
-                'authmethod' => $this->_params['logintype'],
-                'euser'      => $this->_params['euser'],
-                'secure'     => $this->_params['usetls'],
-                'logger'     => $this->_params['debug']
-                    ? $injector->getInstance('Horde_Log_Logger')
-                    : null,
-            ]);
+            // Check if we have XOAUTH2 token
+            if (isset($this->_params['xoauth2_token']) &&
+                $this->_params['xoauth2_token'] instanceof \Horde\ManageSieve\Password\Xoauth2) {
+                // XOAUTH2 authentication - pass token directly
+                $authMethod = \Horde\ManageSieve\Client::AUTH_XOAUTH2;
+
+                $this->_sieve = new ManageSieve([
+                    'user'         => $auth,
+                    'xoauth2_token' => $this->_params['xoauth2_token'],
+                    'host'         => $this->_params['hostspec'],
+                    'port'         => $this->_params['port'],
+                    'authmethod'   => $authMethod,
+                    'euser'        => $this->_params['euser'],
+                    'secure'       => $this->_params['usetls'],
+                    'logger'       => $this->_params['debug']
+                        ? $injector->getInstance('Horde_Log_Logger')
+                        : null,
+                ]);
+            } else {
+                // Normal password authentication
+                $this->_sieve = new ManageSieve([
+                    'user'       => $auth,
+                    'password'   => $this->_params['password'],
+                    'host'       => $this->_params['hostspec'],
+                    'port'       => $this->_params['port'],
+                    'authmethod' => $this->_params['logintype'],
+                    'euser'      => $this->_params['euser'],
+                    'secure'     => $this->_params['usetls'],
+                    'logger'     => $this->_params['debug']
+                        ? $injector->getInstance('Horde_Log_Logger')
+                        : null,
+                ]);
+            }
         } catch (ManageSieveException $e) {
             throw new Ingo_Exception($e);
         }