Modern corporate OAuth2 email authentication on NixOS

I like to use mbsync and msmtp with mu and Emacs to manage my email. These tools are mostly designed around basic IMAP and SMTP password authentication, but they are growing support for OAuth2.

My university, which uses Microsoft 365, recently disabled “basic authentication” in favor of “modern authentication”, which means I can’t use an app password and legacy email authentication anymore.

There are various guides on setting up Oauth2 with these email tools, but they all seem to depend on different scripts and packages for dealing with the tokens, and most of these tools don’t seem to be available yet on Nix.

I was wondering if anyone else has been forced to migrate already and can point me in the right direction on NixOS. Thanks for any info you can provide!