By default, the only IMAP authentication mechanism is a commandLOGIN that uses an unencrypted username and password. You can add an encryption layer on top of it by connecting via IMAP or by launching the TLS layer using the command STARTTLS, but this still requires the client to know the plaintext password.
The server may also provide SASL authentication methods invoked through the commandAUTHENTICATE . The server reports which SASL mechanisms it supports in response to the command CAPABILITY. For example, if the server includes the " AUTH=PLAIN" capability , the client can use the PLAINSASL authentication method using the AUTHENTICATE PLAINIMAP command .
Gmail only supports one SASL authentication mechanism XOAUTH:
C: 1 capability
S: * CAPABILITY IMAP4rev1 UNSELECT IDLE NAMESPACE QUOTA XLIST CHILDREN XYZZY
SASL-IR AUTH=XOAUTH
S: 1 OK Thats all she wrote! dv32if2169247ibb.17
XOAUTH - SASL OAuth. ( "X" , .) Google , SASL. google-mail-xoauth-tools, , , JavaMail Gmail XOAUTH.