After a recent upgrade to Kmail2 5.6.0 I have witnessed that the IMAP akonadi resource had requested to use OAUTH2 without any action from the user - I expected an option to enable OAUTH2 or to switch out of username / password not just a popup that asks for a username /password.
There is no clear way to revoke the persmission from the client side.
All connection settings are grayed out in kmail.
I can confirm that as of 5.7.2 this bug still exists. Whenever the user's IMAP server is "imap.google.com" it forces all the other server settings to be disabled and repeatedly tries to do Google OAuth without asking.
This has been relaxed in recent versions. IMAP will still prefer XOAUTH authentication if it's supported by the server (Gmail), but allows users to choose alternative authentication methods if they wish.