This is more or less a follow-up to JENKINS-69414.

While OAuth2 authentication may work for generic providers such as GMail, it does not work for Office365, as instead of using the client secret as a password, one has to first request an access token from "https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token" using the client_credentials flow, then use that token as the password.

Without this, as in, using the client secret as a password, authentication always fails:

14:40:44 DEBUG SMTP: AUTH XOAUTH2 failed
14:40:44 AuthenticationFailedException message: 535 5.7.3 Authentication unsuccessful [VI1PR0102CA0059.eurprd01.prod.exchangelabs.com 2024-07-19T12:40:44.173Z 08DCA6EA4C774BA8] 

If, however, you retrieve an access token using the aforementioned API, authentication succeeds and the e-mail gets delivered:

354 Start mail input; end with <CRLF>.<CRLF>

------=_Part_33_1071535181.1721393717667--
.
250 2.0.0 OK <1621590247.34.1721393718389@c427e035ed5b> [Hostname=AM9PR03MB6802.eurprd03.prod.outlook.com]
DEBUG SMTP: message successfully delivered to mail server
QUIT 

Example call:

While one could simply call the API manually and configure the provided access token, this becomes quite tedious, as the token is only valid for an hour. I therefore request some sort of mechanism / configuration option in the plugin so it retrieves the token by itself.

Relevant SO entry: https://stackoverflow.com/questions/73449562/jenkins-email-extension-plugin-and-oauth-2-0-query