diff --git a/README.md b/README.md
index 1579805..1b675ec 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,12 @@ given by an absolute path)
 Using the latest (>0.12) version of nodejs, one can write myconfig.js as
 follows.  Assuming the script ~/getpass.sh prints out your password.
 (execSync is a v0.12 feature)
+
+You can also use xoauth2 instead of password based authentication by setting
+the exports.xoauth2 option to the output of a tool which can provide xoauth2
+encoded tokens. Examples: [Google oauth2l](https://github.com/google/oauth2l) or
+[xoauth2 fetcher for O365](https://github.com/harishkrupo/oauth2ms)
+
 ```javascript
     var child_process = require('child_process');
 
@@ -80,6 +86,8 @@ follows.  Assuming the script ~/getpass.sh prints out your password.
     exports.tlsOptions = { "rejectUnauthorized": false };
     exports.username = "<user>";
     exports.password = getStdout("~/getpass.sh");
+    // use xoauth2 token (tool from: https://github.com/harishkrupo/oauth2ms)
+    // exports.xoauth2 = getStdout("oauth2ms --encode-xoauth2");
     exports.onNotify = "<sync command>"
     exports.onNotifyPost = "<command>"
     exports.boxes = [ "box1", "box2", "some/other/box" ];
diff --git a/bin/imapnotify b/bin/imapnotify
index 5ee657c..864d441 100755
--- a/bin/imapnotify
+++ b/bin/imapnotify
@@ -128,6 +128,7 @@ Notifier.prototype.create_connection = function(debug) {
   var connection = new Imap({
     user: self.config.username,
     password: self.config.password,
+    xoauth2: self.config.xoauth2,
     host: self.config.host,
     port: self.config.port,
     tls: self.config.tls || false,
diff --git a/package.json b/package.json
index 0cc42b0..1c00815 100644
--- a/package.json
+++ b/package.json
@@ -25,6 +25,6 @@
     "notify",
     "mail",
     "email"
-    ],
-    "license": "MIT"
+  ],
+  "license": "MIT"
 }