diff --git a/app/core/src/main/java/com/fsck/k9/controller/MessagingController.java b/app/core/src/main/java/com/fsck/k9/controller/MessagingController.java
index 2f0e3af21..8b4b081dc 100644
--- a/app/core/src/main/java/com/fsck/k9/controller/MessagingController.java
+++ b/app/core/src/main/java/com/fsck/k9/controller/MessagingController.java
@@ -53,6 +53,7 @@ import com.fsck.k9.controller.MessagingControllerCommands.PendingReplace;
 import com.fsck.k9.controller.MessagingControllerCommands.PendingSetFlag;
 import com.fsck.k9.controller.ProgressBodyFactory.ProgressListener;
 import com.fsck.k9.helper.MutableBoolean;
+import com.fsck.k9.mail.AuthType;
 import com.fsck.k9.mail.AuthenticationFailedException;
 import com.fsck.k9.mail.CertificateValidationException;
 import com.fsck.k9.mail.FetchProfile;
@@ -378,8 +379,8 @@ public class MessagingController {
 
     public void refreshFolderListSynchronous(Account account) {
         try {
-            ServerSettings serverSettings = account.getIncomingServerSettings();
-            if (serverSettings.isMissingCredentials()) {
+            if (isAuthenticationProblem(account, true)) {
+                Timber.d("Authentication will fail. Skip refreshing the folder list.");
                 handleAuthenticationFailure(account, true);
                 return;
             }
@@ -596,8 +597,8 @@ public class MessagingController {
 
     private void syncFolder(Account account, long folderId, boolean notify, MessagingListener listener, Backend backend,
             NotificationState notificationState) {
-        ServerSettings serverSettings = account.getIncomingServerSettings();
-        if (serverSettings.isMissingCredentials()) {
+        if (isAuthenticationProblem(account, true)) {
+            Timber.d("Authentication will fail. Skip synchronizing folder %d.", folderId);
             handleAuthenticationFailure(account, true);
             return;
         }
@@ -1486,8 +1487,8 @@ public class MessagingController {
         Exception lastFailure = null;
         boolean wasPermanentFailure = false;
         try {
-            ServerSettings serverSettings = account.getOutgoingServerSettings();
-            if (serverSettings.isMissingCredentials()) {
+            if (isAuthenticationProblem(account, false)) {
+                Timber.d("Authentication will fail. Skip sending messages.");
                 handleAuthenticationFailure(account, false);
                 return;
             }
@@ -2546,6 +2547,14 @@ public class MessagingController {
         notificationController.showCertificateErrorNotification(account, incoming);
     }
 
+    private boolean isAuthenticationProblem(Account account, boolean incoming) {
+        ServerSettings serverSettings = incoming ?
+                account.getIncomingServerSettings() : account.getOutgoingServerSettings();
+
+        return serverSettings.isMissingCredentials() ||
+                serverSettings.authenticationType == AuthType.XOAUTH2 && account.getOAuthState() == null;
+    }
+
     private void actOnMessagesGroupedByAccountAndFolder(List<MessageReference> messages, MessageActor actor) {
         Map<String, Map<Long, List<MessageReference>>> accountMap = groupMessagesByAccountAndFolder(messages);
 
diff --git a/app/core/src/main/java/com/fsck/k9/job/MailSyncWorker.kt b/app/core/src/main/java/com/fsck/k9/job/MailSyncWorker.kt
index 193c24a5c..d580c9da6 100644
--- a/app/core/src/main/java/com/fsck/k9/job/MailSyncWorker.kt
+++ b/app/core/src/main/java/com/fsck/k9/job/MailSyncWorker.kt
@@ -8,6 +8,7 @@ import com.fsck.k9.Account
 import com.fsck.k9.K9
 import com.fsck.k9.Preferences
 import com.fsck.k9.controller.MessagingController
+import com.fsck.k9.mail.AuthType
 import timber.log.Timber
 
 class MailSyncWorker(
@@ -44,6 +45,11 @@ class MailSyncWorker(
             return Result.success()
         }
 
+        if (account.incomingServerSettings.authenticationType == AuthType.XOAUTH2 && account.oAuthState == null) {
+            Timber.d("Account requires sign-in. Skipping mail sync.")
+            return Result.success()
+        }
+
         val success = messagingController.performPeriodicMailSync(account)
 
         return if (success) Result.success() else Result.retry()
diff --git a/app/k9mail/src/main/java/com/fsck/k9/backends/RealOAuth2TokenProvider.kt b/app/k9mail/src/main/java/com/fsck/k9/backends/RealOAuth2TokenProvider.kt
index a28289720..3fc93963c 100644
--- a/app/k9mail/src/main/java/com/fsck/k9/backends/RealOAuth2TokenProvider.kt
+++ b/app/k9mail/src/main/java/com/fsck/k9/backends/RealOAuth2TokenProvider.kt
@@ -42,7 +42,10 @@ class RealOAuth2TokenProvider(
 
         latch.await(timeoutMillis, TimeUnit.MILLISECONDS)
 
-        if (exception != null || token != oldAccessToken) {
+        if (exception != null) {
+            account.oAuthState = null
+            accountManager.saveAccount(account)
+        } else if (token != oldAccessToken) {
             requestFreshToken = false
             account.oAuthState = authState.jsonSerializeString()
             accountManager.saveAccount(account)