diff --git a/lib/Horde/Imap/Client/Socket/Pop3.php b/lib/Horde/Imap/Client/Socket/Pop3.php
index 68382428..d5d02f59 100644
--- a/lib/Horde/Imap/Client/Socket/Pop3.php
+++ b/lib/Horde/Imap/Client/Socket/Pop3.php
@@ -270,6 +270,12 @@ protected function _login()
             $auth_mech = array($this->_init['authmethod']);
         }
 
+        // Always try XOAUTH2 first when defined
+        if (in_array('XOAUTH2', $auth_mech) && $this->getParam('xoauth2_token')) {
+            $auth_mech = array_diff($auth_mech, ['XOAUTH2']);
+            array_unshift($auth_mech, 'XOAUTH2');
+        }
+
         foreach ($auth_mech as $method) {
             try {
                 $this->_tryLogin($method);
@@ -405,6 +411,18 @@ protected function _tryLogin($method)
             ));
             break;
 
+        case 'XOAUTH2':
+            if (!($xoauth2_token = $this->getParam('xoauth2_token')))
+                throw new Horde_Imap_Client_Exception("Expected an XOAUTH2 token");
+
+            /* @var Horde_Imap_Client_Password_Xoauth2 $xoauth2_token */
+
+            $this->_sendLine('AUTH XOAUTH2');
+            $this->_sendLine($xoauth2_token->getPassword(), array(
+                'debug' => sprintf('AUTH XOAUTH2 [Auth Response (username: %s)]', $xoauth2_token->username)
+            ));
+            break;
+
         case 'APOP':
             /* If UTF8 (+ USER) is active, and non-ASCII exists, need to apply
              * SASLprep to username/password. RFC 6856[2.2]. Reject if