diff --git a/plugins/nextcloud/index.php b/plugins/nextcloud/index.php
index 65776de47..5bdb3b0b7 100644
--- a/plugins/nextcloud/index.php
+++ b/plugins/nextcloud/index.php
@@ -4,8 +4,8 @@ class NextcloudPlugin extends \RainLoop\Plugins\AbstractPlugin
 {
 	const
 		NAME = 'Nextcloud',
-		VERSION = '2.22',
-		RELEASE  = '2023-03-28',
+		VERSION = '2.23',
+		RELEASE  = '2023-04-11',
 		CATEGORY = 'Integrations',
 		DESCRIPTION = 'Integrate with Nextcloud v20+',
 		REQUIRED = '2.27.0';
@@ -34,6 +34,9 @@ class NextcloudPlugin extends \RainLoop\Plugins\AbstractPlugin
 			$this->addTemplate('templates/PopupsNextcloudFiles.html');
 			$this->addTemplate('templates/PopupsNextcloudCalendars.html');
 
+			$this->addHook('imap.before-login', 'oidcLogin');
+			$this->addHook('smtp.before-login', 'oidcLogin');
+			$this->addHook('sieve.before-login', 'oidcLogin');
 		} else {
 			// \OC::$server->getConfig()->getAppValue('snappymail', 'snappymail-no-embed');
 			$this->addHook('main.content-security-policy', 'ContentSecurityPolicy');
@@ -62,6 +65,20 @@ class NextcloudPlugin extends \RainLoop\Plugins\AbstractPlugin
 		return static::IsIntegrated() && \OC::$server->getUserSession()->isLoggedIn();
 	}
 
+	public function oidcLogin(\RainLoop\Model\Account $oAccount, \MailSo\Net\NetClient $oClient, \MailSo\Net\ConnectSettings $oSettings) : void
+	{
+		if ($this->Config()->Get('plugin', 'oidc', false)
+		 && \OC::$server->getSession()->get('is_oidc')
+//		 && $oClient->supportsAuthType('OAUTHBEARER') // v2.28
+		) {
+			$sAccessToken = \OC::$server->getSession()->get('oidc_access_token');
+			if ($sAccessToken) {
+				$oSettings->Password = $sAccessToken;
+				\array_unshift($oSettings->SASLMechanisms, 'OAUTHBEARER');
+			}
+		}
+	}
+
 	/*
 	\OC::$server->getCalendarManager();
 	\OC::$server->getLDAPProvider();
@@ -254,6 +271,9 @@ class NextcloudPlugin extends \RainLoop\Plugins\AbstractPlugin
 				->SetType(\RainLoop\Enumerations\PluginPropertyType::BOOL)
 				->SetDefaultValue(true),
 			\RainLoop\Plugins\Property::NewInstance('calendar')->SetLabel('Enable "Put ICS in calendar"')
+				->SetType(\RainLoop\Enumerations\PluginPropertyType::BOOL)
+				->SetDefaultValue(false),
+			\RainLoop\Plugins\Property::NewInstance('oidc')->SetLabel('Login with OIDC')
 				->SetType(\RainLoop\Enumerations\PluginPropertyType::BOOL)
 				->SetDefaultValue(false)
 		);
diff --git a/snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php b/snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php
index 9349dd732..d95388128 100644
--- a/snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php
+++ b/snappymail/v/0.0.0/app/libraries/MailSo/Imap/ImapClient.php
@@ -94,6 +94,11 @@ class ImapClient extends \MailSo\Net\NetClient
 		}
 	}
 
+	public function supportsAuthType(string $sasl_type) : bool
+	{
+		return $this->hasCapability("AUTH={$sasl_type}");
+	}
+
 	/**
 	 * @throws \InvalidArgumentException
 	 * @throws \MailSo\RuntimeException
diff --git a/snappymail/v/0.0.0/app/libraries/MailSo/Net/NetClient.php b/snappymail/v/0.0.0/app/libraries/MailSo/Net/NetClient.php
index 2cc5a8ea1..c6416b55f 100644
--- a/snappymail/v/0.0.0/app/libraries/MailSo/Net/NetClient.php
+++ b/snappymail/v/0.0.0/app/libraries/MailSo/Net/NetClient.php
@@ -195,6 +195,7 @@ abstract class NetClient
 		}
 	}
 
+	abstract public function supportsAuthType(string $sasl_type) : bool;
 //	abstract public function Login(ConnectSettings $oSettings) : self;
 	abstract public function Logout() : void;
 
diff --git a/snappymail/v/0.0.0/app/libraries/MailSo/Sieve/SieveClient.php b/snappymail/v/0.0.0/app/libraries/MailSo/Sieve/SieveClient.php
index bfd074511..7dadb322e 100644
--- a/snappymail/v/0.0.0/app/libraries/MailSo/Sieve/SieveClient.php
+++ b/snappymail/v/0.0.0/app/libraries/MailSo/Sieve/SieveClient.php
@@ -70,6 +70,11 @@ class SieveClient extends \MailSo\Net\NetClient
 		}
 	}
 
+	public function supportsAuthType(string $sasl_type) : bool
+	{
+		return \in_array(\strtoupper($sasl_type), $this->aAuth);
+	}
+
 	/**
 	 * @throws \InvalidArgumentException
 	 * @throws \MailSo\RuntimeException
diff --git a/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php b/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php
index 6e3cd2fe2..6ca0fc84f 100644
--- a/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php
+++ b/snappymail/v/0.0.0/app/libraries/MailSo/Smtp/SmtpClient.php
@@ -102,6 +102,11 @@ class SmtpClient extends \MailSo\Net\NetClient
 		}
 	}
 
+	public function supportsAuthType(string $sasl_type) : bool
+	{
+		return \in_array(\strtoupper($sasl_type), $this->aAuthTypes);
+	}
+
 	/**
 	 * @throws \InvalidArgumentException
 	 * @throws \MailSo\RuntimeException